{"id":19606,"name":"jws","ecosystem":"npm","repository_url":"https://github.com/brianloveswords/node-jws","issues_count":2186,"created_at":"2025-06-07T01:46:31.840Z","updated_at":"2025-06-07T01:46:31.840Z","purl":"pkg:npm/jws","metadata":{"id":1916769,"name":"jws","ecosystem":"npm","description":"Implementation of JSON Web Signatures","homepage":"https://github.com/brianloveswords/node-jws#readme","licenses":"MIT","normalized_licenses":["MIT"],"repository_url":"https://github.com/brianloveswords/node-jws","keywords_array":["jws","json","web","signatures"],"namespace":null,"versions_count":23,"first_release_published_at":"2013-01-16T20:17:39.718Z","latest_release_published_at":"2019-12-16T17:22:34.743Z","latest_release_number":"4.0.0","last_synced_at":"2025-05-07T11:30:20.996Z","created_at":"2022-04-09T18:18:37.821Z","updated_at":"2025-05-07T11:30:58.666Z","registry_url":"https://www.npmjs.com/package/jws","install_command":"npm install jws","documentation_url":null,"metadata":{"funding":null,"dist-tags":{"latest":"4.0.0"}},"repo_metadata":{"id":6394403,"uuid":"7632329","full_name":"auth0/node-jws","owner":"auth0","description":"JSON Web Signatures","archived":false,"fork":false,"pushed_at":"2024-05-26T12:21:16.000Z","size":87,"stargazers_count":718,"open_issues_count":28,"forks_count":107,"subscribers_count":23,"default_branch":"master","last_synced_at":"2025-05-03T01:48:14.908Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"http://self-issued.info/docs/draft-ietf-jose-json-web-signature.html","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/auth0.png","metadata":{"files":{"readme":"readme.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2013-01-15T20:08:01.000Z","updated_at":"2025-03-20T05:52:10.000Z","dependencies_parsed_at":"2024-06-18T11:11:12.594Z","dependency_job_id":"d4c2b623-006e-4c78-9169-2cbe586e2a18","html_url":"https://github.com/auth0/node-jws","commit_stats":{"total_commits":91,"total_committers":19,"mean_commits":"4.7894736842105265","dds":0.6043956043956045,"last_synced_commit":"b9fb8d30e9c009ade6379f308590f1b0703eefc3"},"previous_names":["brianloveswords/node-jws"],"tags_count":22,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/auth0%2Fnode-jws","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/auth0%2Fnode-jws/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/auth0%2Fnode-jws/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/auth0%2Fnode-jws/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/auth0","download_url":"https://codeload.github.com/auth0/node-jws/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252868590,"owners_count":21816892,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"auth0","name":"Auth0","uuid":"2824157","kind":"organization","description":"","email":"hello@auth0.com","website":"https://auth0.com","location":"Seattle","twitter":null,"company":null,"icon_url":"https://avatars.githubusercontent.com/u/2824157?v=4","repositories_count":350,"last_synced_at":"2025-03-21T17:50:46.801Z","metadata":{"has_sponsors_listing":false},"html_url":"https://github.com/auth0","funding_links":[],"total_stars":61314,"followers":1493,"following":0,"created_at":"2022-11-02T16:20:26.668Z","updated_at":"2025-03-21T17:50:46.801Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/auth0","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/auth0/repositories"},"tags":[{"name":"v4.0.0","sha":"1389f6d3d018b2da4af0167f48e44f90d811ae87","kind":"tag","published_at":"2019-12-16T17:21:55.000Z","download_url":"https://codeload.github.com/auth0/node-jws/tar.gz/v4.0.0","html_url":"https://github.com/auth0/node-jws/releases/tag/v4.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/auth0%2Fnode-jws/tags/v4.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/auth0%2Fnode-jws/tags/v4.0.0/manifests"},{"name":"v3.2.2","sha":"7d4a0717a74edc59c3154a8f11d701af376060f6","kind":"tag","published_at":"2019-03-16T15:24:35.000Z","download_url":"https://codeload.github.com/auth0/node-jws/tar.gz/v3.2.2","html_url":"https://github.com/auth0/node-jws/releases/tag/v3.2.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/auth0%2Fnode-jws/tags/v3.2.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/auth0%2Fnode-jws/tags/v3.2.2/manifests"},{"name":"v3.2.1","sha":"37e67a8a3d99806c035e5377474e6db0b6322ffb","kind":"tag","published_at":"2019-01-27T13:51:01.000Z","download_url":"https://codeload.github.com/auth0/node-jws/tar.gz/v3.2.1","html_url":"https://github.com/auth0/node-jws/releases/tag/v3.2.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/auth0%2Fnode-jws/tags/v3.2.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/auth0%2Fnode-jws/tags/v3.2.1/manifests"},{"name":"v3.2.0","sha":"5cdc5ce8a995f957a06cb29c6e483d3c9a56bb22","kind":"tag","published_at":"2019-01-25T21:11:37.000Z","download_url":"https://codeload.github.com/auth0/node-jws/tar.gz/v3.2.0","html_url":"https://github.com/auth0/node-jws/releases/tag/v3.2.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/auth0%2Fnode-jws/tags/v3.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/auth0%2Fnode-jws/tags/v3.2.0/manifests"},{"name":"v3.1.5","sha":"073539696f78cb04f54416d239c68a1ecc81296c","kind":"tag","published_at":"2018-05-14T14:47:32.000Z","download_url":"https://codeload.github.com/auth0/node-jws/tar.gz/v3.1.5","html_url":"https://github.com/auth0/node-jws/releases/tag/v3.1.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/auth0%2Fnode-jws/tags/v3.1.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/auth0%2Fnode-jws/tags/v3.1.5/manifests"},{"name":"v3.1.4","sha":"226378cbbeef4757f1b6920a947ae4caa481e7e3","kind":"tag","published_at":"2016-11-03T19:47:06.000Z","download_url":"https://codeload.github.com/auth0/node-jws/tar.gz/v3.1.4","html_url":"https://github.com/auth0/node-jws/releases/tag/v3.1.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/auth0%2Fnode-jws/tags/v3.1.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/auth0%2Fnode-jws/tags/v3.1.4/manifests"},{"name":"v3.1.3","sha":"d3ce949c2a4091664a3415cfdebe648b9088fe4c","kind":"tag","published_at":"2016-02-18T15:39:42.000Z","download_url":"https://codeload.github.com/auth0/node-jws/tar.gz/v3.1.3","html_url":"https://github.com/auth0/node-jws/releases/tag/v3.1.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/auth0%2Fnode-jws/tags/v3.1.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/auth0%2Fnode-jws/tags/v3.1.3/manifests"},{"name":"v3.1.2","sha":"5123696db0243f78e9d0bd198a06c411bf45663a","kind":"tag","published_at":"2016-02-18T14:26:26.000Z","download_url":"https://codeload.github.com/auth0/node-jws/tar.gz/v3.1.2","html_url":"https://github.com/auth0/node-jws/releases/tag/v3.1.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/auth0%2Fnode-jws/tags/v3.1.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/auth0%2Fnode-jws/tags/v3.1.2/manifests"},{"name":"v3.1.1","sha":"7400d461134930d941d6c3a60c07015666727505","kind":"tag","published_at":"2016-01-17T20:42:39.000Z","download_url":"https://codeload.github.com/auth0/node-jws/tar.gz/v3.1.1","html_url":"https://github.com/auth0/node-jws/releases/tag/v3.1.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/auth0%2Fnode-jws/tags/v3.1.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/auth0%2Fnode-jws/tags/v3.1.1/manifests"},{"name":"v3.1.0","sha":"feabc0578fbdd1b6c9c6f87029f630f3d3595542","kind":"tag","published_at":"2015-07-16T17:22:45.000Z","download_url":"https://codeload.github.com/auth0/node-jws/tar.gz/v3.1.0","html_url":"https://github.com/auth0/node-jws/releases/tag/v3.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/auth0%2Fnode-jws/tags/v3.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/auth0%2Fnode-jws/tags/v3.1.0/manifests"},{"name":"v3.0.0","sha":"585d0e1e97b6747c10cf5b7689ccc5618a89b299","kind":"tag","published_at":"2015-04-08T15:21:39.000Z","download_url":"https://codeload.github.com/auth0/node-jws/tar.gz/v3.0.0","html_url":"https://github.com/auth0/node-jws/releases/tag/v3.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/auth0%2Fnode-jws/tags/v3.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/auth0%2Fnode-jws/tags/v3.0.0/manifests"},{"name":"v2.0.0","sha":"8e270b28763ea840a7d1966486fa8626782a80f8","kind":"tag","published_at":"2015-01-30T15:36:27.000Z","download_url":"https://codeload.github.com/auth0/node-jws/tar.gz/v2.0.0","html_url":"https://github.com/auth0/node-jws/releases/tag/v2.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/auth0%2Fnode-jws/tags/v2.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/auth0%2Fnode-jws/tags/v2.0.0/manifests"},{"name":"v1.0.1","sha":"d72fc3f24d0f551500f9a360f91e3781f8a28659","kind":"tag","published_at":"2015-01-11T16:17:50.000Z","download_url":"https://codeload.github.com/auth0/node-jws/tar.gz/v1.0.1","html_url":"https://github.com/auth0/node-jws/releases/tag/v1.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/auth0%2Fnode-jws/tags/v1.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/auth0%2Fnode-jws/tags/v1.0.1/manifests"},{"name":"v1.0.0","sha":"209d095e87d449f1ec217f66371f0597dff63b5d","kind":"tag","published_at":"2014-12-07T19:38:49.000Z","download_url":"https://codeload.github.com/auth0/node-jws/tar.gz/v1.0.0","html_url":"https://github.com/auth0/node-jws/releases/tag/v1.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/auth0%2Fnode-jws/tags/v1.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/auth0%2Fnode-jws/tags/v1.0.0/manifests"},{"name":"v0.2.6","sha":"ac2ef4698f0a7307f15a15ab8e7980074499f3f9","kind":"tag","published_at":"2014-08-07T17:40:23.000Z","download_url":"https://codeload.github.com/auth0/node-jws/tar.gz/v0.2.6","html_url":"https://github.com/auth0/node-jws/releases/tag/v0.2.6","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/auth0%2Fnode-jws/tags/v0.2.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/auth0%2Fnode-jws/tags/v0.2.6/manifests"},{"name":"v0.2.5","sha":"72a2a357933a8b9f3a8c75ef7203dd6e1391bccf","kind":"tag","published_at":"2014-01-30T14:58:33.000Z","download_url":"https://codeload.github.com/auth0/node-jws/tar.gz/v0.2.5","html_url":"https://github.com/auth0/node-jws/releases/tag/v0.2.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/auth0%2Fnode-jws/tags/v0.2.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/auth0%2Fnode-jws/tags/v0.2.5/manifests"},{"name":"v0.2.4","sha":"b38b3dc3b95286c1e8af14a55d210044e551449c","kind":"tag","published_at":"2014-01-28T19:40:32.000Z","download_url":"https://codeload.github.com/auth0/node-jws/tar.gz/v0.2.4","html_url":"https://github.com/auth0/node-jws/releases/tag/v0.2.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/auth0%2Fnode-jws/tags/v0.2.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/auth0%2Fnode-jws/tags/v0.2.4/manifests"},{"name":"v0.2.3","sha":"6ac8e3d39247cea4524f455b147814fab4094cc4","kind":"tag","published_at":"2013-11-06T02:13:24.000Z","download_url":"https://codeload.github.com/auth0/node-jws/tar.gz/v0.2.3","html_url":"https://github.com/auth0/node-jws/releases/tag/v0.2.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/auth0%2Fnode-jws/tags/v0.2.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/auth0%2Fnode-jws/tags/v0.2.3/manifests"},{"name":"v0.2.2","sha":"771b45f82ea58c57e17138c2e77f9c7d5a982971","kind":"tag","published_at":"2013-03-12T22:27:02.000Z","download_url":"https://codeload.github.com/auth0/node-jws/tar.gz/v0.2.2","html_url":"https://github.com/auth0/node-jws/releases/tag/v0.2.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/auth0%2Fnode-jws/tags/v0.2.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/auth0%2Fnode-jws/tags/v0.2.2/manifests"},{"name":"v0.2.1","sha":"34ce33a2b5ed551bcb2528739adc16c0f334382e","kind":"tag","published_at":"2013-02-25T23:12:56.000Z","download_url":"https://codeload.github.com/auth0/node-jws/tar.gz/v0.2.1","html_url":"https://github.com/auth0/node-jws/releases/tag/v0.2.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/auth0%2Fnode-jws/tags/v0.2.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/auth0%2Fnode-jws/tags/v0.2.1/manifests"},{"name":"v0.2.0","sha":"c705cd04dc350fe4d595c713d084ca4966c6509b","kind":"tag","published_at":"2013-02-10T20:05:27.000Z","download_url":"https://codeload.github.com/auth0/node-jws/tar.gz/v0.2.0","html_url":"https://github.com/auth0/node-jws/releases/tag/v0.2.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/auth0%2Fnode-jws/tags/v0.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/auth0%2Fnode-jws/tags/v0.2.0/manifests"},{"name":"v0.1.0","sha":"16ac9362ee9af5b03ed49567a7ba09bf5fbe9545","kind":"tag","published_at":"2013-02-10T17:29:35.000Z","download_url":"https://codeload.github.com/auth0/node-jws/tar.gz/v0.1.0","html_url":"https://github.com/auth0/node-jws/releases/tag/v0.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/auth0%2Fnode-jws/tags/v0.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/auth0%2Fnode-jws/tags/v0.1.0/manifests"}]},"repo_metadata_updated_at":"2025-05-07T11:30:58.666Z","dependent_packages_count":374,"downloads":125207235,"downloads_period":"last-month","dependent_repos_count":730294,"rankings":{"downloads":0.018098065779487253,"dependent_repos_count":0.04232921285187185,"dependent_packages_count":0.14593447897831627,"stargazers_count":2.6759947912616733,"forks_count":2.867763100973517,"docker_downloads_count":0.021657443315543746,"average":0.9619628488600682},"purl":"pkg:npm/jws","advisories":[{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdqY3ctdjQ0Ny0ydzdx","url":"https://github.com/advisories/GHSA-gjcw-v447-2w7q","title":"Forgeable Public/Private Tokens in jws","description":"Affected versions of the `jws` package allow users to select what algorithm the server will use to verify a provided JWT. A malicious actor can use this behaviour to arbitrarily modify the contents of a JWT while still passing verification. For the common use case of the JWT as a bearer token, the end result is a complete authentication bypass with minimal effort.\n\n\n\n\n## Recommendation\n\nUpdate to version 3.0.0 or later.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2020-09-01T15:23:18.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":8.7,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N","references":["https://github.com/brianloveswords/node-jws/commit/585d0e1e97b6747c10cf5b7689ccc5618a89b299#diff-4ac32a78649ca5bdd8e0ba38b7006a1e","https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/","https://www.npmjs.com/advisories/88","https://nvd.nist.gov/vuln/detail/CVE-2016-1000223","https://snyk.io/vuln/npm:jws:20160726","https://github.com/advisories/GHSA-gjcw-v447-2w7q"],"source_kind":"github","identifiers":["GHSA-gjcw-v447-2w7q","CVE-2016-1000223"],"repository_url":"https://github.com/brianloveswords/node-jws","blast_radius":51.012430273180115,"packages":[{"versions":[{"first_patched_version":"3.0.0","vulnerable_version_range":"\u003c 3.0.0"}],"ecosystem":"npm","package_name":"jws"}],"created_at":"2022-12-21T16:13:22.454Z","updated_at":"2023-01-09T05:03:42.000Z"}],"docker_usage_url":"https://docker.ecosyste.ms/usage/npm/jws","docker_dependents_count":14895,"docker_downloads_count":3648942475,"usage_url":"https://repos.ecosyste.ms/usage/npm/jws","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/npm/jws/dependencies","status":null,"funding_links":[],"critical":true,"versions_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/jws/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/jws/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/jws/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/jws/related_packages","maintainers":[{"uuid":"panva","login":"panva","name":null,"email":"panva.ip@gmail.com","url":null,"packages_count":42,"html_url":"https://www.npmjs.com/~panva","role":null,"created_at":"2025-05-07T11:30:21.847Z","updated_at":"2025-05-07T11:30:21.847Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/maintainers/panva/packages"},{"uuid":"charlesrea","login":"charlesrea","name":null,"email":"charles.rea@auth0.com","url":null,"packages_count":97,"html_url":"https://www.npmjs.com/~charlesrea","role":null,"created_at":"2023-01-25T15:45:20.859Z","updated_at":"2023-01-25T15:45:20.859Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/maintainers/charlesrea/packages"},{"uuid":"julien.wollscheid","login":"julien.wollscheid","name":null,"email":"julien.wollscheid@auth0.com","url":null,"packages_count":96,"html_url":"https://www.npmjs.com/~julien.wollscheid","role":null,"created_at":"2023-01-25T13:56:41.069Z","updated_at":"2023-01-25T13:56:41.069Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/maintainers/julien.wollscheid/packages"},{"uuid":"omsmith","login":"omsmith","name":null,"email":"owen@omsmith.ca","url":null,"packages_count":9,"html_url":"https://www.npmjs.com/~omsmith","role":null,"created_at":"2022-11-10T11:11:05.348Z","updated_at":"2022-11-10T11:11:05.348Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/maintainers/omsmith/packages"},{"uuid":"stomlinson","login":"stomlinson","name":null,"email":"shane@shanetomlinson.com","url":null,"packages_count":88,"html_url":"https://www.npmjs.com/~stomlinson","role":null,"created_at":"2023-01-25T13:56:41.048Z","updated_at":"2023-01-25T13:56:41.048Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/maintainers/stomlinson/packages"},{"uuid":"texeira","login":"texeira","name":null,"email":"marcos.castany@hotmail.com","url":null,"packages_count":9,"html_url":"https://www.npmjs.com/~texeira","role":null,"created_at":"2023-01-25T13:56:41.058Z","updated_at":"2023-01-25T13:56:41.058Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/maintainers/texeira/packages"},{"uuid":"lozano.okta","login":"lozano.okta","name":null,"email":"david.lozano@okta.com","url":null,"packages_count":1,"html_url":"https://www.npmjs.com/~lozano.okta","role":null,"created_at":"2025-05-07T11:30:21.887Z","updated_at":"2025-05-07T11:30:21.887Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/maintainers/lozano.okta/packages"},{"uuid":"javierquevedo","login":"javierquevedo","name":null,"email":"jquevedo@gmail.com","url":null,"packages_count":1,"html_url":"https://www.npmjs.com/~javierquevedo","role":null,"created_at":"2025-05-07T11:30:21.928Z","updated_at":"2025-05-07T11:30:21.928Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/maintainers/javierquevedo/packages"}],"registry":{"name":"npmjs.org","url":"https://registry.npmjs.org","ecosystem":"npm","default":true,"packages_count":5000516,"maintainers_count":1011324,"namespaces_count":294820,"keywords_count":698862,"github":"npm","metadata":{"funded_packages_count":150062},"icon_url":"https://github.com/npm.png","created_at":"2022-04-04T15:19:23.081Z","updated_at":"2025-06-02T06:14:48.615Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/namespaces"}},"unique_repositories_count":1724,"unique_repositories_count_past_30_days":45,"recent_issues":[{"uuid":"4529953014","node_id":"PR_kwDOP9i2uc7fsrek","number":9,"state":"closed","title":"chore(deps): bump the npm_and_yarn group across 3 directories with 20 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-27T06:12:43.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-27T06:05:11.000Z","updated_at":"2026-05-27T06:12:45.000Z","time_to_close":452,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"npm_and_yarn","update_count":20,"packages":[{"name":"axios","old_version":"1.8.4","new_version":"1.15.2","repository_url":"https://github.com/axios/axios"},{"name":"postcss","old_version":"8.5.3","new_version":"8.5.10","repository_url":"https://github.com/postcss/postcss"},{"name":"ajv","old_version":"6.12.6","new_version":"6.15.0","repository_url":"https://github.com/ajv-validator/ajv"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"picomatch","old_version":"4.0.2","new_version":"4.0.4","repository_url":"https://github.com/micromatch/picomatch"},{"name":"@tootallnate/once","old_version":"2.0.0","new_version":"2.0.1","repository_url":"https://github.com/TooTallNate/once"},{"name":"minimatch","old_version":"3.1.2","new_version":"3.1.5","repository_url":"https://github.com/isaacs/minimatch"},{"name":"yaml","old_version":"1.10.2","new_version":"1.10.3","repository_url":"https://github.com/eemeli/yaml"},{"name":"fast-uri","old_version":"3.0.1","new_version":"3.1.2","repository_url":"https://github.com/fastify/fast-uri"},{"name":"fast-xml-parser","old_version":"4.5.0","new_version":"4.5.6","repository_url":"https://github.com/NaturalIntelligence/fast-xml-parser"},{"name":"flatted","old_version":"3.3.1","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"handlebars","old_version":"4.7.8","new_version":"4.7.9","repository_url":"https://github.com/handlebars-lang/handlebars.js"},{"name":"jws","old_version":"3.2.2","new_version":"3.2.3","repository_url":"https://github.com/brianloveswords/node-jws"},{"name":"node-forge","old_version":"1.3.1","new_version":"1.4.0","repository_url":"https://github.com/digitalbazaar/forge"},{"name":"path-to-regexp","old_version":"0.1.12","new_version":"0.1.13","repository_url":"https://github.com/pillarjs/path-to-regexp"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 14 updates in the /genkit/postcard-generator directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [axios](https://github.com/axios/axios) | `1.8.4` | `1.15.2` |\n| [postcss](https://github.com/postcss/postcss) | `8.5.3` | `8.5.10` |\n| [ajv](https://github.com/ajv-validator/ajv) | `6.12.6` | `6.15.0` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [picomatch](https://github.com/micromatch/picomatch) | `4.0.2` | `4.0.4` |\n| [@tootallnate/once](https://github.com/TooTallNate/once) | `2.0.0` | `2.0.1` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [yaml](https://github.com/eemeli/yaml) | `1.10.2` | `1.10.3` |\n| [fast-uri](https://github.com/fastify/fast-uri) | `3.0.1` | `3.1.2` |\n| [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) | `4.5.0` | `4.5.6` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.1` | `3.4.2` |\n| [handlebars](https://github.com/handlebars-lang/handlebars.js) | `4.7.8` | `4.7.9` |\n| [jws](https://github.com/brianloveswords/node-jws) | `3.2.2` | `3.2.3` |\n| [node-forge](https://github.com/digitalbazaar/forge) | `1.3.1` | `1.4.0` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `0.1.12` | `0.1.13` |\n\nBumps the npm_and_yarn group with 3 updates in the /vision/sample-apps/V-Start directory: [jws](https://github.com/brianloveswords/node-jws), [path-to-regexp](https://github.com/pillarjs/path-to-regexp) and [ws](https://github.com/websockets/ws).\nBumps the npm_and_yarn group with 6 updates in the /vision/use-cases/hey_llm directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [ajv](https://github.com/ajv-validator/ajv) | `6.12.6` | `6.15.0` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.1` | `3.4.2` |\n| [jws](https://github.com/brianloveswords/node-jws) | `4.0.0` | `4.0.1` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n\n\nUpdates `axios` from 1.8.4 to 1.15.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/releases\"\u003eaxios's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.15.2\u003c/h2\u003e\n\u003cp\u003eThis release delivers prototype-pollution hardening for the Node HTTP adapter, adds an opt-in \u003ccode\u003eallowedSocketPaths\u003c/code\u003e allowlist to mitigate SSRF via Unix domain sockets, fixes a keep-alive socket memory leak, and ships supply-chain hardening across CI and security docs.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution Hardening (HTTP Adapter):\u003c/strong\u003e Hardened the Node HTTP adapter and \u003ccode\u003eresolveConfig\u003c/code\u003e/\u003ccode\u003emergeConfig\u003c/code\u003e/validator paths to read only own properties and use null-prototype config objects, preventing polluted \u003ccode\u003eauth\u003c/code\u003e, \u003ccode\u003ebaseURL\u003c/code\u003e, \u003ccode\u003esocketPath\u003c/code\u003e, \u003ccode\u003ebeforeRedirect\u003c/code\u003e, and \u003ccode\u003einsecureHTTPParser\u003c/code\u003e from influencing requests. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10779\"\u003e#10779\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSSRF via \u003ccode\u003esocketPath\u003c/code\u003e:\u003c/strong\u003e Rejects non-string \u003ccode\u003esocketPath\u003c/code\u003e values and adds an opt-in \u003ccode\u003eallowedSocketPaths\u003c/code\u003e config option to restrict permitted Unix domain socket paths, returning \u003ccode\u003eAxiosError\u003c/code\u003e \u003ccode\u003eERR_BAD_OPTION_VALUE\u003c/code\u003e on mismatch. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10777\"\u003e#10777\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSupply-chain Hardening:\u003c/strong\u003e Added \u003ccode\u003e.npmrc\u003c/code\u003e with \u003ccode\u003eignore-scripts=true\u003c/code\u003e, lockfile lint CI, non-blocking reproducible build diff, scoped CODEOWNERS, expanded \u003ccode\u003eSECURITY.md\u003c/code\u003e/\u003ccode\u003eTHREATMODEL.md\u003c/code\u003e with provenance verification (\u003ccode\u003enpm audit signatures\u003c/code\u003e), 60-day resolution policy, and maintainer incident-response runbook. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10776\"\u003e#10776\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eallowedSocketPaths\u003c/code\u003e Config Option:\u003c/strong\u003e New request config option (and TypeScript types) to allowlist Unix domain socket paths used by the Node http adapter; backwards compatible when unset. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10777\"\u003e#10777\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eKeep-alive Socket Memory Leak:\u003c/strong\u003e Installs a single per-socket \u003ccode\u003eerror\u003c/code\u003e listener tracking the active request via \u003ccode\u003ekAxiosSocketListener\u003c/code\u003e/\u003ccode\u003ekAxiosCurrentReq\u003c/code\u003e, eliminating per-request listener accumulation, \u003ccode\u003eMaxListenersExceededWarning\u003c/code\u003e, and linear heap growth under concurrent or long-running keep-alive workloads (fixes \u003ca href=\"https://redirect.github.com/axios/axios/issues/10780\"\u003e#10780\u003c/a\u003e). (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10788\"\u003e#10788\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eChangelog:\u003c/strong\u003e Updated \u003ccode\u003eCHANGELOG.md\u003c/code\u003e with v1.15.1 release notes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10781\"\u003e#10781\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/axios/axios/compare/v1.15.1...v1.15.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.15.1\u003c/h2\u003e\n\u003cp\u003eThis release ships a coordinated set of security hardening fixes across headers, body/redirect limits, multipart handling, and XSRF/prototype-pollution vectors, alongside a broad sweep of bug fixes, test migrations, and threat-model documentation updates.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eHeader Injection Hardening:\u003c/strong\u003e Tightened validation and sanitisation across request header construction to close the header-injection attack surface. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10749\"\u003e#10749\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eCRLF Stripping in Multipart Headers:\u003c/strong\u003e Correctly strips CR/LF from multipart header values to prevent injection via field names and filenames. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10758\"\u003e#10758\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution / Auth Bypass:\u003c/strong\u003e Replaced unsafe \u003ccode\u003ein\u003c/code\u003e checks with \u003ccode\u003ehasOwnProperty\u003c/code\u003e to prevent authentication bypass via prototype pollution on config objects, with additional regression tests. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10761\"\u003e#10761\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10760\"\u003e#10760\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ewithXSRFToken\u003c/code\u003e Truthy Bypass:\u003c/strong\u003e Short-circuits on any truthy non-boolean value, so an ambiguous config no longer silently leaks the XSRF token cross-origin. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10762\"\u003e#10762\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003emaxBodyLength\u003c/code\u003e With Zero Redirects:\u003c/strong\u003e Enforces \u003ccode\u003emaxBodyLength\u003c/code\u003e even when \u003ccode\u003emaxRedirects\u003c/code\u003e is set to \u003ccode\u003e0\u003c/code\u003e, closing a bypass path for oversized request bodies. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10753\"\u003e#10753\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eStreamed Response \u003ccode\u003emaxContentLength\u003c/code\u003e Bypass:\u003c/strong\u003e Applies \u003ccode\u003emaxContentLength\u003c/code\u003e to streamed responses that previously bypassed the cap. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10754\"\u003e#10754\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eFollow-up CVE Completion:\u003c/strong\u003e Completes an earlier incomplete CVE fix to fully close the regression window. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10755\"\u003e#10755\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eAI-Based Docs Translations:\u003c/strong\u003e Initial scaffold for AI-assisted translations of the documentation site. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10705\"\u003e#10705\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eLocation\u003c/code\u003e Request Header Type:\u003c/strong\u003e Adds \u003ccode\u003eLocation\u003c/code\u003e to \u003ccode\u003eCommonRequestHeadersList\u003c/code\u003e for accurate typing of redirect-aware requests. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7528\"\u003e#7528\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFormData Handling:\u003c/strong\u003e Removes \u003ccode\u003eContent-Type\u003c/code\u003e when no boundary is present on \u003ccode\u003eFormData\u003c/code\u003e fetch requests, supports multi-select fields, cancels \u003ccode\u003erequest.body\u003c/code\u003e instead of the source stream on fetch abort, and fixes a recursion bug in form-data serialisation. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7314\"\u003e#7314\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10676\"\u003e#10676\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10702\"\u003e#10702\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10726\"\u003e#10726\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP Adapter:\u003c/strong\u003e Handles socket-only request errors without leaking keep-alive listeners. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10576\"\u003e#10576\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProgress Events:\u003c/strong\u003e Clamps \u003ccode\u003eloaded\u003c/code\u003e to \u003ccode\u003etotal\u003c/code\u003e for computable upload/download progress events. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7458\"\u003e#7458\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTypes:\u003c/strong\u003e Aligns \u003ccode\u003erunWhen\u003c/code\u003e type with the runtime behaviour in \u003ccode\u003eInterceptorManager\u003c/code\u003e and makes response header keys case-insensitive. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7529\"\u003e#7529\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10677\"\u003e#10677\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ebuildFullPath\u003c/code\u003e:\u003c/strong\u003e Uses strict equality in the base/relative URL check. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7252\"\u003e#7252\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eAxiosURLSearchParams\u003c/code\u003e Regex:\u003c/strong\u003e Improves the regex used for param serialisation to avoid edge-case mismatches. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10736\"\u003e#10736\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eResilient Value Parsing:\u003c/strong\u003e Parses out header/config values instead of throwing on malformed input. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10687\"\u003e#10687\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/blob/v1.x/CHANGELOG.md\"\u003eaxios's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.15.2 - April 21, 2026\u003c/h2\u003e\n\u003cp\u003eThis release delivers prototype-pollution hardening for the Node HTTP adapter, adds an opt-in \u003ccode\u003eallowedSocketPaths\u003c/code\u003e allowlist to mitigate SSRF via Unix domain sockets, fixes a keep-alive socket memory leak, and ships supply-chain hardening across CI and security docs.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution Hardening (HTTP Adapter):\u003c/strong\u003e Hardened the Node HTTP adapter and \u003ccode\u003eresolveConfig\u003c/code\u003e/\u003ccode\u003emergeConfig\u003c/code\u003e/validator paths to read only own properties and use null-prototype config objects, preventing polluted \u003ccode\u003eauth\u003c/code\u003e, \u003ccode\u003ebaseURL\u003c/code\u003e, \u003ccode\u003esocketPath\u003c/code\u003e, \u003ccode\u003ebeforeRedirect\u003c/code\u003e, and \u003ccode\u003einsecureHTTPParser\u003c/code\u003e from influencing requests. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10779\"\u003e#10779\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSSRF via \u003ccode\u003esocketPath\u003c/code\u003e:\u003c/strong\u003e Rejects non-string \u003ccode\u003esocketPath\u003c/code\u003e values and adds an opt-in \u003ccode\u003eallowedSocketPaths\u003c/code\u003e config option to restrict permitted Unix domain socket paths, returning \u003ccode\u003eAxiosError\u003c/code\u003e \u003ccode\u003eERR_BAD_OPTION_VALUE\u003c/code\u003e on mismatch. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10777\"\u003e#10777\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSupply-chain Hardening:\u003c/strong\u003e Added \u003ccode\u003e.npmrc\u003c/code\u003e with \u003ccode\u003eignore-scripts=true\u003c/code\u003e, lockfile lint CI, non-blocking reproducible build diff, scoped CODEOWNERS, expanded \u003ccode\u003eSECURITY.md\u003c/code\u003e/\u003ccode\u003eTHREATMODEL.md\u003c/code\u003e with provenance verification (\u003ccode\u003enpm audit signatures\u003c/code\u003e), 60-day resolution policy, and maintainer incident-response runbook. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10776\"\u003e#10776\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eallowedSocketPaths\u003c/code\u003e Config Option:\u003c/strong\u003e New request config option (and TypeScript types) to allowlist Unix domain socket paths used by the Node http adapter; backwards compatible when unset. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10777\"\u003e#10777\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eKeep-alive Socket Memory Leak:\u003c/strong\u003e Installs a single per-socket \u003ccode\u003eerror\u003c/code\u003e listener tracking the active request via \u003ccode\u003ekAxiosSocketListener\u003c/code\u003e/\u003ccode\u003ekAxiosCurrentReq\u003c/code\u003e, eliminating per-request listener accumulation, \u003ccode\u003eMaxListenersExceededWarning\u003c/code\u003e, and linear heap growth under concurrent or long-running keep-alive workloads (fixes \u003ca href=\"https://redirect.github.com/axios/axios/issues/10780\"\u003e#10780\u003c/a\u003e). (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10788\"\u003e#10788\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eChangelog:\u003c/strong\u003e Updated \u003ccode\u003eCHANGELOG.md\u003c/code\u003e with v1.15.1 release notes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10781\"\u003e#10781\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/axios/axios/compare/v1.15.1...v1.15.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003chr /\u003e\n\u003ch2\u003ev1.15.1 - April 19, 2026\u003c/h2\u003e\n\u003cp\u003eThis release ships a coordinated set of security hardening fixes across headers, body/redirect limits, multipart handling, and XSRF/prototype-pollution vectors, alongside a broad sweep of bug fixes, test migrations, and threat-model documentation updates.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eHeader Injection Hardening:\u003c/strong\u003e Tightened validation and sanitisation across request header construction to close the header-injection attack surface. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10749\"\u003e#10749\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eCRLF Stripping in Multipart Headers:\u003c/strong\u003e Correctly strips CR/LF from multipart header values to prevent injection via field names and filenames. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10758\"\u003e#10758\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003ePrototype Pollution / Auth Bypass:\u003c/strong\u003e Replaced unsafe \u003ccode\u003ein\u003c/code\u003e checks with \u003ccode\u003ehasOwnProperty\u003c/code\u003e to prevent authentication bypass via prototype pollution on config objects, with additional regression tests. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10761\"\u003e#10761\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10760\"\u003e#10760\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003ewithXSRFToken\u003c/code\u003e Truthy Bypass:\u003c/strong\u003e Short-circuits on any truthy non-boolean value, so an ambiguous config no longer silently leaks the XSRF token cross-origin. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10762\"\u003e#10762\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003emaxBodyLength\u003c/code\u003e With Zero Redirects:\u003c/strong\u003e Enforces \u003ccode\u003emaxBodyLength\u003c/code\u003e even when \u003ccode\u003emaxRedirects\u003c/code\u003e is set to \u003ccode\u003e0\u003c/code\u003e, closing a bypass path for oversized request bodies. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10753\"\u003e#10753\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eStreamed Response \u003ccode\u003emaxContentLength\u003c/code\u003e Bypass:\u003c/strong\u003e Applies \u003ccode\u003emaxContentLength\u003c/code\u003e to streamed responses that previously bypassed the cap. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10754\"\u003e#10754\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eFollow-up CVE Completion:\u003c/strong\u003e Completes an earlier incomplete CVE fix to fully close the regression window. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10755\"\u003e#10755\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eAI-Based Docs Translations:\u003c/strong\u003e Initial scaffold for AI-assisted translations of the documentation site. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10705\"\u003e#10705\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/582934382e4e0e0bcb679c628071a4203e93cf57\"\u003e\u003ccode\u003e5829343\u003c/code\u003e\u003c/a\u003e chore(release): prepare release 1.15.2 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10789\"\u003e#10789\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/4709a48fa2717ba97f43f5432d48ca4e26c2d326\"\u003e\u003ccode\u003e4709a48\u003c/code\u003e\u003c/a\u003e fix: added fix for memory leak in sockets (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10788\"\u003e#10788\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/be3336014e01f9a4fc1f8aef15303cf7daaf58db\"\u003e\u003ccode\u003ebe33360\u003c/code\u003e\u003c/a\u003e chore: update changelog (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10781\"\u003e#10781\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/47915144662f2733e6c051bdcb895a8c8f0586aa\"\u003e\u003ccode\u003e4791514\u003c/code\u003e\u003c/a\u003e fix: more header pollutions (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10779\"\u003e#10779\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/6feafcff6c2dbafe206161c5d09e38e1d36af66f\"\u003e\u003ccode\u003e6feafcf\u003c/code\u003e\u003c/a\u003e fix: socket issue (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10777\"\u003e#10777\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/302e2739c602f00e323d4f3f5c79500647633a73\"\u003e\u003ccode\u003e302e273\u003c/code\u003e\u003c/a\u003e docs: update docs, add a couple actions etc (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10776\"\u003e#10776\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/ac42446be51300fe214ba3c6e40cc95f34fd6871\"\u003e\u003ccode\u003eac42446\u003c/code\u003e\u003c/a\u003e chore(release): prepare release 1.15.1 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10767\"\u003e#10767\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/908f2206b6bfeff67236784abce85935698ac1d9\"\u003e\u003ccode\u003e908f220\u003c/code\u003e\u003c/a\u003e docs: update threatmodel (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10765\"\u003e#10765\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/f93f8155250c2e066205521eda05ae22983a1f6d\"\u003e\u003ccode\u003ef93f815\u003c/code\u003e\u003c/a\u003e docs: added docs around potential decompressions bomb (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10763\"\u003e#10763\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/1728aa1b15b8857f970611fd8983c06b423fc486\"\u003e\u003ccode\u003e1728aa1\u003c/code\u003e\u003c/a\u003e fix: short-circuits on any truthy non-boolean in withXSRFToken (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10762\"\u003e#10762\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/axios/axios/compare/v1.8.4...v1.15.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for axios since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `next` from 14.2.26 to 15.4.7\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/f30d815859e932e09222e93bb6e8a376b918d874\"\u003e\u003ccode\u003ef30d815\u003c/code\u003e\u003c/a\u003e v15.4.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/1a026e338d2b8c977c8949a134168952338d6d01\"\u003e\u003ccode\u003e1a026e3\u003c/code\u003e\u003c/a\u003e fix router handling when setting a location response header (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/82588\"\u003e#82588\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/be4aafd4b744fbf6500b311b74c84243f70a3059\"\u003e\u003ccode\u003ebe4aafd\u003c/code\u003e\u003c/a\u003e v15.4.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/91e5b6b84f56c096dc2bb647eb384388e06489fd\"\u003e\u003ccode\u003e91e5b6b\u003c/code\u003e\u003c/a\u003e Backport \u0026quot;fix: add \u003ccode\u003e?dpl\u003c/code\u003e to fonts in \u003ccode\u003e/_next/static/media\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/82384\"\u003e#82384\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/82421\"\u003e#82421\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/f1629d939597cc46ccbe44fe66bda91eac31e219\"\u003e\u003ccode\u003ef1629d9\u003c/code\u003e\u003c/a\u003e Backport \u0026quot;[Pages] fix: \u003ccode\u003e_error\u003c/code\u003e page's \u003ccode\u003ereq.url\u003c/code\u003e can be overwritten t… (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/82377\"\u003e#82377\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/b9aab5dbe926c256d439bfecb226693dcd1a1be4\"\u003e\u003ccode\u003eb9aab5d\u003c/code\u003e\u003c/a\u003e v15.4.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/a8c93c49dd2d42a2ced8a17bc53b3fea11d25c96\"\u003e\u003ccode\u003ea8c93c4\u003c/code\u003e\u003c/a\u003e Disable test new tests jobs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/ed2a6c754831406f8cd724eb52a562bb124c1504\"\u003e\u003ccode\u003eed2a6c7\u003c/code\u003e\u003c/a\u003e [backport]: fix(next/image): improve and simplify detect-content-type (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/82118\"\u003e#82118\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/f00fcc9011e7d0ef027021fc8424f51b8ac97880\"\u003e\u003ccode\u003ef00fcc9\u003c/code\u003e\u003c/a\u003e [backport]: fix(next/image): fix image-optimizer.ts headers (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/82114\"\u003e#82114\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/82175\"\u003e#82175\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/55a7568e9d12459f8c5f5ae120fe2e228af284bb\"\u003e\u003ccode\u003e55a7568\u003c/code\u003e\u003c/a\u003e Backport: Turbopack: update mimalloc (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/81993\"\u003e#81993\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/82166\"\u003e#82166\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vercel/next.js/compare/v14.2.26...v15.4.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `postcss` from 8.5.3 to 8.5.10\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/releases\"\u003epostcss's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcessor#version\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map annotation cleaning performance (by CodeAnt AI).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eContainerWithChildren\u003c/code\u003e type discriminating (by \u003ca href=\"https://github.com/Goodwine\"\u003e\u003ccode\u003e@​Goodwine\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epackage.json\u003c/code\u003e→\u003ccode\u003eexports\u003c/code\u003e compatibility with some tools (by \u003ca href=\"https://github.com/JounQin\"\u003e\u003ccode\u003e@​JounQin\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed Parcel compatibility issue (by \u003ca href=\"https://github.com/git-sumitchaudhary\"\u003e\u003ccode\u003e@​git-sumitchaudhary\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/blob/main/CHANGELOG.md\"\u003epostcss's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcessor#version\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map annotation cleaning performance (by CodeAnt AI).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eContainerWithChildren\u003c/code\u003e type discriminating (by \u003ca href=\"https://github.com/Goodwine\"\u003e\u003ccode\u003e@​Goodwine\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epackage.json\u003c/code\u003e→\u003ccode\u003eexports\u003c/code\u003e compatibility with some tools (by \u003ca href=\"https://github.com/JounQin\"\u003e\u003ccode\u003e@​JounQin\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed Parcel compatibility issue (by \u003ca href=\"https://github.com/git-sumitchaudhary\"\u003e\u003ccode\u003e@​git-sumitchaudhary\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/33b9790263dc1562a46ce45d9532bd63e95b7986\"\u003e\u003ccode\u003e33b9790\u003c/code\u003e\u003c/a\u003e Release 8.5.10 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/536c79e4b01e58a3a56b09c3c0cf2323f4b9a28b\"\u003e\u003ccode\u003e536c79e\u003c/code\u003e\u003c/a\u003e Escape \u0026lt;/style\u0026gt; in CSS output (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2074\"\u003e#2074\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/afa96b2a139ce625c4d27973313479c7c85f39d4\"\u003e\u003ccode\u003eafa96b2\u003c/code\u003e\u003c/a\u003e Update dependencies (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2073\"\u003e#2073\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/effe88bb87cabdc1876e02adbdd30f392f19f40d\"\u003e\u003ccode\u003eeffe88b\u003c/code\u003e\u003c/a\u003e Typo (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2072\"\u003e#2072\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/3ee79a2c4a11e41d52db50b444eebe38299495ad\"\u003e\u003ccode\u003e3ee79a2\u003c/code\u003e\u003c/a\u003e Thread model (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2071\"\u003e#2071\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/2e0683daca4dc2919211b03774f6b2d137136c01\"\u003e\u003ccode\u003e2e0683d\u003c/code\u003e\u003c/a\u003e Create incident response docs (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/fe88ac29c06b7b218be32994cdc6ca1525bdf2c9\"\u003e\u003ccode\u003efe88ac2\u003c/code\u003e\u003c/a\u003e Release 8.5.9 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/c551632496b87ab3f1965bfda5dc386b6c71963e\"\u003e\u003ccode\u003ec551632\u003c/code\u003e\u003c/a\u003e Avoid RegExp when we can use simple JS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/89a6b744060eb8dee743351c785a9fbe37d4525a\"\u003e\u003ccode\u003e89a6b74\u003c/code\u003e\u003c/a\u003e Move SECURITY.txt for docs folder to keep GitHub page cleaner\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/6ceb8a46af9f9de821faee98f861bdf84617347b\"\u003e\u003ccode\u003e6ceb8a4\u003c/code\u003e\u003c/a\u003e Create SECURITY.md\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/postcss/postcss/compare/8.5.3...8.5.10\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ajv` from 6.12.6 to 6.15.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/184bc32745d9d33b2322949b9f3cb5f7609bf5ec\"\u003e\u003ccode\u003e184bc32\u003c/code\u003e\u003c/a\u003e 6.15.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/fea46afd1a76b12ff89493f6dc1bc46730c6d379\"\u003e\u003ccode\u003efea46af\u003c/code\u003e\u003c/a\u003e test/fix prototype pollution via $data ref with format keyword (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2606\"\u003e#2606\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/e3af0a723b4b7ad86eff43be355c706d31e0e915\"\u003e\u003ccode\u003ee3af0a7\u003c/code\u003e\u003c/a\u003e 6.14.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/b552ed66191eb338498df3196065c777e3bb71f2\"\u003e\u003ccode\u003eb552ed6\u003c/code\u003e\u003c/a\u003e add regExp option to address $data exploit via a regular expression (CVE-2025...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/72f228665859eed5e2be3a66f8c4a7aff6b34dcf\"\u003e\u003ccode\u003e72f2286\u003c/code\u003e\u003c/a\u003e docs: update v7 info\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/231e52b3bca62559202b95e5fb5cee02145b226a\"\u003e\u003ccode\u003e231e52b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/1320\"\u003e#1320\u003c/a\u003e from philsturgeon/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/d3475fc20416c33fe030c8aa3b09fa411f325bbd\"\u003e\u003ccode\u003ed3475fc\u003c/code\u003e\u003c/a\u003e Add spectral, an AJV util from a sponsor\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/413afe01f518ea74d1740a7cb211df787c585544\"\u003e\u003ccode\u003e413afe0\u003c/code\u003e\u003c/a\u003e docs: v7.0.0-beta.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/11e997bda2f3eecb445c1e5a07d96ef7e81c5f5d\"\u003e\u003ccode\u003e11e997b\u003c/code\u003e\u003c/a\u003e update readme for v7\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v6.12.6...v6.15.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `picomatch` from 2.3.1 to 2.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/releases\"\u003epicomatch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.3.2\u003c/h2\u003e\n\u003cp\u003eThis is a security release fixing several security relevant issues.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: exception when glob pattern contains constructor by \u003ca href=\"https://github.com/Jason3S\"\u003e\u003ccode\u003e@​Jason3S\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/micromatch/picomatch/pull/144\"\u003emicromatch/picomatch#144\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj\"\u003eCVE-2026-33671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p\"\u003eCVE-2026-33672\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ehttps://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md\"\u003epicomatch's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eRelease history\u003c/h1\u003e\n\u003cp\u003e\u003cstrong\u003eAll notable changes to this project will be documented in this file.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"http://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e\nand this project adheres to \u003ca href=\"http://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003eChangelogs are for humans, not machines.\u003c/li\u003e\n\u003cli\u003eThere should be an entry for every single version.\u003c/li\u003e\n\u003cli\u003eThe same types of changes should be grouped.\u003c/li\u003e\n\u003cli\u003eVersions and sections should be linkable.\u003c/li\u003e\n\u003cli\u003eThe latest version comes first.\u003c/li\u003e\n\u003cli\u003eThe release date of each versions is displayed.\u003c/li\u003e\n\u003cli\u003eMention whether you follow Semantic Versioning.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003eChangelog entries are classified using the following labels \u003cem\u003e(from \u003ca href=\"http://keepachangelog.com/\"\u003ekeep-a-changelog\u003c/a\u003e\u003c/em\u003e):\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eAdded\u003c/code\u003e for new features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eChanged\u003c/code\u003e for changes in existing functionality.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eDeprecated\u003c/code\u003e for soon-to-be removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRemoved\u003c/code\u003e for now removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFixed\u003c/code\u003e for any bug fixes.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eSecurity\u003c/code\u003e in case of vulnerabilities.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003e4.0.0 (2024-02-07)\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bad text values in parse \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/126\"\u003e#126\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/connor4312\"\u003e\u003ccode\u003e@​connor4312\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRemove process global to work outside of node \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/129\"\u003e#129\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/styfle\"\u003e\u003ccode\u003e@​styfle\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd sideEffects to package.json \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/128\"\u003e#128\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/frandiox\"\u003e\u003ccode\u003e@​frandiox\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemoved \u003ccode\u003eos\u003c/code\u003e, make compatible browser environment. See \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/124\"\u003e#124\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/gwsbhqt\"\u003e\u003ccode\u003e@​gwsbhqt\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.1\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/81cba8d4b767cab3cb29d26eb4f691eed75b73b2\"\u003e\u003ccode\u003e81cba8d\u003c/code\u003e\u003c/a\u003e Publish 2.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/fc1f6b69006e9435caf8fb40d8aff378bc0b7bce\"\u003e\u003ccode\u003efc1f6b6\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/eec17aee5428a7249e9ca5adbb8a0d28fa29619b\"\u003e\u003ccode\u003eeec17ae\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/78f8ca4362d9e66cadea97b93e292f10096452ed\"\u003e\u003ccode\u003e78f8ca4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/156\"\u003e#156\u003c/a\u003e from micromatch/backport-144\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/3f4f10eaa65bf3a52e8f2999674cd27e11fa3c9b\"\u003e\u003ccode\u003e3f4f10e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/144\"\u003e#144\u003c/a\u003e from Jason3S/jdent-object-properties\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `picomatch` from 4.0.2 to 4.0.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/releases\"\u003epicomatch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.3.2\u003c/h2\u003e\n\u003cp\u003eThis is a security release fixing several security relevant issues.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: exception when glob pattern contains constructor by \u003ca href=\"https://github.com/Jason3S\"\u003e\u003ccode\u003e@​Jason3S\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/micromatch/picomatch/pull/144\"\u003emicromatch/picomatch#144\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj\"\u003eCVE-2026-33671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p\"\u003eCVE-2026-33672\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ehttps://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md\"\u003epicomatch's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eRelease history\u003c/h1\u003e\n\u003cp\u003e\u003cstrong\u003eAll notable changes to this project will be documented in this file.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"http://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e\nand this project adheres to \u003ca href=\"http://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003eChangelogs are for humans, not machines.\u003c/li\u003e\n\u003cli\u003eThere should be an entry for every single version.\u003c/li\u003e\n\u003cli\u003eThe same types of changes should be grouped.\u003c/li\u003e\n\u003cli\u003eVersions and sections should be linkable.\u003c/li\u003e\n\u003cli\u003eThe latest version comes first.\u003c/li\u003e\n\u003cli\u003eThe release date of each versions is displayed.\u003c/li\u003e\n\u003cli\u003eMention whether you follow Semantic Versioning.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003eChangelog entries are classified using the following labels \u003cem\u003e(from \u003ca href=\"http://keepachangelog.com/\"\u003ekeep-a-changelog\u003c/a\u003e\u003c/em\u003e):\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eAdded\u003c/code\u003e for new features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eChanged\u003c/code\u003e for changes in existing functionality.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eDeprecated\u003c/code\u003e for soon-to-be removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRemoved\u003c/code\u003e for now removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFixed\u003c/code\u003e for any bug fixes.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eSecurity\u003c/code\u003e in case of vulnerabilities.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003e4.0.0 (2024-02-07)\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bad text values in parse \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/126\"\u003e#126\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/connor4312\"\u003e\u003ccode\u003e@​connor4312\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRemove process global to work outside of node \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/129\"\u003e#129\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/styfle\"\u003e\u003ccode\u003e@​styfle\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd sideEffects to package.json \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/128\"\u003e#128\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/frandiox\"\u003e\u003ccode\u003e@​frandiox\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemoved \u003ccode\u003eos\u003c/code\u003e, make compatible browser environment. See \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/124\"\u003e#124\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/gwsbhqt\"\u003e\u003ccode\u003e@​gwsbhqt\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.1\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/81cba8d4b767cab3cb29d26eb4f691eed75b73b2\"\u003e\u003ccode\u003e81cba8d\u003c/code\u003e\u003c/a\u003e Publish 2.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/fc1f6b69006e9435caf8fb40d8aff378bc0b7bce\"\u003e\u003ccode\u003efc1f6b6\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/eec17aee5428a7249e9ca5adbb8a0d28fa29619b\"\u003e\u003ccode\u003eeec17ae\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/78f8ca4362d9e66cadea97b93e292f10096452ed\"\u003e\u003ccode\u003e78f8ca4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/156\"\u003e#156\u003c/a\u003e from micromatch/backport-144\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/3f4f10eaa65bf3a52e8f2999674cd27e11fa3c9b\"\u003e\u003ccode\u003e3f4f10e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/144\"\u003e#144\u003c/a\u003e from Jason3S/jdent-object-properties\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@tootallnate/once` from 2.0.0 to 2.0.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/TooTallNate/once/releases\"\u003e@​tootallnate/once's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.0.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ea1e5e2d: Fix promise hang when AbortSignal is aborted\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/TooTallNate/once/blob/v2.0.1/CHANGELOG.md\"\u003e@​tootallnate/once's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.0.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ea1e5e2d: Fix promise hang when AbortSignal is aborted\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TooTallNate/once/commit/bcbb21d387e5fb2d0bf8ec2fd8d0ac97d4553241\"\u003e\u003ccode\u003ebcbb21d\u003c/code\u003e\u003c/a\u003e ci: fix OIDC publishing — Node 24, npm latest, provenance\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TooTallNate/once/commit/dc24387be8e3405f1e7c911caf76c87b72a0e145\"\u003e\u003ccode\u003edc24387\u003c/code\u003e\u003c/a\u003e Version Packages (2.x) (\u003ca href=\"https://redirect.github.com/TooTallNate/once/issues/12\"\u003e#12\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TooTallNate/once/commit/b8a6f80afcfd2482b4bdb1e29d784340a05e0ce3\"\u003e\u003ccode\u003eb8a6f80\u003c/code\u003e\u003c/a\u003e CI: test all Node versions on Linux only\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TooTallNate/once/commit/dabcc0fb6202663cd83994f0a21ea1c710395327\"\u003e\u003ccode\u003edabcc0f\u003c/code\u003e\u003c/a\u003e ci: drop EOL Node.js 14.x/16.x, add 22.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TooTallNate/once/commit/b464efcf4238d92590245b4d211d2fc05a94d28a\"\u003e\u003ccode\u003eb464efc\u003c/code\u003e\u003c/a\u003e Update CI: modern Node versions, fix macOS ARM64 compat\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TooTallNate/once/commit/a1e5e2d784bcd1c65e49fac1524c6c94fe81f871\"\u003e\u003ccode\u003ea1e5e2d\u003c/code\u003e\u003c/a\u003e Fix promise hang when AbortSignal is aborted\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/TooTallNate/once/compare/2.0.0...v2.0.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for \u003ccode\u003e@​tootallnate/once\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 3.1.2 to 3.1.5\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7bba97888a27a6162983056bcce2a6e28f668712\"\u003e\u003ccode\u003e7bba978\u003c/code\u003e\u003c/a\u003e 3.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/bd259425b2ca17b42897997f93e890314155522d\"\u003e\u003ccode\u003ebd25942\u003c/code\u003e\u003c/a\u003e docs: add warning about ReDoS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a9c27c75725474dbde57db2995b6281b267756d\"\u003e\u003ccode\u003e1a9c27c\u003c/code\u003e\u003c/a\u003e fix partial matching of globstar patterns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a2e084af579731af66c221214e3ca8222c9bf23\"\u003e\u003ccode\u003e1a2e084\u003c/code\u003e\u003c/a\u003e 3.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/ae24656237c3d58067442f790ce17eff84463a47\"\u003e\u003ccode\u003eae24656\u003c/code\u003e\u003c/a\u003e update lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/b1003749228b2a79e1f237963a0d559ef7a0941e\"\u003e\u003ccode\u003eb100374\u003c/code\u003e\u003c/a\u003e limit recursion for **, improve perf considerably\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/26ffeaa091b9f660833e23f42e07165b33e85c13\"\u003e\u003ccode\u003e26ffeaa\u003c/code\u003e\u003c/a\u003e lockfile update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/9eca892a4e5dbb20534f9f30483b85cdeee6c2eb\"\u003e\u003ccode\u003e9eca892\u003c/code\u003e\u003c/a\u003e lock node version to 14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/00c323b188b704e5d4bc534ecec2268cfa70a32a\"\u003e\u003ccode\u003e00c323b\u003c/code\u003e\u003c/a\u003e 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/30486b2048929264f44d18822891cfffa02af78b\"\u003e\u003ccode\u003e30486b2\u003c/code\u003e\u003c/a\u003e update CI matrix and actions\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `yaml` from 1.10.2 to 1.10.3\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/cfe8f0437054ff5fbfe6499894f55b3316a54959\"\u003e\u003ccode\u003ecfe8f04\u003c/code\u003e\u003c/a\u003e 1.10.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/7abcf45dd63f0bc626890ad9a8cdeb397f92be73\"\u003e\u003ccode\u003e7abcf45\u003c/code\u003e\u003c/a\u003e fix: Catch stack overflow during CST composition\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/a0252f8b056f49875d1b79edb8709cff7d7d0dc6\"\u003e\u003ccode\u003ea0252f8\u003c/code\u003e\u003c/a\u003e chore: Add rules avoiding processing of tests/json-test-suite\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/a5e83b05f7124c31b4784b613f0c669959a5ed48\"\u003e\u003ccode\u003ea5e83b0\u003c/code\u003e\u003c/a\u003e style: Apply updates Prettier rules\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/b8ddca0a5d4794a3c60f252d3513e6ff7068fdf0\"\u003e\u003ccode\u003eb8ddca0\u003c/code\u003e\u003c/a\u003e chore: Refresh lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/395f892ec9a26b9038c8db388b675c3281ab8cd3\"\u003e\u003ccode\u003e395f892\u003c/code\u003e\u003c/a\u003e ci: Use a different (working) submodule checkout\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/6fd272052751775e48196024d4bed639cc1e0350\"\u003e\u003ccode\u003e6fd2720\u003c/code\u003e\u003c/a\u003e test-events: Add {} and [] indicators to flow maps \u0026amp; sequences\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/eemeli/yaml/compare/v1.10.2...v1.10.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fast-uri` from 3.0.1 to 3.1.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastify/fast-uri/releases\"\u003efast-uri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.1.2\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc\"\u003ehttps://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHandle malformed fragment decoding as a parse error by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/171\"\u003efastify/fast-uri#171\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.1.1...v3.1.2\"\u003ehttps://github.com/fastify/fast-uri/compare/v3.1.1...v3.1.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.1\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6\"\u003ehttps://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps-dev): bump tsd from 0.32.0 to 0.33.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/148\"\u003efastify/fast-uri#148\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/149\"\u003efastify/fast-uri#149\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(.npmrc): ignore scripts by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/150\"\u003efastify/fast-uri#150\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): remove \u003ccode\u003e@​fastify/pre-commit\u003c/code\u003e by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/151\"\u003efastify/fast-uri#151\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-node from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/152\"\u003efastify/fast-uri#152\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(ci): add concurrency config by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/153\"\u003efastify/fast-uri#153\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-node from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/154\"\u003efastify/fast-uri#154\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/156\"\u003efastify/fast-uri#156\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(license): standardise license notice by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/159\"\u003efastify/fast-uri#159\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003estyle: remove trailing whitespace by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/161\"\u003efastify/fast-uri#161\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: remove unused github files by \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/162\"\u003efastify/fast-uri#162\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: update readme by \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/164\"\u003efastify/fast-uri#164\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump fastify/workflows/.github/workflows/plugins-ci-package-manager.yml from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/165\"\u003efastify/fast-uri#165\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/166\"\u003efastify/fast-uri#166\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump neostandard from 0.12.2 to 0.13.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/167\"\u003efastify/fast-uri#167\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add lock-threads workflow by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/169\"\u003efastify/fast-uri#169\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/162\"\u003efastify/fast-uri#162\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.1\"\u003ehttps://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eci: remove master branch support by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/126\"\u003efastify/fast-uri#126\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(test) remove .gitkeep by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/128\"\u003efastify/fast-uri#128\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(ci): set job permissions by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/129\"\u003efastify/fast-uri#129\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: set permissions at workflow level by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/131\"\u003efastify/fast-uri#131\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: set workflow permissions to read-only by default by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/132\"\u003efastify/fast-uri#132\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(ci): restore job level permissions by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/133\"\u003efastify/fast-uri#133\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump tsd from 0.31.2 to 0.32.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/134\"\u003efastify/fast-uri#134\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(ci): pin actions to commit-hash by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/135\"\u003efastify/fast-uri#135\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add node 24 to test matrix by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/136\"\u003efastify/fast-uri#136\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/919dd8ea7689fcc220d0d9b71307f5095e723ef9\"\u003e\u003ccode\u003e919dd8e\u003c/code\u003e\u003c/a\u003e Bumped v3.1.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/c65ba573714af6b8e19e481d9444c27bc4355d07\"\u003e\u003ccode\u003ec65ba57\u003c/code\u003e\u003c/a\u003e fixup: linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/6c86c17c3d76fb93aa3700ec6c0fa00faeb97293\"\u003e\u003ccode\u003e6c86c17\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/a95158ad308df4d92bbde4eba699ce5165e9f796\"\u003e\u003ccode\u003ea95158a\u003c/code\u003e\u003c/a\u003e Handle malformed fragment decoding without throwing (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/171\"\u003e#171\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/cea547c91c6aae610041b17b75792ca4aa035a6d\"\u003e\u003ccode\u003ecea547c\u003c/code\u003e\u003c/a\u003e Bumped v3.1.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/876ce79b662c3e5015e4e7dffe6f37752ad34f35\"\u003e\u003ccode\u003e876ce79\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/dcdf690b71a7bb3a19887ada65a9ab160d83bcc0\"\u003e\u003ccode\u003edcdf690\u003c/code\u003e\u003c/a\u003e ci: add lock-threads workflow (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/169\"\u003e#169\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/c860e6589b1ac346f66e114b4eadb9613768108c\"\u003e\u003ccode\u003ec860e65\u003c/code\u003e\u003c/a\u003e build(deps-dev): bump neostandard from 0.12.2 to 0.13.0 (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/167\"\u003e#167\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/9b4c6dc82fde0ca44e674403ece9185d85bb6d5f\"\u003e\u003ccode\u003e9b4c6dc\u003c/code\u003e\u003c/a\u003e build(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/166\"\u003e#166\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/85d09a9f7aa76b32c2bb005a90a71e144c361d24\"\u003e\u003ccode\u003e85d09a9\u003c/code\u003e\u003c/a\u003e build(deps): bump fastify/workflows/.github/workflows/plugins-ci-package-mana...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.0.1...v3.1.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fast-xml-parser` from 4.5.0 to 4.5.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/releases\"\u003efast-xml-parser's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eSummary update on all the previous releases from v4.2.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMultiple minor fixes provided in the validator and parser\u003c/li\u003e\n\u003cli\u003ev6 is added for experimental use.\u003c/li\u003e\n\u003cli\u003eignoreAttributes support function, and array of string or regex\u003c/li\u003e\n\u003cli\u003eAdd support for parsing HTML numeric entities\u003c/li\u003e\n\u003cli\u003ev5 of the application is ESM module now. However, JS is also supported\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eNote\u003c/strong\u003e: Release section in not updated frequently. Please check \u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md\"\u003eCHANGELOG\u003c/a\u003e or \u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/tags\"\u003eTags\u003c/a\u003e for latest release information.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/42fbb0bc95e753e03fe52cb0805a8774bba4bf28\"\u003e\u003ccode\u003e42fbb0b\u003c/code\u003e\u003c/a\u003e update release info\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/805671cb6c19108b171b876cf3e8865f18cdb8fd\"\u003e\u003ccode\u003e805671c\u003c/code\u003e\u003c/a\u003e increase expansion limit as many system need it\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/9a2cf097c2961d4ad878f618e39fb0a9f5a0e9e5\"\u003e\u003ccode\u003e9a2cf09\u003c/code\u003e\u003c/a\u003e update version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/88d0936a23dabe51bfbf42255e2ce912dfee2221\"\u003e\u003ccode\u003e88d0936\u003c/code\u003e\u003c/a\u003e apply all fixes from v5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/d4eb6b4713a8d11e6730943392419040898ecbc0\"\u003e\u003ccode\u003ed4eb6b4\u003c/code\u003e\u003c/a\u003e update release version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/b1b9f633ff30cb4708337355c2789f08bc0558d2\"\u003e\u003ccode\u003eb1b9f63\u003c/code\u003e\u003c/a\u003e update release info\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/faccca126e1db96b90084adda6fbe2ea2ed434e7\"\u003e\u003ccode\u003efaccca1\u003c/code\u003e\u003c/a\u003e sync with v5.3.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/ab00cdc49c681b44effbe95d6ee4392616a74aaa\"\u003e\u003ccode\u003eab00cdc\u003c/code\u003e\u003c/a\u003e update package bundle for minor fixes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/57c61876b47be10616ba47da904c8add26efcb58\"\u003e\u003ccode\u003e57c6187\u003c/code\u003e\u003c/a\u003e Update ReadMe\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/caeda37ebd919c799bf06ccf2f80d1e90e99d474\"\u003e\u003ccode\u003ecaeda37\u003c/code\u003e\u003c/a\u003e fix: emit full JSON string from CLI when no output filename specified (\u003ca href=\"https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/710\"\u003e#710\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/compare/v4.5.0...v4.5.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `flatted` from 3.3.1 to 3.4.2\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/3bf09091c3562e17a0647bc06710dd6097079cf7\"\u003e\u003ccode\u003e3bf0909\u003c/code\u003e\u003c/a\u003e 3.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/885ddcc33cf9657caf38c57c7be45ae1c5272802\"\u003e\u003ccode\u003e885ddcc\u003c/code\u003e\u003c/a\u003e fix CWE-1321\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/0bdba705d130f00892b1b8fcc80cf4cdea0631e3\"\u003e\u003ccode\u003e0bdba70\u003c/code\u003e\u003c/a\u003e added flatted-view to the benchmark\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/2a02dce7c641dec31194c67663f9b0b12e62da20\"\u003e\u003ccode\u003e2a02dce\u003c/code\u003e\u003c/a\u003e 3.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/fba4e8f2e113665da275b19cd0f695f3d98e9416\"\u003e\u003ccode\u003efba4e8f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/WebReflection/flatted/issues/89\"\u003e#89\u003c/a\u003e from WebReflection/python-fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/5fe86485e6df7f7f34a07a2a85498bd3e17384e7\"\u003e\u003ccode\u003e5fe8648\u003c/code\u003e\u003c/a\u003e added \u0026quot;when in Rome\u0026quot; also a test for PHP\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/53517adbefe724fe472b2f9ebcdb01910d0ae3f0\"\u003e\u003ccode\u003e53517ad\u003c/code\u003e\u003c/a\u003e some minor improvement\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/b3e2a0c387bf446435fec45ad7f05299f012346f\"\u003e\u003ccode\u003eb3e2a0c\u003c/code\u003e\u003c/a\u003e Fixing recursion issue in Python too\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/c4b46dbcbf782326e54ea1b65d3ebb1dc7a23fad\"\u003e\u003ccode\u003ec4b46db\u003c/code\u003e\u003c/a\u003e Add SECURITY.md for security policy and reporting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/f86d071e0f70de5a7d8200198824a3f07fc9c988\"\u003e\u003ccode\u003ef86d071\u003c/code\u003e\u003c/a\u003e Create dependabot.yml for version updates\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/WebReflection/flatted/compare/v3.3.1...v3.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `follow-redirects` from 1.15.9 to 1.16.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/0c23a223067201c368035e82954c11eb2578a33b\"\u003e\u003ccode\u003e0c23a22\u003c/code\u003e\u003c/a\u003e Release version 1.16.0 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/844c4d302ac963d29bdb5dc1754ec7df3d70d7f9\"\u003e\u003ccode\u003e844c4d3\u003c/code\u003e\u003c/a\u003e Add sensitiveHeaders option.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5e8b8d024e2c76f804a284258e585ecb49a575be\"\u003e\u003ccode\u003e5e8b8d0\u003c/code\u003e\u003c/a\u003e ci: add Node.js 24.x to the CI matrix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7953e2255aa0b93602eed3804f3bc5e6923a03af\"\u003e\u003ccode\u003e7953e22\u003c/code\u003e\u003c/a\u003e ci: upgrade GitHub Actions to use setup-node@v6 and checkout@v6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/86dc1f86e4b56bcd642c78384d51f10f123aea75\"\u003e\u003ccode\u003e86dc1f8\u003c/code\u003e\u003c/a\u003e Sanitizing input.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/21ef28a544c5e57f4c34b8476d75f2144609a1eb\"\u003e\u003ccode\u003e21ef28a\u003c/code\u003e\u003c/a\u003e Release version 1.15.11 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7c88135da3bd0681a7e156ee66b16b2f6f98b480\"\u003e\u003ccode\u003e7c88135\u003c/code\u003e\u003c/a\u003e Roll back tree shaking.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/6e389ba094beec211a8847788a146917a16c1bdb\"\u003e\u003ccode\u003e6e389ba\u003c/code\u003e\u003c/a\u003e Release version 1.15.10 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5bc496e0229abda823221e0c6267926a3f93f262\"\u003e\u003ccode\u003e5bc496e\u003c/code\u003e\u003c/a\u003e Shake me up before you go-go.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/694d6b47a42bc8377e5ef1480394de451e16bd5b\"\u003e\u003ccode\u003e694d6b4\u003c/code\u003e\u003c/a\u003e Bump minimist from 1.2.5 to 1.2.8\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/follow-redirects/follow-redirects/compare/v1.15.9...v1.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `handlebars` from 4.7.8 to 4.7.9\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/handlebars-lang/handlebars.js/releases\"\u003ehandlebars's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.7.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: enable shell mode for spawn to resolve Windows EINVAL issue - e0137c2\u003c/li\u003e\n\u003cli\u003efix type \u0026quot;RuntimeOptions\u0026quot; also accepting string partials - eab1d14\u003c/li\u003e\n\u003cli\u003efeat(types): set \u003ccode\u003ehash\u003c/code\u003e to be a \u003ccode\u003eRecord\u0026lt;string, any\u0026gt;\u003c/code\u003e - de4414d\u003c/li\u003e\n\u003cli\u003efix non-contiguous program indices - 4512766\u003c/li\u003e\n\u003cli\u003erefactor: rename i to startPartIndex - e497a35\u003c/li\u003e\n\u003cli\u003esecurity: fix security issues - 68d8df5\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2w6w-674q-4c4q\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2w6w-674q-4c4q\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-3mfm-83xf-c92r\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-3mfm-83xf-c92r\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xhpv-hc6g-r9c6\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xhpv-hc6g-r9c6\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xjpj-3mr7-gcpf\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xjpj-3mr7-gcpf\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-9cx6-37pm-9jff\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-9cx6-37pm-9jff\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2qvq-rjwj-gvw9\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2qvq-rjwj-gvw9\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-7rx3-28cr-v5wh\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-7rx3-28cr-v5wh\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-442j-39wm-28r2\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-442j-39wm-28r2\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.8...v4.7.9\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/handlebars-lang/handlebars.js/blob/v4.7.9/release-notes.md\"\u003ehandlebars's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.7.9 - March 26th, 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: enable shell mode for spawn to resolve Windows EINVAL issue - e0137c2\u003c/li\u003e\n\u003cli\u003efix type \u0026quot;RuntimeOptions\u0026quot; also accepting string partials - eab1d14\u003c/li\u003e\n\u003cli\u003efeat(types): set \u003ccode\u003ehash\u003c/code\u003e to be a \u003ccode\u003eRecord\u0026lt;string, any\u0026gt;\u003c/code\u003e - de4414d\u003c/li\u003e\n\u003cli\u003efix non-contiguous program indices - 4512766\u003c/li\u003e\n\u003cli\u003erefactor: rename i to startPartIndex - e497a35\u003c/li\u003e\n\u003cli\u003esecurity: fix security issues - 68d8df5\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.8...v4.7.9\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/dce542c9a660048d31f0981ac8a45c08b919bddb\"\u003e\u003ccode\u003edce542c\u003c/code\u003e\u003c/a\u003e v4.7.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/8a41389ba5b2624b6f43a5463d8e2533b843a562\"\u003e\u003ccode\u003e8a41389\u003c/code\u003e\u003c/a\u003e Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/68d8df5a88e0a26fe9e6084c5c6aaebe67b07da2\"\u003e\u003ccode\u003e68d8df5\u003c/code\u003e\u003c/a\u003e Fix security issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/b2a083136b11e1da9f0f47a11f749a9830a49328\"\u003e\u003ccode\u003eb2a0831\u003c/code\u003e\u003c/a\u003e Fix browser tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/9f98c1629834abf8de5a127caff8a2eab03d2c12\"\u003e\u003ccode\u003e9f98c16\u003c/code\u003e\u003c/a\u003e Fix release script\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/45443b4290475dfb7cec32a85d344f12ab345eb9\"\u003e\u003ccode\u003e45443b4\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Improve partial indenting performance\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/8841a5f6d35096aee95d68e1e49636a4cb5c661e\"\u003e\u003ccode\u003e8841a5f\u003c/code\u003e\u003c/a\u003e Fix CI errors with linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/e0137c26f2202593bca7cc25184e733e87d54709\"\u003e\u003ccode\u003ee0137c2\u003c/code\u003e\u003c/a\u003e fix: enable shell mode for spawn to resolve Windows EINVAL issue\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/e914d6037ffb0dd371f7e4823cdb019732ae66d7\"\u003e\u003ccode\u003ee914d60\u003c/code\u003e\u003c/a\u003e Improve rendering performance\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/7de4b41c344a5d702edca93d1841b59642fa32bd\"\u003e\u003ccode\u003e7de4b41\u003c/code\u003e\u003c/a\u003e Upgrade GitHub Actions checkout and setup-node on 4.x branch\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.8...v4.7.9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jws` from 3.2.2 to 3.2.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/brianloveswords/node-jws/releases\"\u003ejws's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.2.3\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix advisory GHSA-869p-cjfg-cm3x: createSign and createVerify now require\nthat a non empty secret is provided (via opts.secret, opts.privateKey or opts.key)\nwhen using HMAC algorithms.\u003c/li\u003e\n\u003cli\u003eUpgrading JWA version to 1.4.2, addressing a compatibility issue for Node \u0026gt;= 25.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/auth0/node-jws/blob/master/CHANGELOG.md\"\u003ejws's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[3.2.3]\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix advisory GHSA-869p-cjfg-cm3x: createSign and createVerify now require\nthat a non empty secret is provided (via opts.secret, opts.privateKey or opts.key)\nwhen using HMAC algorithms.\u003c/li\u003e\n\u003cli\u003eUpgrading JWA version to 1.4.2, adressing a compatibility issue f...\n\n_Description has been truncated_","html_url":"https://github.com/theinsightcentre/generative-ai-google/pull/9","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/theinsightcentre%2Fgenerative-ai-google/issues/9","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/9/packages"},{"uuid":"4528633867","node_id":"PR_kwDOC8MFD87fof8U","number":6352,"state":"open","title":"chore(deps): bump the minor-security group across 2 directories with 4 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":4,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-27T01:07:43.000Z","updated_at":"2026-05-27T01:11:01.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"minor-security","update_count":4,"packages":[{"name":"webpack","old_version":"5.98.0","new_version":"5.104.1","repository_url":"https://github.com/webpack/webpack"},{"name":"jws","old_version":"4.0.0","new_version":"4.0.1","repository_url":"https://github.com/brianloveswords/node-jws"},{"name":"markdown-it","old_version":"14.1.0","new_version":"14.2.0","repository_url":"https://github.com/markdown-it/markdown-it"},{"name":"webpack","old_version":"5.98.0","new_version":"5.104.1","repository_url":"https://github.com/webpack/webpack"},{"name":"validator","old_version":"13.9.0","new_version":"13.15.35","repository_url":"https://github.com/validatorjs/validator.js"}],"path":null,"ecosystem":"npm"},"body":"Bumps the minor-security group with 3 updates in the / directory: [webpack](https://github.com/webpack/webpack), [jws](https://github.com/brianloveswords/node-jws) and [markdown-it](https://github.com/markdown-it/markdown-it).\nBumps the minor-security group with 2 updates in the /api directory: [webpack](https://github.com/webpack/webpack) and [validator](https://github.com/validatorjs/validator.js).\n\nUpdates `webpack` from 5.98.0 to 5.104.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack/releases\"\u003ewebpack's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.104.1\u003c/h2\u003e\n\u003ch2\u003e5.104.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e2efd21b: Reexports runtime calculation should not accessing \u003cstrong\u003eWEBPACK_IMPORT_KEY\u003c/strong\u003e decl with var.\u003c/li\u003e\n\u003cli\u003ec510070: Fixed a user information bypass vulnerability in the HttpUriPlugin plugin.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.104.0\u003c/h2\u003e\n\u003ch2\u003e5.104.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ed3dd841: Use method shorthand to render module content in \u003ccode\u003e__webpack_modules__\u003c/code\u003e object.\u003c/li\u003e\n\u003cli\u003ed3dd841: Enhance \u003ccode\u003eimport.meta.env\u003c/code\u003e to support object access.\u003c/li\u003e\n\u003cli\u003e4baab4e: Optimize dependency sorting in updateParent: sort each module only once by deferring to finishUpdateParent(), and reduce traversal count in sortWithSourceOrder by caching WeakMap values upfront.\u003c/li\u003e\n\u003cli\u003e04cd530: Handle more at-rules for CSS modules.\u003c/li\u003e\n\u003cli\u003ecafae23: Added options to control the renaming of at-rules and various identifiers in CSS modules.\u003c/li\u003e\n\u003cli\u003ed3dd841: Added \u003ccode\u003ebase64url\u003c/code\u003e, \u003ccode\u003ebase62\u003c/code\u003e, \u003ccode\u003ebase58\u003c/code\u003e, \u003ccode\u003ebase52\u003c/code\u003e, \u003ccode\u003ebase49\u003c/code\u003e, \u003ccode\u003ebase36\u003c/code\u003e, \u003ccode\u003ebase32\u003c/code\u003e and \u003ccode\u003ebase25\u003c/code\u003e digests.\u003c/li\u003e\n\u003cli\u003e5983843: Provide a stable runtime function variable \u003ccode\u003e__webpack_global__\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003ed3dd841: Improved \u003ccode\u003elocalIdentName\u003c/code\u003e hashing for CSS.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e22c48fb: Added module existence check for informative error message in development mode.\u003c/li\u003e\n\u003cli\u003e50689e1: Use the fully qualified class name (or export name) for \u003ccode\u003e[fullhash]\u003c/code\u003e placeholder in CSS modules.\u003c/li\u003e\n\u003cli\u003ed3dd841: Support universal lazy compilation.\u003c/li\u003e\n\u003cli\u003ed3dd841: Fixed module library export definitions when multiple runtimes.\u003c/li\u003e\n\u003cli\u003ed3dd841: Fixed CSS nesting and CSS custom properties parsing.\u003c/li\u003e\n\u003cli\u003ed3dd841: Don't write fragment from URL to filename and apply fragment to module URL.\u003c/li\u003e\n\u003cli\u003eaab1da9: Fixed bugs for \u003ccode\u003ecss/global\u003c/code\u003e type.\u003c/li\u003e\n\u003cli\u003ed3dd841: Compatibility \u003ccode\u003eimport.meta.filename\u003c/code\u003e and \u003ccode\u003eimport.meta.dirname\u003c/code\u003e with \u003ccode\u003eeval\u003c/code\u003e devtools.\u003c/li\u003e\n\u003cli\u003ed3dd841: Handle nested \u003ccode\u003e__webpack_require__\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e728ddb7: The speed of identifier parsing has been improved.\u003c/li\u003e\n\u003cli\u003e0f8b31b: Improve types.\u003c/li\u003e\n\u003cli\u003ed3dd841: Don't corrupt \u003ccode\u003edebugId\u003c/code\u003e injection when \u003ccode\u003ehidden-source-map\u003c/code\u003e is used.\u003c/li\u003e\n\u003cli\u003e2179fdb: Re-validate HttpUriPlugin redirects against allowedUris, restrict to http(s) and add a conservative redirect limit to prevent SSRF and untrusted content inclusion. Redirects failing policy are rejected before caching/lockfile writes.\u003c/li\u003e\n\u003cli\u003ed3dd841: Serialize \u003ccode\u003eHookWebpackError\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003ed3dd841: Added ability to use built-in properties in dotenv and define plugin.\u003c/li\u003e\n\u003cli\u003e3c4319f: Optimizing the regular expression character class by specifying ranges for runtime code.\u003c/li\u003e\n\u003cli\u003ed3dd841: Reduce collision for local indent name in CSS.\u003c/li\u003e\n\u003cli\u003ed3dd841: Remove CSS link tags when CSS imports are removed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.103.0\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003eDotenvPlugin\u003c/code\u003e and top level \u003ccode\u003edotenv\u003c/code\u003e option to enable this plugin\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eWebpackManifestPlugin\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdded support the \u003ccode\u003eignoreList\u003c/code\u003e option in devtool plugins\u003c/li\u003e\n\u003cli\u003eAllow to use custom javascript parse function\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack/blob/main/CHANGELOG.md\"\u003ewebpack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.104.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e2efd21b: Reexports runtime calculation should not accessing \u003cstrong\u003eWEBPACK_IMPORT_KEY\u003c/strong\u003e decl with var.\u003c/li\u003e\n\u003cli\u003ec510070: Fixed a user information bypass vulnerability in the HttpUriPlugin plugin.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.104.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ed3dd841: Use method shorthand to render module content in \u003ccode\u003e__webpack_modules__\u003c/code\u003e object.\u003c/li\u003e\n\u003cli\u003ed3dd841: Enhance \u003ccode\u003eimport.meta.env\u003c/code\u003e to support object access.\u003c/li\u003e\n\u003cli\u003e4baab4e: Optimize dependency sorting in updateParent: sort each module only once by deferring to finishUpdateParent(), and reduce traversal count in sortWithSourceOrder by caching WeakMap values upfront.\u003c/li\u003e\n\u003cli\u003e04cd530: Handle more at-rules for CSS modules.\u003c/li\u003e\n\u003cli\u003ecafae23: Added options to control the renaming of at-rules and various identifiers in CSS modules.\u003c/li\u003e\n\u003cli\u003ed3dd841: Added \u003ccode\u003ebase64url\u003c/code\u003e, \u003ccode\u003ebase62\u003c/code\u003e, \u003ccode\u003ebase58\u003c/code\u003e, \u003ccode\u003ebase52\u003c/code\u003e, \u003ccode\u003ebase49\u003c/code\u003e, \u003ccode\u003ebase36\u003c/code\u003e, \u003ccode\u003ebase32\u003c/code\u003e and \u003ccode\u003ebase25\u003c/code\u003e digests.\u003c/li\u003e\n\u003cli\u003e5983843: Provide a stable runtime function variable \u003ccode\u003e__webpack_global__\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003ed3dd841: Improved \u003ccode\u003elocalIdentName\u003c/code\u003e hashing for CSS.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e22c48fb: Added module existence check for informative error message in development mode.\u003c/li\u003e\n\u003cli\u003e50689e1: Use the fully qualified class name (or export name) for \u003ccode\u003e[fullhash]\u003c/code\u003e placeholder in CSS modules.\u003c/li\u003e\n\u003cli\u003ed3dd841: Support universal lazy compilation.\u003c/li\u003e\n\u003cli\u003ed3dd841: Fixed module library export definitions when multiple runtimes.\u003c/li\u003e\n\u003cli\u003ed3dd841: Fixed CSS nesting and CSS custom properties parsing.\u003c/li\u003e\n\u003cli\u003ed3dd841: Don't write fragment from URL to filename and apply fragment to module URL.\u003c/li\u003e\n\u003cli\u003eaab1da9: Fixed bugs for \u003ccode\u003ecss/global\u003c/code\u003e type.\u003c/li\u003e\n\u003cli\u003ed3dd841: Compatibility \u003ccode\u003eimport.meta.filename\u003c/code\u003e and \u003ccode\u003eimport.meta.dirname\u003c/code\u003e with \u003ccode\u003eeval\u003c/code\u003e devtools.\u003c/li\u003e\n\u003cli\u003ed3dd841: Handle nested \u003ccode\u003e__webpack_require__\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e728ddb7: The speed of identifier parsing has been improved.\u003c/li\u003e\n\u003cli\u003e0f8b31b: Improve types.\u003c/li\u003e\n\u003cli\u003ed3dd841: Don't corrupt \u003ccode\u003edebugId\u003c/code\u003e injection when \u003ccode\u003ehidden-source-map\u003c/code\u003e is used.\u003c/li\u003e\n\u003cli\u003e2179fdb: Re-validate HttpUriPlugin redirects against allowedUris, restrict to http(s) and add a conservative redirect limit to prevent SSRF and untrusted content inclusion. Redirects failing policy are rejected before caching/lockfile writes.\u003c/li\u003e\n\u003cli\u003ed3dd841: Serialize \u003ccode\u003eHookWebpackError\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003ed3dd841: Added ability to use built-in properties in dotenv and define plugin.\u003c/li\u003e\n\u003cli\u003e3c4319f: Optimizing the regular expression character class by specifying ranges for runtime code.\u003c/li\u003e\n\u003cli\u003ed3dd841: Reduce collision for local indent name in CSS.\u003c/li\u003e\n\u003cli\u003ed3dd841: Remove CSS link tags when CSS imports are removed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/24e3c2d2c9f8c6d60810302b2ea70ed86e2863dc\"\u003e\u003ccode\u003e24e3c2d\u003c/code\u003e\u003c/a\u003e chore(release): new release (\u003ca href=\"https://redirect.github.com/webpack/webpack/issues/20253\"\u003e#20253\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/2efd21b0b06baa9b1a7f009b336379dcef24c1a5\"\u003e\u003ccode\u003e2efd21b\u003c/code\u003e\u003c/a\u003e fix(re-exports): reexports runtime calculation should not accessing `__WEBPAC...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/c5100702335a9cdcb75558ccd80def2329bd4abf\"\u003e\u003ccode\u003ec510070\u003c/code\u003e\u003c/a\u003e fix(security): userinfo bypass vulnerability in HttpUriPlugin allowedUris\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/4b0501c69700963bad1285b56f9cfa74704cb963\"\u003e\u003ccode\u003e4b0501c\u003c/code\u003e\u003c/a\u003e ci: fix release (\u003ca href=\"https://redirect.github.com/webpack/webpack/issues/20252\"\u003e#20252\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/0c213cecf2906bc41102c3a4cfdd1ad3522d0171\"\u003e\u003ccode\u003e0c213ce\u003c/code\u003e\u003c/a\u003e ci: use \u003ccode\u003e\\\u0026lt;@\u0026amp;1450591255485743204\u0026gt;\u003c/code\u003e over \u003ccode\u003e@here\u003c/code\u003e for discord notificationw\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/5bf8bc51bcfb49d25b73aae450b246cd8b8b423a\"\u003e\u003ccode\u003e5bf8bc5\u003c/code\u003e\u003c/a\u003e refactor: types for benchmarks and tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/505a5e744fbcf4471ddb534bf1d4aebea9643c1b\"\u003e\u003ccode\u003e505a5e7\u003c/code\u003e\u003c/a\u003e chore(release): new release (\u003ca href=\"https://redirect.github.com/webpack/webpack/issues/20188\"\u003e#20188\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/0c066808d59e4f9406e11bab4ffa2e0feacbd0e2\"\u003e\u003ccode\u003e0c06680\u003c/code\u003e\u003c/a\u003e refactor: update eslint configuration\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/2eb0d6a410513960bd7d65bf15baf15704a612eb\"\u003e\u003ccode\u003e2eb0d6a\u003c/code\u003e\u003c/a\u003e ci: release announcement (\u003ca href=\"https://redirect.github.com/webpack/webpack/issues/20238\"\u003e#20238\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/b2b24590a08755b706d2009ca97a226addf9e83b\"\u003e\u003ccode\u003eb2b2459\u003c/code\u003e\u003c/a\u003e ci: cancel in progress (\u003ca href=\"https://redirect.github.com/webpack/webpack/issues/20239\"\u003e#20239\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/webpack/webpack/compare/v5.98.0...v5.104.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jws` from 4.0.0 to 4.0.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/brianloveswords/node-jws/releases\"\u003ejws's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.0.1\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix advisory GHSA-869p-cjfg-cm3x: createSign and createVerify now require\nthat a non empty secret is provided (via opts.secret, opts.privateKey or opts.key)\nwhen using HMAC algorithms.\u003c/li\u003e\n\u003cli\u003eUpgrading JWA version to 2.0.1, addressing a compatibility issue for Node \u0026gt;= 25.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/auth0/node-jws/blob/master/CHANGELOG.md\"\u003ejws's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[4.0.1]\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix advisory GHSA-869p-cjfg-cm3x: createSign and createVerify now require\nthat a non empty secret is provided (via opts.secret, opts.privateKey or opts.key)\nwhen using HMAC algorithms.\u003c/li\u003e\n\u003cli\u003eUpgrading JWA version to 2.0.1, adressing a compatibility issue for Node \u0026gt;= 25.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.2.3]\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix advisory GHSA-869p-cjfg-cm3x: createSign and createVerify now require\nthat a non empty secret is provided (via opts.secret, opts.privateKey or opts.key)\nwhen using HMAC algorithms.\u003c/li\u003e\n\u003cli\u003eUpgrading JWA version to 1.4.2, adressing a compatibility issue for Node \u0026gt;= 25.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.0.0]\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eBREAKING\u003c/strong\u003e: \u003ccode\u003ejwt.verify\u003c/code\u003e now requires an \u003ccode\u003ealgorithm\u003c/code\u003e parameter, and\n\u003ccode\u003ejws.createVerify\u003c/code\u003e requires an \u003ccode\u003ealgorithm\u003c/code\u003e option. The \u003ccode\u003e\u0026quot;alg\u0026quot;\u003c/code\u003e field\nsignature headers is ignored. This mitigates a critical security flaw\nin the library which would allow an attacker to generate signatures with\narbitrary contents that would be accepted by \u003ccode\u003ejwt.verify\u003c/code\u003e. See\n\u003ca href=\"https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/\"\u003ehttps://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/\u003c/a\u003e\nfor details.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/brianloveswords/node-jws/compare/v1.0.1...v2.0.0\"\u003e2.0.0\u003c/a\u003e - 2015-01-30\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eBREAKING\u003c/strong\u003e: Default payload encoding changed from \u003ccode\u003ebinary\u003c/code\u003e to\n\u003ccode\u003eutf8\u003c/code\u003e. \u003ccode\u003eutf8\u003c/code\u003e is a is a more sensible default than \u003ccode\u003ebinary\u003c/code\u003e because\nmany payloads, as far as I can tell, will contain user-facing\nstrings that could be in any language. (\u003c!-- raw HTML omitted --\u003e[6b6de48]\u003c!-- raw HTML omitted --\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCode reorganization, thanks [\u003ca href=\"https://github.com/fearphage\"\u003e\u003ccode\u003e@​fearphage\u003c/code\u003e\u003c/a\u003e]! (\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/brianloveswords/node-jws/commit/7880050\"\u003e7880050\u003c/a\u003e\u003c!-- raw HTML omitted --\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eOption in all relevant methods for \u003ccode\u003eencoding\u003c/code\u003e. For those few users\nthat might be depending on a \u003ccode\u003ebinary\u003c/code\u003e encoding of the messages, this\nis for them. (\u003c!-- raw HTML omitted --\u003e[6b6de48]\u003c!-- raw HTML omitted --\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/auth0/node-jws/commit/34c45b2c04434f925b638de6a061de9339c0ea2e\"\u003e\u003ccode\u003e34c45b2\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/auth0/node-jws/commit/49bc39b1f5509a630e0c6849527d8bc66b29ddf5\"\u003e\u003ccode\u003e49bc39b\u003c/code\u003e\u003c/a\u003e version 4.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/auth0/node-jws/commit/d42350ccab74db06c95f2279d1674d7d6a1692f4\"\u003e\u003ccode\u003ed42350c\u003c/code\u003e\u003c/a\u003e Enhance tests for HMAC streaming sign and verify\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/auth0/node-jws/commit/5cb007cf826c70f178c9975d31e949adff75e61b\"\u003e\u003ccode\u003e5cb007c\u003c/code\u003e\u003c/a\u003e Improve secretOrKey initialization in VerifyStream\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/auth0/node-jws/commit/f9a2e1c8c61ed80d1aa97f03ec32ccb920cf51cb\"\u003e\u003ccode\u003ef9a2e1c\u003c/code\u003e\u003c/a\u003e Improve secret handling in SignStream\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/auth0/node-jws/commit/b9fb8d30e9c009ade6379f308590f1b0703eefc3\"\u003e\u003ccode\u003eb9fb8d3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/brianloveswords/node-jws/issues/102\"\u003e#102\u003c/a\u003e from auth0/SRE-57-Upload-opslevel-yaml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/auth0/node-jws/commit/95b75ee56c64d4f8c09c70e9e9662d813bab5685\"\u003e\u003ccode\u003e95b75ee\u003c/code\u003e\u003c/a\u003e Upload OpsLevel YAML\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/auth0/node-jws/commit/8857ee77623104e5cf9955932165ddf9cea1b72c\"\u003e\u003ccode\u003e8857ee7\u003c/code\u003e\u003c/a\u003e test: remove unused variable (\u003ca href=\"https://redirect.github.com/brianloveswords/node-jws/issues/96\"\u003e#96\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/brianloveswords/node-jws/compare/v4.0.0...v4.0.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~julien.wollscheid\"\u003ejulien.wollscheid\u003c/a\u003e, a new releaser for jws since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `markdown-it` from 14.1.0 to 14.2.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/markdown-it/markdown-it/blob/master/CHANGELOG.md\"\u003emarkdown-it's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[14.2.0] - 2026-05-24\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eisPunctCharCode\u003c/code\u003e to utilities.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDon't end HTML comment blocks on a blank line, \u003ca href=\"https://redirect.github.com/markdown-it/markdown-it/issues/1155\"\u003e#1155\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eProperly recognize astral chars (surrogates) in delimiter scans for\nemphasis-like markers, \u003ca href=\"https://redirect.github.com/markdown-it/markdown-it/issues/1072\"\u003e#1072\u003c/a\u003e. Big thanks to \u003ca href=\"https://github.com/tats-u\"\u003e\u003ccode\u003e@​tats-u\u003c/code\u003e\u003c/a\u003e for his global efforts\nwith improving CJK support.\u003c/li\u003e\n\u003cli\u003ePreserve unicode whitespaces when trimm headings/paragraphs, \u003ca href=\"https://redirect.github.com/markdown-it/markdown-it/issues/1074\"\u003e#1074\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eMore strict entities decode to avoid false positives \u003ccode\u003e;\u003c/code\u003e, \u003ca href=\"https://redirect.github.com/markdown-it/markdown-it/issues/1096\"\u003e#1096\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eRestore block parser state on fail in \u003ccode\u003elheading\u003c/code\u003e rule, \u003ca href=\"https://redirect.github.com/markdown-it/markdown-it/issues/1131\"\u003e#1131\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed poor smartquotes perfomance on \u0026gt; 70k quotes in single block\u003c/li\u003e\n\u003cli\u003eBumped linkify-it to 5.0.1 with fixed potential perfomance issues.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[14.1.1] - 2026-01-11\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed regression from v13 in linkify inline rule. Specific patterns could\ncause high CPU use. Thanks to \u003ca href=\"https://github.com/ltduc147\"\u003e\u003ccode\u003e@​ltduc147\u003c/code\u003e\u003c/a\u003e for report.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/markdown-it/markdown-it/commit/829797aa00353ce0b62ddeb9b4583b837b1ffd9b\"\u003e\u003ccode\u003e829797a\u003c/code\u003e\u003c/a\u003e 14.2.0 released\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/markdown-it/markdown-it/commit/9ce2087562c45d1e5ddd9f76b990f4b3fbe040e5\"\u003e\u003ccode\u003e9ce2087\u003c/code\u003e\u003c/a\u003e Fix smartquotes perfomance\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/markdown-it/markdown-it/commit/02e73b88fdbaddf7ecee7e567a3da62b98e57a4d\"\u003e\u003ccode\u003e02e73b8\u003c/code\u003e\u003c/a\u003e linkify-it bump\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/markdown-it/markdown-it/commit/68cfb8c0792ba87992d21ffb4d22ee6cf635afb7\"\u003e\u003ccode\u003e68cfb8c\u003c/code\u003e\u003c/a\u003e fix: don't end HTML comment blocks on a blank line (\u003ca href=\"https://redirect.github.com/markdown-it/markdown-it/issues/1155\"\u003e#1155\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/markdown-it/markdown-it/commit/108313756cfffba31166df0140e27dd58e4da115\"\u003e\u003ccode\u003e1083137\u003c/code\u003e\u003c/a\u003e Readme cleanup\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/markdown-it/markdown-it/commit/97c7ca2571f4255ff1d0f465958dda5293d20fe8\"\u003e\u003ccode\u003e97c7ca2\u003c/code\u003e\u003c/a\u003e Update funding info\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/markdown-it/markdown-it/commit/c471b55c10501aba7b62817df613adc5f451da43\"\u003e\u003ccode\u003ec471b55\u003c/code\u003e\u003c/a\u003e Changelog update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/markdown-it/markdown-it/commit/77696210d1c7c56e4ffd49ff28ba15b460cb01e4\"\u003e\u003ccode\u003e7769621\u003c/code\u003e\u003c/a\u003e isPunctChar =\u0026gt; isPunctCharCode\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/markdown-it/markdown-it/commit/aa2aa70b3001ed6aea67c22f1ff52e1ca158d2e1\"\u003e\u003ccode\u003eaa2aa70\u003c/code\u003e\u003c/a\u003e fix: always reset parentType in lheading rule (\u003ca href=\"https://redirect.github.com/markdown-it/markdown-it/issues/1131\"\u003e#1131\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/markdown-it/markdown-it/commit/59955f2ad35cbb0e3f41ad779c7363a94b4bf38e\"\u003e\u003ccode\u003e59955f2\u003c/code\u003e\u003c/a\u003e Polish PRs \u003ca href=\"https://redirect.github.com/markdown-it/markdown-it/issues/1072\"\u003e#1072\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/markdown-it/markdown-it/issues/1074\"\u003e#1074\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/markdown-it/markdown-it/compare/14.1.0...14.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `webpack` from 5.98.0 to 5.104.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack/releases\"\u003ewebpack's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.104.1\u003c/h2\u003e\n\u003ch2\u003e5.104.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e2efd21b: Reexports runtime calculation should not accessing \u003cstrong\u003eWEBPACK_IMPORT_KEY\u003c/strong\u003e decl with var.\u003c/li\u003e\n\u003cli\u003ec510070: Fixed a user information bypass vulnerability in the HttpUriPlugin plugin.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.104.0\u003c/h2\u003e\n\u003ch2\u003e5.104.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ed3dd841: Use method shorthand to render module content in \u003ccode\u003e__webpack_modules__\u003c/code\u003e object.\u003c/li\u003e\n\u003cli\u003ed3dd841: Enhance \u003ccode\u003eimport.meta.env\u003c/code\u003e to support object access.\u003c/li\u003e\n\u003cli\u003e4baab4e: Optimize dependency sorting in updateParent: sort each module only once by deferring to finishUpdateParent(), and reduce traversal count in sortWithSourceOrder by caching WeakMap values upfront.\u003c/li\u003e\n\u003cli\u003e04cd530: Handle more at-rules for CSS modules.\u003c/li\u003e\n\u003cli\u003ecafae23: Added options to control the renaming of at-rules and various identifiers in CSS modules.\u003c/li\u003e\n\u003cli\u003ed3dd841: Added \u003ccode\u003ebase64url\u003c/code\u003e, \u003ccode\u003ebase62\u003c/code\u003e, \u003ccode\u003ebase58\u003c/code\u003e, \u003ccode\u003ebase52\u003c/code\u003e, \u003ccode\u003ebase49\u003c/code\u003e, \u003ccode\u003ebase36\u003c/code\u003e, \u003ccode\u003ebase32\u003c/code\u003e and \u003ccode\u003ebase25\u003c/code\u003e digests.\u003c/li\u003e\n\u003cli\u003e5983843: Provide a stable runtime function variable \u003ccode\u003e__webpack_global__\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003ed3dd841: Improved \u003ccode\u003elocalIdentName\u003c/code\u003e hashing for CSS.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e22c48fb: Added module existence check for informative error message in development mode.\u003c/li\u003e\n\u003cli\u003e50689e1: Use the fully qualified class name (or export name) for \u003ccode\u003e[fullhash]\u003c/code\u003e placeholder in CSS modules.\u003c/li\u003e\n\u003cli\u003ed3dd841: Support universal lazy compilation.\u003c/li\u003e\n\u003cli\u003ed3dd841: Fixed module library export definitions when multiple runtimes.\u003c/li\u003e\n\u003cli\u003ed3dd841: Fixed CSS nesting and CSS custom properties parsing.\u003c/li\u003e\n\u003cli\u003ed3dd841: Don't write fragment from URL to filename and apply fragment to module URL.\u003c/li\u003e\n\u003cli\u003eaab1da9: Fixed bugs for \u003ccode\u003ecss/global\u003c/code\u003e type.\u003c/li\u003e\n\u003cli\u003ed3dd841: Compatibility \u003ccode\u003eimport.meta.filename\u003c/code\u003e and \u003ccode\u003eimport.meta.dirname\u003c/code\u003e with \u003ccode\u003eeval\u003c/code\u003e devtools.\u003c/li\u003e\n\u003cli\u003ed3dd841: Handle nested \u003ccode\u003e__webpack_require__\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e728ddb7: The speed of identifier parsing has been improved.\u003c/li\u003e\n\u003cli\u003e0f8b31b: Improve types.\u003c/li\u003e\n\u003cli\u003ed3dd841: Don't corrupt \u003ccode\u003edebugId\u003c/code\u003e injection when \u003ccode\u003ehidden-source-map\u003c/code\u003e is used.\u003c/li\u003e\n\u003cli\u003e2179fdb: Re-validate HttpUriPlugin redirects against allowedUris, restrict to http(s) and add a conservative redirect limit to prevent SSRF and untrusted content inclusion. Redirects failing policy are rejected before caching/lockfile writes.\u003c/li\u003e\n\u003cli\u003ed3dd841: Serialize \u003ccode\u003eHookWebpackError\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003ed3dd841: Added ability to use built-in properties in dotenv and define plugin.\u003c/li\u003e\n\u003cli\u003e3c4319f: Optimizing the regular expression character class by specifying ranges for runtime code.\u003c/li\u003e\n\u003cli\u003ed3dd841: Reduce collision for local indent name in CSS.\u003c/li\u003e\n\u003cli\u003ed3dd841: Remove CSS link tags when CSS imports are removed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.103.0\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003eDotenvPlugin\u003c/code\u003e and top level \u003ccode\u003edotenv\u003c/code\u003e option to enable this plugin\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eWebpackManifestPlugin\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdded support the \u003ccode\u003eignoreList\u003c/code\u003e option in devtool plugins\u003c/li\u003e\n\u003cli\u003eAllow to use custom javascript parse function\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack/blob/main/CHANGELOG.md\"\u003ewebpack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.104.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e2efd21b: Reexports runtime calculation should not accessing \u003cstrong\u003eWEBPACK_IMPORT_KEY\u003c/strong\u003e decl with var.\u003c/li\u003e\n\u003cli\u003ec510070: Fixed a user information bypass vulnerability in the HttpUriPlugin plugin.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.104.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ed3dd841: Use method shorthand to render module content in \u003ccode\u003e__webpack_modules__\u003c/code\u003e object.\u003c/li\u003e\n\u003cli\u003ed3dd841: Enhance \u003ccode\u003eimport.meta.env\u003c/code\u003e to support object access.\u003c/li\u003e\n\u003cli\u003e4baab4e: Optimize dependency sorting in updateParent: sort each module only once by deferring to finishUpdateParent(), and reduce traversal count in sortWithSourceOrder by caching WeakMap values upfront.\u003c/li\u003e\n\u003cli\u003e04cd530: Handle more at-rules for CSS modules.\u003c/li\u003e\n\u003cli\u003ecafae23: Added options to control the renaming of at-rules and various identifiers in CSS modules.\u003c/li\u003e\n\u003cli\u003ed3dd841: Added \u003ccode\u003ebase64url\u003c/code\u003e, \u003ccode\u003ebase62\u003c/code\u003e, \u003ccode\u003ebase58\u003c/code\u003e, \u003ccode\u003ebase52\u003c/code\u003e, \u003ccode\u003ebase49\u003c/code\u003e, \u003ccode\u003ebase36\u003c/code\u003e, \u003ccode\u003ebase32\u003c/code\u003e and \u003ccode\u003ebase25\u003c/code\u003e digests.\u003c/li\u003e\n\u003cli\u003e5983843: Provide a stable runtime function variable \u003ccode\u003e__webpack_global__\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003ed3dd841: Improved \u003ccode\u003elocalIdentName\u003c/code\u003e hashing for CSS.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e22c48fb: Added module existence check for informative error message in development mode.\u003c/li\u003e\n\u003cli\u003e50689e1: Use the fully qualified class name (or export name) for \u003ccode\u003e[fullhash]\u003c/code\u003e placeholder in CSS modules.\u003c/li\u003e\n\u003cli\u003ed3dd841: Support universal lazy compilation.\u003c/li\u003e\n\u003cli\u003ed3dd841: Fixed module library export definitions when multiple runtimes.\u003c/li\u003e\n\u003cli\u003ed3dd841: Fixed CSS nesting and CSS custom properties parsing.\u003c/li\u003e\n\u003cli\u003ed3dd841: Don't write fragment from URL to filename and apply fragment to module URL.\u003c/li\u003e\n\u003cli\u003eaab1da9: Fixed bugs for \u003ccode\u003ecss/global\u003c/code\u003e type.\u003c/li\u003e\n\u003cli\u003ed3dd841: Compatibility \u003ccode\u003eimport.meta.filename\u003c/code\u003e and \u003ccode\u003eimport.meta.dirname\u003c/code\u003e with \u003ccode\u003eeval\u003c/code\u003e devtools.\u003c/li\u003e\n\u003cli\u003ed3dd841: Handle nested \u003ccode\u003e__webpack_require__\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e728ddb7: The speed of identifier parsing has been improved.\u003c/li\u003e\n\u003cli\u003e0f8b31b: Improve types.\u003c/li\u003e\n\u003cli\u003ed3dd841: Don't corrupt \u003ccode\u003edebugId\u003c/code\u003e injection when \u003ccode\u003ehidden-source-map\u003c/code\u003e is used.\u003c/li\u003e\n\u003cli\u003e2179fdb: Re-validate HttpUriPlugin redirects against allowedUris, restrict to http(s) and add a conservative redirect limit to prevent SSRF and untrusted content inclusion. Redirects failing policy are rejected before caching/lockfile writes.\u003c/li\u003e\n\u003cli\u003ed3dd841: Serialize \u003ccode\u003eHookWebpackError\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003ed3dd841: Added ability to use built-in properties in dotenv and define plugin.\u003c/li\u003e\n\u003cli\u003e3c4319f: Optimizing the regular expression character class by specifying ranges for runtime code.\u003c/li\u003e\n\u003cli\u003ed3dd841: Reduce collision for local indent name in CSS.\u003c/li\u003e\n\u003cli\u003ed3dd841: Remove CSS link tags when CSS imports are removed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/24e3c2d2c9f8c6d60810302b2ea70ed86e2863dc\"\u003e\u003ccode\u003e24e3c2d\u003c/code\u003e\u003c/a\u003e chore(release): new release (\u003ca href=\"https://redirect.github.com/webpack/webpack/issues/20253\"\u003e#20253\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/2efd21b0b06baa9b1a7f009b336379dcef24c1a5\"\u003e\u003ccode\u003e2efd21b\u003c/code\u003e\u003c/a\u003e fix(re-exports): reexports runtime calculation should not accessing `__WEBPAC...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/c5100702335a9cdcb75558ccd80def2329bd4abf\"\u003e\u003ccode\u003ec510070\u003c/code\u003e\u003c/a\u003e fix(security): userinfo bypass vulnerability in HttpUriPlugin allowedUris\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/4b0501c69700963bad1285b56f9cfa74704cb963\"\u003e\u003ccode\u003e4b0501c\u003c/code\u003e\u003c/a\u003e ci: fix release (\u003ca href=\"https://redirect.github.com/webpack/webpack/issues/20252\"\u003e#20252\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/0c213cecf2906bc41102c3a4cfdd1ad3522d0171\"\u003e\u003ccode\u003e0c213ce\u003c/code\u003e\u003c/a\u003e ci: use \u003ccode\u003e\\\u0026lt;@\u0026amp;1450591255485743204\u0026gt;\u003c/code\u003e over \u003ccode\u003e@here\u003c/code\u003e for discord notificationw\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/5bf8bc51bcfb49d25b73aae450b246cd8b8b423a\"\u003e\u003ccode\u003e5bf8bc5\u003c/code\u003e\u003c/a\u003e refactor: types for benchmarks and tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/505a5e744fbcf4471ddb534bf1d4aebea9643c1b\"\u003e\u003ccode\u003e505a5e7\u003c/code\u003e\u003c/a\u003e chore(release): new release (\u003ca href=\"https://redirect.github.com/webpack/webpack/issues/20188\"\u003e#20188\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/0c066808d59e4f9406e11bab4ffa2e0feacbd0e2\"\u003e\u003ccode\u003e0c06680\u003c/code\u003e\u003c/a\u003e refactor: update eslint configuration\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/2eb0d6a410513960bd7d65bf15baf15704a612eb\"\u003e\u003ccode\u003e2eb0d6a\u003c/code\u003e\u003c/a\u003e ci: release announcement (\u003ca href=\"https://redirect.github.com/webpack/webpack/issues/20238\"\u003e#20238\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/b2b24590a08755b706d2009ca97a226addf9e83b\"\u003e\u003ccode\u003eb2b2459\u003c/code\u003e\u003c/a\u003e ci: cancel in progress (\u003ca href=\"https://redirect.github.com/webpack/webpack/issues/20239\"\u003e#20239\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/webpack/webpack/compare/v5.98.0...v5.104.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `validator` from 13.9.0 to 13.15.35\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/validatorjs/validator.js/releases\"\u003evalidator's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e13.15.35\u003c/h2\u003e\n\u003ch3\u003eFixes, New Locales and Enhancements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2663\"\u003e#2663\u003c/a\u003e \u003ccode\u003eisISO31661Alpha2\u003c/code\u003e/\u003ccode\u003eisISO31661Alpha3\u003c/code\u003e: add support for Kosovo (\u003ccode\u003eXK\u003c/code\u003e / \u003ccode\u003eXXK\u003c/code\u003e) \u003ca href=\"https://github.com/johanpoirier-d4\"\u003e\u003ccode\u003e@​johanpoirier-d4\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2661\"\u003e#2661\u003c/a\u003e \u003ccode\u003eisHexColor\u003c/code\u003e: ignore non-object options \u003ca href=\"https://github.com/yuna0831\"\u003e\u003ccode\u003e@​yuna0831\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eisTaxID\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2644\"\u003e#2644\u003c/a\u003e improve \u003ccode\u003ept-BR\u003c/code\u003e locale by adding support for alphanumeric CNPJ format \u003ca href=\"https://github.com/easedu\"\u003e\u003ccode\u003e@​easedu\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2675\"\u003e#2675\u003c/a\u003e improve \u003ccode\u003ept-BR\u003c/code\u003e locale by adding support for formatted CPF values \u003ca href=\"https://github.com/easedu\"\u003e\u003ccode\u003e@​easedu\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2643\"\u003e#2643\u003c/a\u003e \u003ccode\u003eisPassportNumber\u003c/code\u003e: improve \u003ccode\u003eMX\u003c/code\u003e locale \u003ca href=\"https://github.com/jesroffrouk\"\u003e\u003ccode\u003e@​jesroffrouk\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2676\"\u003e#2676\u003c/a\u003e \u003ccode\u003eisMobilePhone\u003c/code\u003e: add \u003ccode\u003efr-DJ\u003c/code\u003e locale \u003ca href=\"https://github.com/Kartikeya-guthub\"\u003e\u003ccode\u003e@​Kartikeya-guthub\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2682\"\u003e#2682\u003c/a\u003e \u003ccode\u003eisPostalCode\u003c/code\u003e: add \u003ccode\u003eMC\u003c/code\u003e locale \u003ca href=\"https://github.com/moogblob\"\u003e\u003ccode\u003e@​moogblob\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2690\"\u003e#2690\u003c/a\u003e \u003ccode\u003eisJSON\u003c/code\u003e: allow any valid JSON value to pass \u003ca href=\"https://github.com/relu91\"\u003e\u003ccode\u003e@​relu91\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2693\"\u003e#2693\u003c/a\u003e \u003ccode\u003eisSlug\u003c/code\u003e: restrict allowed characters to valid slug charset \u003ca href=\"https://github.com/Shrawak\"\u003e\u003ccode\u003e@​Shrawak\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDoc fixes and others:\u003c/strong\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2658\"\u003e#2658\u003c/a\u003e \u003ca href=\"https://github.com/Manaskarthik28\"\u003e\u003ccode\u003e@​Manaskarthik28\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2592\"\u003e#2592\u003c/a\u003e \u003ca href=\"https://github.com/noritaka1166\"\u003e\u003ccode\u003e@​noritaka1166\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2591\"\u003e#2591\u003c/a\u003e \u003ca href=\"https://github.com/noritaka1166\"\u003e\u003ccode\u003e@​noritaka1166\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Manaskarthik28\"\u003e\u003ccode\u003e@​Manaskarthik28\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2658\"\u003evalidatorjs/validator.js#2658\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/johanpoirier-d4\"\u003e\u003ccode\u003e@​johanpoirier-d4\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2663\"\u003evalidatorjs/validator.js#2663\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yuna0831\"\u003e\u003ccode\u003e@​yuna0831\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2661\"\u003evalidatorjs/validator.js#2661\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/easedu\"\u003e\u003ccode\u003e@​easedu\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2644\"\u003evalidatorjs/validator.js#2644\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jesroffrouk\"\u003e\u003ccode\u003e@​jesroffrouk\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2643\"\u003evalidatorjs/validator.js#2643\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kartikeya-guthub\"\u003e\u003ccode\u003e@​Kartikeya-guthub\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2676\"\u003evalidatorjs/validator.js#2676\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moogblob\"\u003e\u003ccode\u003e@​moogblob\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2682\"\u003evalidatorjs/validator.js#2682\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/noritaka1166\"\u003e\u003ccode\u003e@​noritaka1166\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2592\"\u003evalidatorjs/validator.js#2592\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/relu91\"\u003e\u003ccode\u003e@​relu91\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2690\"\u003evalidatorjs/validator.js#2690\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Shrawak\"\u003e\u003ccode\u003e@​Shrawak\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2693\"\u003evalidatorjs/validator.js#2693\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/validatorjs/validator.js/compare/13.15.26...13.15.35\"\u003ehttps://github.com/validatorjs/validator.js/compare/13.15.26...13.15.35\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e13.15.26\u003c/h2\u003e\n\u003ch3\u003eFixes, New Locales and Enhancements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2535\"\u003e#2535\u003c/a\u003e \u003ccode\u003eisHexColor\u003c/code\u003e: add \u003ccode\u003erequire_hashtag\u003c/code\u003e option \u003ca href=\"https://github.com/Numbers0689\"\u003e\u003ccode\u003e@​Numbers0689\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2633\"\u003e#2633\u003c/a\u003e \u003ccode\u003eisURL\u003c/code\u003e: handle possible bypass with URL-encoded content \u003ca href=\"https://github.com/WikiRik\"\u003e\u003ccode\u003e@​WikiRik\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2634\"\u003e#2634\u003c/a\u003e \u003ccode\u003eisIBAN\u003c/code\u003e: improve \u003ccode\u003eIR\u003c/code\u003e locale \u003ca href=\"https://github.com/ds1371dani\"\u003e\u003ccode\u003e@​ds1371dani\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDoc fixes and others:\u003c/strong\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2640\"\u003e#2640\u003c/a\u003e \u003ca href=\"https://github.com/WikiRik\"\u003e\u003ccode\u003e@​WikiRik\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ds1371dani\"\u003e\u003ccode\u003e@​ds1371dani\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2634\"\u003evalidatorjs/validator.js#2634\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Numbers0689\"\u003e\u003ccode\u003e@​Numbers0689\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2535\"\u003evalidatorjs/validator.js#2535\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/validatorjs/validator.js/compare/13.15.23...13.15.26\"\u003ehttps://github.com/validatorjs/validator.js/compare/13.15.23...13.15.26\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e13.15.23\u003c/h2\u003e\n\u003ch3\u003eFixes, New Locales and Enhancements\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/validatorjs/validator.js/blob/master/CHANGELOG.md\"\u003evalidator's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e13.15.35\u003c/h1\u003e\n\u003ch3\u003eFixes, New Locales and Enhancements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2663\"\u003e#2663\u003c/a\u003e \u003ccode\u003eisISO31661Alpha2\u003c/code\u003e/\u003ccode\u003eisISO31661Alpha3\u003c/code\u003e: add support for Kosovo (\u003ccode\u003eXK\u003c/code\u003e / \u003ccode\u003eXXK\u003c/code\u003e) \u003ca href=\"https://github.com/johanpoirier-d4\"\u003e\u003ccode\u003e@​johanpoirier-d4\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2661\"\u003e#2661\u003c/a\u003e \u003ccode\u003eisHexColor\u003c/code\u003e: ignore non-object options \u003ca href=\"https://github.com/yuna0831\"\u003e\u003ccode\u003e@​yuna0831\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eisTaxID\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2644\"\u003e#2644\u003c/a\u003e improve \u003ccode\u003ept-BR\u003c/code\u003e locale by adding support for alphanumeric CNPJ format \u003ca href=\"https://github.com/easedu\"\u003e\u003ccode\u003e@​easedu\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2675\"\u003e#2675\u003c/a\u003e improve \u003ccode\u003ept-BR\u003c/code\u003e locale by adding support for formatted CPF values \u003ca href=\"https://github.com/easedu\"\u003e\u003ccode\u003e@​easedu\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2643\"\u003e#2643\u003c/a\u003e \u003ccode\u003eisPassportNumber\u003c/code\u003e: improve \u003ccode\u003eMX\u003c/code\u003e locale \u003ca href=\"https://github.com/jesroffrouk\"\u003e\u003ccode\u003e@​jesroffrouk\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2676\"\u003e#2676\u003c/a\u003e \u003ccode\u003eisMobilePhone\u003c/code\u003e: add \u003ccode\u003efr-DJ\u003c/code\u003e locale \u003ca href=\"https://github.com/Kartikeya-guthub\"\u003e\u003ccode\u003e@​Kartikeya-guthub\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2682\"\u003e#2682\u003c/a\u003e \u003ccode\u003eisPostalCode\u003c/code\u003e: add \u003ccode\u003eMC\u003c/code\u003e locale \u003ca href=\"https://github.com/moogblob\"\u003e\u003ccode\u003e@​moogblob\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2690\"\u003e#2690\u003c/a\u003e \u003ccode\u003eisJSON\u003c/code\u003e: allow any valid JSON value to pass \u003ca href=\"https://github.com/relu91\"\u003e\u003ccode\u003e@​relu91\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2693\"\u003e#2693\u003c/a\u003e \u003ccode\u003eisSlug\u003c/code\u003e: restrict allowed characters to valid slug charset \u003ca href=\"https://github.com/Shrawak\"\u003e\u003ccode\u003e@​Shrawak\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDoc fixes and others:\u003c/strong\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2658\"\u003e#2658\u003c/a\u003e \u003ca href=\"https://github.com/Manaskarthik28\"\u003e\u003ccode\u003e@​Manaskarthik28\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2592\"\u003e#2592\u003c/a\u003e \u003ca href=\"https://github.com/noritaka1166\"\u003e\u003ccode\u003e@​noritaka1166\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2591\"\u003e#2591\u003c/a\u003e \u003ca href=\"https://github.com/noritaka1166\"\u003e\u003ccode\u003e@​noritaka1166\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e13.15.26\u003c/h1\u003e\n\u003ch3\u003eFixes, New Locales and Enhancements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2535\"\u003e#2535\u003c/a\u003e \u003ccode\u003eisHexColor\u003c/code\u003e: add \u003ccode\u003erequire_hashtag\u003c/code\u003e option \u003ca href=\"https://github.com/Numbers0689\"\u003e\u003ccode\u003e@​Numbers0689\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2633\"\u003e#2633\u003c/a\u003e \u003ccode\u003eisURL\u003c/code\u003e: handle possible bypass with URL-encoded content \u003ca href=\"https://github.com/WikiRik\"\u003e\u003ccode\u003e@​WikiRik\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2634\"\u003e#2634\u003c/a\u003e \u003ccode\u003eisIBAN\u003c/code\u003e: improve \u003ccode\u003eIR\u003c/code\u003e locale \u003ca href=\"https://github.com/ds1371dani\"\u003e\u003ccode\u003e@​ds1371dani\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDoc fixes and others:\u003c/strong\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2640\"\u003e#2640\u003c/a\u003e \u003ca href=\"https://github.com/WikiRik\"\u003e\u003ccode\u003e@​WikiRik\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e13.15.23\u003c/h1\u003e\n\u003ch3\u003eFixes, New Locales and Enhancements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eDoc fixes and others:\u003c/strong\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2631\"\u003e#2631\u003c/a\u003e \u003ca href=\"https://github.com/WikiRik\"\u003e\u003ccode\u003e@​WikiRik\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e13.15.22\u003c/h1\u003e\n\u003ch3\u003eFixes, New Locales and Enhancements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2622\"\u003e#2622\u003c/a\u003e \u003ccode\u003eisURL\u003c/code\u003e: fix regression with hostnames with ports \u003ca href=\"https://github.com/mbtools\"\u003e\u003ccode\u003e@​mbtools\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2616\"\u003e#2616\u003c/a\u003e \u003ccode\u003eisLength\u003c/code\u003e: improve handling Unicode variation selectors \u003ca href=\"https://github.com/koral\"\u003e\u003ccode\u003e@​koral\u003c/code\u003e\u003c/a\u003e--\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDoc fixes and others:\u003c/strong\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2621\"\u003e#2621\u003c/a\u003e \u003ca href=\"https://github.com/mbtools\"\u003e\u003ccode\u003e@​mbtools\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e13.15.20\u003c/h1\u003e\n\u003ch3\u003eFixes, New Locales and Enhancements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2556\"\u003e#2556\u003c/a\u003e \u003ccode\u003eisMobilePhone\u003c/code\u003e: add \u003ccode\u003ear-QA\u003c/code\u003e locale \u003ca href=\"https://github.com/WardKhaddour\"\u003e\u003ccode\u003e@​WardKhaddour\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/validatorjs/validator.js/commit/7a8079709cd4cb27b2a1846e6f6508d68c9d928f\"\u003e\u003ccode\u003e7a80797\u003c/code\u003e\u003c/a\u003e maintenance: 2604 release (\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/issues/2695\"\u003e#2695\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/validatorjs/validator.js/commit/941db7fac5263cc7e0df0eba37253678f92989b0\"\u003e\u003ccode\u003e941db7f\u003c/code\u003e\u003c/a\u003e fix(isSlug): restrict allowed characters to valid slug charset (\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/issues/2693\"\u003e#2693\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/validatorjs/validator.js/commit/2758f7029798df0361ace21143e7169eeb22df88\"\u003e\u003ccode\u003e2758f70\u003c/code\u003e\u003c/a\u003e chore: fix typo in comment (\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/issues/2591\"\u003e#2591\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/validatorjs/validator.js/commit/fcfbff59f754b2fe81b4f91560a33455236a7f01\"\u003e\u003ccode\u003efcfbff5\u003c/code\u003e\u003c/a\u003e feat(isJson): allow any valid JSON value to pass (\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/issues/2690\"\u003e#2690\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/validatorjs/validator.js/commit/f06caee798c0c70d8f1774426a03c1d05ed0bd07\"\u003e\u003ccode\u003ef06caee\u003c/code\u003e\u003c/a\u003e refactor: replace if-then-else flow by a single return statement (\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/issues/2592\"\u003e#2592\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/validatorjs/validator.js/commit/9fa1e3a44a3fb371bc91cf8bb7e127ee4e049331\"\u003e\u003ccode\u003e9fa1e3a\u003c/code\u003e\u003c/a\u003e feat(isPostalCode): Add postal code for Monaco (\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/issues/2682\"\u003e#2682\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/validatorjs/validator.js/commit/b1aea75a5e64929eab32d9e83e957b7f5660e9bd\"\u003e\u003ccode\u003eb1aea75\u003c/code\u003e\u003c/a\u003e feat(isMobilePhone): add Djibouti (fr-DJ) mobile phone validation (\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/issues/2676\"\u003e#2676\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/validatorjs/validator.js/commit/f715cddd592169a93cce1ac04d33bfb47ec53048\"\u003e\u003ccode\u003ef715cdd\u003c/code\u003e\u003c/a\u003e fix(isPassportNumber): improve \u003ccode\u003eMX\u003c/code\u003e locale (\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/issues/2643\"\u003e#2643\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/validatorjs/validator.js/commit/e8c6914f72f8a176ecffe034b8324265e8b4d3fe\"\u003e\u003ccode\u003ee8c6914\u003c/code\u003e\u003c/a\u003e fix(isTaxID): add formatted CPF support and additional test cases for pt-BR l...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/validatorjs/validator.js/commit/90b0a9a40bdce395f74e43f8b7158c992297e71e\"\u003e\u003ccode\u003e90b0a9a\u003c/code\u003e\u003c/a\u003e fix(isTaxID): improve \u003ccode\u003ept-BR\u003c/code\u003e locale by adding support for alphanumeric CNPJ ...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/validatorjs/validator.js/compare/13.9.0...13.15.35\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for validator since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/bloom-housing/bloom/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/bloom-housing/bloom/pull/6352","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/bloom-housing%2Fbloom/issues/6352","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/6352/packages"},{"uuid":"4513395873","node_id":"PR_kwDOGn7O-c7e3L81","number":21,"state":"closed","title":"Bump the npm_and_yarn group across 16 directories with 20 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-25T03:02:50.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-25T00:09:50.000Z","updated_at":"2026-05-25T03:02:53.000Z","time_to_close":10380,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":20,"packages":[{"name":"express","old_version":"4.17.0","new_version":"4.22.0","repository_url":"https://github.com/expressjs/express"},{"name":"minimatch","old_version":"3.0.4","new_version":"3.1.4","repository_url":"https://github.com/isaacs/minimatch"},{"name":"tar","old_version":"4.4.10","new_version":"7.5.11","repository_url":"https://github.com/isaacs/node-tar"},{"name":"devalue","old_version":"2.0.1","new_version":"5.8.1","repository_url":"https://github.com/sveltejs/devalue"},{"name":"uuid","old_version":"8.3.2","new_version":"14.0.0","repository_url":"https://github.com/uuidjs/uuid"},{"name":"ws","old_version":"8.2.3","new_version":"8.20.1","repository_url":"https://github.com/websockets/ws"},{"name":"@babel/plugin-transform-modules-systemjs","old_version":"7.12.1","new_version":"7.29.4","repository_url":"https://github.com/babel/babel"},{"name":"bn.js","old_version":"4.11.9","new_version":"4.12.3","repository_url":"https://github.com/indutny/bn.js"},{"name":"cipher-base","old_version":"1.0.4","new_version":"1.0.7","repository_url":"https://github.com/crypto-browserify/cipher-base"},{"name":"flatted","old_version":"3.1.1","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"follow-redirects","old_version":"1.9.0","new_version":"1.16.0","repository_url":"https://github.com/follow-redirects/follow-redirects"},{"name":"handlebars","old_version":"4.7.6","new_version":"4.7.9","repository_url":"https://github.com/handlebars-lang/handlebars.js"},{"name":"js-yaml","old_version":"3.13.1","new_version":"3.14.2","repository_url":"https://github.com/nodeca/js-yaml"},{"name":"jws","old_version":"3.2.2","new_version":"3.2.3","repository_url":"https://github.com/brianloveswords/node-jws"},{"name":"rollup","old_version":"2.35.1","new_version":"2.80.0","repository_url":"https://github.com/rollup/rollup"},{"name":"sha.js","old_version":"2.4.11","new_version":"2.4.12","repository_url":"https://github.com/crypto-browserify/sha.js"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 16 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [express](https://github.com/expressjs/express) | `4.17.0` | `4.22.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.4` |\n| [tar](https://github.com/isaacs/node-tar) | `4.4.10` | `7.5.11` |\n| [devalue](https://github.com/sveltejs/devalue) | `2.0.1` | `5.8.1` |\n| [uuid](https://github.com/uuidjs/uuid) | `8.3.2` | `14.0.0` |\n| [ws](https://github.com/websockets/ws) | `8.2.3` | `8.20.1` |\n| [@babel/plugin-transform-modules-systemjs](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs) | `7.12.1` | `7.29.4` |\n| [bn.js](https://github.com/indutny/bn.js) | `4.11.9` | `4.12.3` |\n| [cipher-base](https://github.com/crypto-browserify/cipher-base) | `1.0.4` | `1.0.7` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.1.1` | `3.4.2` |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.9.0` | `1.16.0` |\n| [handlebars](https://github.com/handlebars-lang/handlebars.js) | `4.7.6` | `4.7.9` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.13.1` | `3.14.2` |\n| [jws](https://github.com/brianloveswords/node-jws) | `3.2.2` | `3.2.3` |\n| [rollup](https://github.com/rollup/rollup) | `2.35.1` | `2.80.0` |\n| [sha.js](https://github.com/crypto-browserify/sha.js) | `2.4.11` | `2.4.12` |\n\nBumps the npm_and_yarn group with 1 update in the /examples/api-routes-apollo-server-and-client-auth directory: [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 1 update in the /examples/api-routes-rate-limit directory: [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 1 update in the /examples/auth-with-stytch directory: [next](https://github.com/vercel/next.js).\nBumps the npm_and_yarn group with 1 update in the /examples/blog-with-comment directory: [next](https://github.com/vercel/next.js).\nBumps the npm_and_yarn group with 1 update in the /examples/styled-jsx-with-csp directory: [next](https://github.com/vercel/next.js).\nBumps the npm_and_yarn group with 1 update in the /examples/using-preact directory: [next](https://github.com/vercel/next.js).\nBumps the npm_and_yarn group with 1 update in the /examples/with-aws-amplify-typescript directory: [next](https://github.com/vercel/next.js).\nBumps the npm_and_yarn group with 1 update in the /examples/with-i18n-next-intl directory: [next-intl](https://github.com/amannn/next-intl).\nBumps the npm_and_yarn group with 1 update in the /examples/with-next-translate directory: [next](https://github.com/vercel/next.js).\nBumps the npm_and_yarn group with 1 update in the /examples/with-nhost-auth-realtime-graphql directory: [next](https://github.com/vercel/next.js).\nBumps the npm_and_yarn group with 1 update in the /examples/with-paste-typescript directory: [next](https://github.com/vercel/next.js).\nBumps the npm_and_yarn group with 1 update in the /examples/with-react-intl directory: [next](https://github.com/vercel/next.js).\nBumps the npm_and_yarn group with 1 update in the /examples/with-redis directory: [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 1 update in the /examples/with-tesfy directory: [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 3 updates in the /packages/next directory: [devalue](https://github.com/sveltejs/devalue), [uuid](https://github.com/uuidjs/uuid) and [ws](https://github.com/websockets/ws).\n\nUpdates `express` from 4.17.0 to 4.22.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/expressjs/express/releases\"\u003eexpress's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.22.0\u003c/h2\u003e\n\u003ch2\u003eImportant: Security\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity fix for \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2024-51999\"\u003eCVE-2024-51999\u003c/a\u003e (\u003ca href=\"https://github.com/expressjs/express/security/advisories/GHSA-pj86-cfqh-vqx6\"\u003eGHSA-pj86-cfqh-vqx6\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRefactor: improve readability by \u003ca href=\"https://github.com/sazk07\"\u003e\u003ccode\u003e@​sazk07\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6190\"\u003eexpressjs/express#6190\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add support for Node.js@23.0 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6080\"\u003eexpressjs/express#6080\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMethod functions with no path should error by \u003ca href=\"https://github.com/wesleytodd\"\u003e\u003ccode\u003e@​wesleytodd\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/5957\"\u003eexpressjs/express#5957\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: updated github actions ci workflow by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6323\"\u003eexpressjs/express#6323\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: reorder \u003ccode\u003enpm i\u003c/code\u003e steps to fix ci for older node versions by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6336\"\u003eexpressjs/express#6336\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBackport: ci: add node.js 24 to test matrix by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6506\"\u003eexpressjs/express#6506\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(4.x): wider range for query test skip by \u003ca href=\"https://github.com/jonchurch\"\u003e\u003ccode\u003e@​jonchurch\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6513\"\u003eexpressjs/express#6513\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003euse tilde notation for certain dependencies by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6905\"\u003eexpressjs/express#6905\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeps: qs@6.14.0 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6909\"\u003eexpressjs/express#6909\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeps: use tilde notation for \u003ccode\u003eqs\u003c/code\u003e by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6919\"\u003eexpressjs/express#6919\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelease: 4.22.0 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6921\"\u003eexpressjs/express#6921\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/expressjs/express/compare/4.21.2...4.22.0\"\u003ehttps://github.com/expressjs/express/compare/4.21.2...4.22.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e4.21.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd funding field (v4) by \u003ca href=\"https://github.com/bjohansebas\"\u003e\u003ccode\u003e@​bjohansebas\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6065\"\u003eexpressjs/express#6065\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeps: path-to-regexp@0.1.11 by \u003ca href=\"https://github.com/blakeembrey\"\u003e\u003ccode\u003e@​blakeembrey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/5956\"\u003eexpressjs/express#5956\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeps: bump path-to-regexp@0.1.12 by \u003ca href=\"https://github.com/jonchurch\"\u003e\u003ccode\u003e@​jonchurch\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6209\"\u003eexpressjs/express#6209\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelease: 4.21.2 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6094\"\u003eexpressjs/express#6094\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/expressjs/express/compare/4.21.1...4.21.2\"\u003ehttps://github.com/expressjs/express/compare/4.21.1...4.21.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e4.21.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBackport a fix for CVE-2024-47764 to the 4.x branch by \u003ca href=\"https://github.com/joshbuker\"\u003e\u003ccode\u003e@​joshbuker\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6029\"\u003eexpressjs/express#6029\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelease: 4.21.1 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6031\"\u003eexpressjs/express#6031\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/expressjs/express/compare/4.21.0...4.21.1\"\u003ehttps://github.com/expressjs/express/compare/4.21.0...4.21.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e4.21.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate \u003ccode\u003e\u0026quot;back\u0026quot;\u003c/code\u003e magic string in redirects by \u003ca href=\"https://github.com/blakeembrey\"\u003e\u003ccode\u003e@​blakeembrey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/5935\"\u003eexpressjs/express#5935\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efinalhandler@1.3.1 by \u003ca href=\"https://github.com/wesleytodd\"\u003e\u003ccode\u003e@​wesleytodd\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/5954\"\u003eexpressjs/express#5954\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(deps): serve-static@1.16.2 by \u003ca href=\"https://github.com/wesleytodd\"\u003e\u003ccode\u003e@​wesleytodd\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/5951\"\u003eexpressjs/express#5951\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgraded dependency qs to 6.13.0 to match qs in body-parser by \u003ca href=\"https://github.com/agadzinski93\"\u003e\u003ccode\u003e@​agadzinski93\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/5946\"\u003eexpressjs/express#5946\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agadzinski93\"\u003e\u003ccode\u003e@​agadzinski93\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/5946\"\u003eexpressjs/express#5946\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/expressjs/express/blob/4.22.0/History.md\"\u003eexpress's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e4.22.0 / 2025-12-01\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity fix for \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2024-51999\"\u003eCVE-2024-51999\u003c/a\u003e (\u003ca href=\"https://github.com/expressjs/express/security/advisories/GHSA-pj86-cfqh-vqx6\"\u003eGHSA-pj86-cfqh-vqx6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edeps: use tilde notation for dependencies\u003c/li\u003e\n\u003cli\u003edeps: qs@6.14.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e4.21.2 / 2024-11-06\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003edeps: path-to-regexp@0.1.12\n\u003cul\u003e\n\u003cli\u003eFix backtracking protection\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003edeps: path-to-regexp@0.1.11\n\u003cul\u003e\n\u003cli\u003eThrows an error on invalid path values\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e4.21.1 / 2024-10-08\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eBackported a fix for \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2024-47764\"\u003eCVE-2024-47764\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e4.21.0 / 2024-09-11\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate \u003ccode\u003eres.location(\u0026quot;back\u0026quot;)\u003c/code\u003e and \u003ccode\u003eres.redirect(\u0026quot;back\u0026quot;)\u003c/code\u003e magic string\u003c/li\u003e\n\u003cli\u003edeps: serve-static@1.16.2\n\u003cul\u003e\n\u003cli\u003eincludes send@0.19.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003edeps: finalhandler@1.3.1\u003c/li\u003e\n\u003cli\u003edeps: qs@6.13.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e4.20.0 / 2024-09-10\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003edeps: serve-static@0.16.0\n\u003cul\u003e\n\u003cli\u003eRemove link renderization in html while redirecting\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003edeps: send@0.19.0\n\u003cul\u003e\n\u003cli\u003eRemove link renderization in html while redirecting\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003edeps: body-parser@0.6.0\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003edepth\u003c/code\u003e option to customize the depth level in the parser\u003c/li\u003e\n\u003cli\u003eIMPORTANT: The default \u003ccode\u003edepth\u003c/code\u003e level for parsing URL-encoded data is now \u003ccode\u003e32\u003c/code\u003e (previously was \u003ccode\u003eInfinity\u003c/code\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eRemove link renderization in html while using \u003ccode\u003eres.redirect\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003edeps: path-to-regexp@0.1.10\n\u003cul\u003e\n\u003cli\u003eAdds support for named matching groups in the routes using a regex\u003c/li\u003e\n\u003cli\u003eAdds backtracking protection to parameters without regexes defined\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003edeps: encodeurl@~2.0.0\n\u003cul\u003e\n\u003cli\u003eRemoves encoding of \u003ccode\u003e\\\u003c/code\u003e, \u003ccode\u003e|\u003c/code\u003e, and \u003ccode\u003e^\u003c/code\u003e to align better with URL spec\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eDeprecate passing \u003ccode\u003eoptions.maxAge\u003c/code\u003e and \u003ccode\u003eoptions.expires\u003c/code\u003e to \u003ccode\u003eres.clearCookie\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003eWill be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e4.19.2 / 2024-03-25\u003c/h1\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/49744abd1120484fe64d7bde1cd3197c32523b6e\"\u003e\u003ccode\u003e49744ab\u003c/code\u003e\u003c/a\u003e 4.22.0 (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6921\"\u003e#6921\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/6e97452f600a3b01719fbc5517d833c7646b0bb7\"\u003e\u003ccode\u003e6e97452\u003c/code\u003e\u003c/a\u003e sec: security patch for CVE-2024-51999\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/6a23d34d652b9e69a4486d2a2a0dea54b9685fa5\"\u003e\u003ccode\u003e6a23d34\u003c/code\u003e\u003c/a\u003e deps: use tilde notation for \u003ccode\u003eqs\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6919\"\u003e#6919\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/8c12cdf93b89a4628b59179e3cc0722fc517d6b3\"\u003e\u003ccode\u003e8c12cdf\u003c/code\u003e\u003c/a\u003e deps: qs@6.14.0 (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6909\"\u003e#6909\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/7fea74fcf02764580f38f2a7f1932dfa54cddd90\"\u003e\u003ccode\u003e7fea74f\u003c/code\u003e\u003c/a\u003e deps: use tilde notation for certain dependencies (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6905\"\u003e#6905\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/dac7a0475a99e9dfc57b3b8e6d5bdf52813f1944\"\u003e\u003ccode\u003edac7a04\u003c/code\u003e\u003c/a\u003e chore: wider range for query test skip (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6513\"\u003e#6513\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/997919b48879bbd53171c3b4e5dd1b04ad139241\"\u003e\u003ccode\u003e997919b\u003c/code\u003e\u003c/a\u003e ci: add node.js 24 to test matrix (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6506\"\u003e#6506\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/36fb59c6c7d9dfca0b08dfeafb5b6e4a249234a1\"\u003e\u003ccode\u003e36fb59c\u003c/code\u003e\u003c/a\u003e fix(ci): reorder \u003ccode\u003enpm i\u003c/code\u003e steps to fix ci for older node versions (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6336\"\u003e#6336\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/3a5edfaff06f1a2c7079b08d0635108b371eddfd\"\u003e\u003ccode\u003e3a5edfa\u003c/code\u003e\u003c/a\u003e fix(ci): updated github actions ci workflow (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6323\"\u003e#6323\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/52d978119a7af27667cce5d99ac0739dc269d818\"\u003e\u003ccode\u003e52d9781\u003c/code\u003e\u003c/a\u003e fix(test): add test for method routes without paths \u003ca href=\"https://redirect.github.com/expressjs/express/issues/5955\"\u003e#5955\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/expressjs/express/compare/4.17.0...4.22.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~ulisesgascon\"\u003eulisesgascon\u003c/a\u003e, a new releaser for express since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 3.0.4 to 3.1.4\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a2e084af579731af66c221214e3ca8222c9bf23\"\u003e\u003ccode\u003e1a2e084\u003c/code\u003e\u003c/a\u003e 3.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/ae24656237c3d58067442f790ce17eff84463a47\"\u003e\u003ccode\u003eae24656\u003c/code\u003e\u003c/a\u003e update lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/b1003749228b2a79e1f237963a0d559ef7a0941e\"\u003e\u003ccode\u003eb100374\u003c/code\u003e\u003c/a\u003e limit recursion for **, improve perf considerably\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/26ffeaa091b9f660833e23f42e07165b33e85c13\"\u003e\u003ccode\u003e26ffeaa\u003c/code\u003e\u003c/a\u003e lockfile update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/9eca892a4e5dbb20534f9f30483b85cdeee6c2eb\"\u003e\u003ccode\u003e9eca892\u003c/code\u003e\u003c/a\u003e lock node version to 14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/00c323b188b704e5d4bc534ecec2268cfa70a32a\"\u003e\u003ccode\u003e00c323b\u003c/code\u003e\u003c/a\u003e 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/30486b2048929264f44d18822891cfffa02af78b\"\u003e\u003ccode\u003e30486b2\u003c/code\u003e\u003c/a\u003e update CI matrix and actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/9c31b2d4e0af72a6c2d2d62c5dbc2247da669802\"\u003e\u003ccode\u003e9c31b2d\u003c/code\u003e\u003c/a\u003e update test expectations for coalesced consecutive stars\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/46fe687857cf02f6cf45469cc593b97e11b10c96\"\u003e\u003ccode\u003e46fe687\u003c/code\u003e\u003c/a\u003e coalesce consecutive non-globstar * characters\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/5a9ccbda64befc5d94b965534dbea2853c92aebd\"\u003e\u003ccode\u003e5a9ccbd\u003c/code\u003e\u003c/a\u003e [meta] update publishConfig.tag to legacy-v3\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v3.0.4...v3.1.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `tar` from 4.4.10 to 7.5.11\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/isaacs/node-tar/releases\"\u003etar's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.1.13\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/npm/node-tar/compare/v6.1.12...v6.1.13\"\u003e6.1.13\u003c/a\u003e (2022-12-07)\u003c/h2\u003e\n\u003ch3\u003eDependencies\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-tar/commit/cc4e0ddfe523a0bce383846a67442c637a65d486\"\u003e\u003ccode\u003ecc4e0dd\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-tar/pull/343\"\u003e#343\u003c/a\u003e bump minipass from 3.3.6 to 4.0.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.1.12\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/npm/node-tar/compare/v6.1.11...v6.1.12\"\u003e6.1.12\u003c/a\u003e (2022-10-31)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-tar/commit/57493ee66ece50d62114e02914282fc37be3a91a\"\u003e\u003ccode\u003e57493ee\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-tar/pull/332\"\u003e#332\u003c/a\u003e ensuring close event is emited after stream has ended (\u003ca href=\"https://github.com/webark\"\u003e\u003ccode\u003e@​webark\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-tar/commit/b003c64f624332e24e19b30dc011069bb6708680\"\u003e\u003ccode\u003eb003c64\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-tar/pull/314\"\u003e#314\u003c/a\u003e replace deprecated String.prototype.substr() (\u003ca href=\"https://redirect.github.com/isaacs/node-tar/issues/314\"\u003e#314\u003c/a\u003e) (\u003ca href=\"https://github.com/CommanderRoot\"\u003e\u003ccode\u003e@​CommanderRoot\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/lukekarrys\"\u003e\u003ccode\u003e@​lukekarrys\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-tar/commit/f12992932f171ea248b27fad95e7d489a56d31ed\"\u003e\u003ccode\u003ef129929\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-tar/pull/313\"\u003e#313\u003c/a\u003e remove dead link to benchmarks (\u003ca href=\"https://redirect.github.com/isaacs/node-tar/issues/313\"\u003e#313\u003c/a\u003e) (\u003ca href=\"https://github.com/yetzt\"\u003e\u003ccode\u003e@​yetzt\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-tar/commit/c1faa9f44001dfb0bc7638b2850eb6058bd56a4a\"\u003e\u003ccode\u003ec1faa9f\u003c/code\u003e\u003c/a\u003e add examples/explanation of using tar.t (\u003ca href=\"https://github.com/isaacs\"\u003e\u003ccode\u003e@​isaacs\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md\"\u003etar's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003e7.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003ezstd\u003c/code\u003e compression support.\u003c/li\u003e\n\u003cli\u003eConsistent TOCTOU behavior in sync t.list\u003c/li\u003e\n\u003cli\u003eOnly read from ustar block if not specified in Pax\u003c/li\u003e\n\u003cli\u003eFix sync tar.list when file size reduces while reading\u003c/li\u003e\n\u003cli\u003eSanitize absolute linkpaths properly\u003c/li\u003e\n\u003cli\u003ePrevent writing hardlink entries to the archive ahead of their\nfile target\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate \u003ccode\u003eonentry\u003c/code\u003e in favor of \u003ccode\u003eonReadEntry\u003c/code\u003e for clarity.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eonWriteEntry\u003c/code\u003e option\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDRY the command definitions into a single \u003ccode\u003emakeCommand\u003c/code\u003e method,\nand update the type signatures to more appropriately infer the\nreturn type from the options and arguments provided.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate minipass to v7.1.0\u003c/li\u003e\n\u003cli\u003eUpdate the type definitions of \u003ccode\u003ewrite()\u003c/code\u003e and \u003ccode\u003eend()\u003c/code\u003e methods on\n\u003ccode\u003eUnpack\u003c/code\u003e and \u003ccode\u003eParser\u003c/code\u003e classes to be compatible with the\nNodeJS.WritableStream type in the latest versions of\n\u003ccode\u003e@types/node\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for node \u0026lt;18\u003c/li\u003e\n\u003cli\u003eRewrite in TypeScript, provide ESM and CommonJS hybrid\ninterface\u003c/li\u003e\n\u003cli\u003eAdd tree-shake friendly exports, like \u003ccode\u003eimport('tar/create')\u003c/code\u003e\nand \u003ccode\u003eimport('tar/read-entry')\u003c/code\u003e to get individual functions or\nclasses.\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003echmod\u003c/code\u003e option that defaults to false, and deprecate\n\u003ccode\u003enoChmod\u003c/code\u003e. That is, reverse the default option regarding\nexplicitly setting file system modes to match tar entry\nsettings.\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eprocessUmask\u003c/code\u003e option to avoid having to call\n\u003ccode\u003eprocess.umask()\u003c/code\u003e when \u003ccode\u003echmod: true\u003c/code\u003e (or \u003ccode\u003enoChmod: false\u003c/code\u003e) is\nset.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/bf776f673164215074b62749e0fe80e5834588f4\"\u003e\u003ccode\u003ebf776f6\u003c/code\u003e\u003c/a\u003e 7.5.11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/f48b5fa3b7985ddab96dc0f2125a4ffc9911b6ad\"\u003e\u003ccode\u003ef48b5fa\u003c/code\u003e\u003c/a\u003e prevent escaping symlinks with drive-relative paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/97cff15d3539a37a4095eb3d287147d9d77c2dc3\"\u003e\u003ccode\u003e97cff15\u003c/code\u003e\u003c/a\u003e docs: more security info\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/2b72abc1d47c3570e1ad95c9ab557fc4c2e6e4b1\"\u003e\u003ccode\u003e2b72abc\u003c/code\u003e\u003c/a\u003e 7.5.10\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/7bc755dd85e623c0279e08eb3784909e6d7e4b9f\"\u003e\u003ccode\u003e7bc755d\u003c/code\u003e\u003c/a\u003e parse root off paths before sanitizing .. parts\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/c8cb84629dee649feedde03f2f4ea48f2e44e778\"\u003e\u003ccode\u003ec8cb846\u003c/code\u003e\u003c/a\u003e update deps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/1f0c2c9006b10199cf2686f8ef43e79a1773e1aa\"\u003e\u003ccode\u003e1f0c2c9\u003c/code\u003e\u003c/a\u003e 7.5.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/fbb08518bf290733b68ca4d4135f75becf73fd75\"\u003e\u003ccode\u003efbb0851\u003c/code\u003e\u003c/a\u003e build minified version as default export\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/6b8eba0ef367ac937e703238daa6df94ae6f823f\"\u003e\u003ccode\u003e6b8eba0\u003c/code\u003e\u003c/a\u003e 7.5.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/2cb1120bcefe28d7ecc719b41441ade59c52e384\"\u003e\u003ccode\u003e2cb1120\u003c/code\u003e\u003c/a\u003e fix(unpack): improve UnpackSync symlink error \u0026quot;into\u0026quot; path accuracy\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/node-tar/compare/v4.4.10...v7.5.11\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~isaacs\"\u003eisaacs\u003c/a\u003e, a new releaser for tar since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `devalue` from 2.0.1 to 5.8.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sveltejs/devalue/releases\"\u003edevalue's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.8.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e206ca67: fix: force sparse arrays to allocate sparsely\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.8.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ec5115b0: feat: add \u003ccode\u003estringifyAsync\u003c/code\u003e for async serialization\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.7.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e8becc7c: fix: handle regexes consistently in uneval's value and reference formats\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.7.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edf2e284: feat: use native alternatives to encode/decode base64\u003c/li\u003e\n\u003cli\u003e498656e: feat: add \u003ccode\u003eDataView\u003c/code\u003e support\u003c/li\u003e\n\u003cli\u003ea210130: feat: whitelist \u003ccode\u003eFloat16Array\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003edf2e284: feat: simplify TypedArray slices\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e5590634: fix: get \u003ccode\u003euneval\u003c/code\u003e type handling up to parity with \u003ccode\u003estringify\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e57f73fc: fix: correctly support boxed bigints and sentinel values\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.6.4\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e87c1f3c: fix: reject \u003ccode\u003e__proto__\u003c/code\u003e keys in malformed \u003ccode\u003eObject\u003c/code\u003e wrapper payloads\u003c/p\u003e\n\u003cp\u003eThis validates the \u003ccode\u003e\u0026quot;Object\u0026quot;\u003c/code\u003e parse path and throws when the wrapped value has an own \u003ccode\u003e__proto__\u003c/code\u003e key.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e40f1db1: fix: ensure sparse array indices are integers\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e87c1f3c: fix: disallow \u003ccode\u003e__proto__\u003c/code\u003e keys in null-prototype object parsing\u003c/p\u003e\n\u003cp\u003eThis disallows \u003ccode\u003e__proto__\u003c/code\u003e keys in the \u003ccode\u003e\u0026quot;null\u0026quot;\u003c/code\u003e parse path so null-prototype object hydration cannot carry that key through parse/unflatten.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.6.3\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e0f04d4d: fix: Properly handle \u003ccode\u003e__proto__\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e819f1ac: fix: better encoding for sparse arrays\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.6.2\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sveltejs/devalue/blob/main/CHANGELOG.md\"\u003edevalue's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.8.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e206ca67: fix: force sparse arrays to allocate sparsely\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.8.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ec5115b0: feat: add \u003ccode\u003estringifyAsync\u003c/code\u003e for async serialization\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.7.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e8becc7c: fix: handle regexes consistently in uneval's value and reference formats\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.7.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edf2e284: feat: use native alternatives to encode/decode base64\u003c/li\u003e\n\u003cli\u003e498656e: feat: add \u003ccode\u003eDataView\u003c/code\u003e support\u003c/li\u003e\n\u003cli\u003ea210130: feat: whitelist \u003ccode\u003eFloat16Array\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003edf2e284: feat: simplify TypedArray slices\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e5590634: fix: get \u003ccode\u003euneval\u003c/code\u003e type handling up to parity with \u003ccode\u003estringify\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e57f73fc: fix: correctly support boxed bigints and sentinel values\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.6.4\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e87c1f3c: fix: reject \u003ccode\u003e__proto__\u003c/code\u003e keys in malformed \u003ccode\u003eObject\u003c/code\u003e wrapper payloads\u003c/p\u003e\n\u003cp\u003eThis validates the \u003ccode\u003e\u0026quot;Object\u0026quot;\u003c/code\u003e parse path and throws when the wrapped value has an own \u003ccode\u003e__proto__\u003c/code\u003e key.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e40f1db1: fix: ensure sparse array indices are integers\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e87c1f3c: fix: disallow \u003ccode\u003e__proto__\u003c/code\u003e keys in null-prototype object parsing\u003c/p\u003e\n\u003cp\u003eThis disallows \u003ccode\u003e__proto__\u003c/code\u003e keys in the \u003ccode\u003e\u0026quot;null\u0026quot;\u003c/code\u003e parse path so null-prototype object hydration cannot carry that key through parse/unflatten.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.6.3\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e0f04d4d: fix: Properly handle \u003ccode\u003e__proto__\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e819f1ac: fix: better encoding for sparse arrays\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.6.2\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/devalue/commit/796ea83a76eb7e0f2af376f9c2c875f1d057f50f\"\u003e\u003ccode\u003e796ea83\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://redirect.github.com/sveltejs/devalue/issues/152\"\u003e#152\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/devalue/commit/206ca6712fbc380a4571c59de9ab04b91110792d\"\u003e\u003ccode\u003e206ca67\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/devalue/commit/14933f78ff6b712829162628682b0a1993e75d19\"\u003e\u003ccode\u003e14933f7\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://redirect.github.com/sveltejs/devalue/issues/151\"\u003e#151\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/devalue/commit/c5115b0074ec298fb4077f6cee5616cefbd13902\"\u003e\u003ccode\u003ec5115b0\u003c/code\u003e\u003c/a\u003e feat: \u003ccode\u003estringifyAsync\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/sveltejs/devalue/issues/150\"\u003e#150\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/devalue/commit/67dad450b5db18ea9aa3059d334d8b0ee6704d9e\"\u003e\u003ccode\u003e67dad45\u003c/code\u003e\u003c/a\u003e docs: update README to reflect serialization stability non-goal (\u003ca href=\"https://redirect.github.com/sveltejs/devalue/issues/147\"\u003e#147\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/devalue/commit/6eb920a7db6fe388f24f640d0e4e874a57f148fb\"\u003e\u003ccode\u003e6eb920a\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://redirect.github.com/sveltejs/devalue/issues/146\"\u003e#146\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/devalue/commit/8becc7c436f0d4f85e2e5b32cb49dcfdf4fdec42\"\u003e\u003ccode\u003e8becc7c\u003c/code\u003e\u003c/a\u003e fix: handle regexes consistently in uneval's value and reference formats (\u003ca href=\"https://redirect.github.com/sveltejs/devalue/issues/145\"\u003e#145\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/devalue/commit/2eee2e435ea0ea3d495dc7a266486df95a4eb6ed\"\u003e\u003ccode\u003e2eee2e4\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://redirect.github.com/sveltejs/devalue/issues/144\"\u003e#144\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/devalue/commit/498656e75d36dfc63a386240722bdeac63337b25\"\u003e\u003ccode\u003e498656e\u003c/code\u003e\u003c/a\u003e DataView support (\u003ca href=\"https://redirect.github.com/sveltejs/devalue/issues/143\"\u003e#143\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/devalue/commit/5590634db53ed555d3ce2e2024924b30352a6afc\"\u003e\u003ccode\u003e5590634\u003c/code\u003e\u003c/a\u003e Improve platform types support (\u003ca href=\"https://redirect.github.com/sveltejs/devalue/issues/142\"\u003e#142\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sveltejs/devalue/compare/v2.0.1...v5.8.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for devalue since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `uuid` from 8.3.2 to 14.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/uuidjs/uuid/releases\"\u003euuid's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev14.0.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v14.0.0\"\u003e14.0.0\u003c/a\u003e (2026-04-19)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eexpect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/dc4ddb87272ed2843faccd130bcc41d492688bd3\"\u003edc4ddb8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eexpect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/f2c235f93059325fa43e1106e624b5291bb523c4\"\u003ef2c235f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse GITHUB_TOKEN for release-please and enable npm provenance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/925\"\u003e#925\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/ffa31383e8e4e1f0b4e22e504561272041b8738c\"\u003effa3138\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.2\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.1...v13.0.2\"\u003e13.0.2\u003c/a\u003e (2026-05-04)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ererelease to fix provenance. (\u003ca href=\"https://github.com/uuidjs/uuid/commit/49ccb35f78c0c4ce1409dd2f1d89f83caadba10b\"\u003e49ccb35\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v13.0.1\"\u003e13.0.1\u003c/a\u003e (2026-04-27)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebackport fix for GHSA-w5hq-g745-h8pq (\u003ca href=\"https://github.com/uuidjs/uuid/commit/9d27ddf7046ce496ef39569ff84d948eeff9cb2a\"\u003e9d27ddf\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v12.0.0...v13.0.0\"\u003e13.0.0\u003c/a\u003e (2025-09-08)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/bce9d72a3ae5b9a3dcd8eb21ef6d1820288a427a\"\u003ebce9d72\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev12.0.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v12.0.0...v12.0.1\"\u003e12.0.1\u003c/a\u003e (2026-04-29)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md\"\u003euuid's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v14.0.0\"\u003e14.0.0\u003c/a\u003e (2026-04-19)\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixes \u003ca href=\"https://github.com/uuidjs/uuid/security/advisories/GHSA-w5hq-g745-h8pq\"\u003eGHSA-w5hq-g745-h8pq\u003c/a\u003e: \u003ccode\u003ev3()\u003c/code\u003e, \u003ccode\u003ev5()\u003c/code\u003e, and \u003ccode\u003ev6()\u003c/code\u003e did not validate that writes would remain within the bounds of a caller-supplied buffer, allowing out-of-bounds writes when an invalid \u003ccode\u003eoffset\u003c/code\u003e was provided. A \u003ccode\u003eRangeError\u003c/code\u003e is now thrown if \u003ccode\u003eoffset \u0026lt; 0\u003c/code\u003e or \u003ccode\u003eoffset + 16 \u0026gt; buf.length\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ecrypto\u003c/code\u003e is now expected to be globally defined (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade minimum supported TypeScript version to 5.4.3, in keeping with the project's policy of supporting TypeScript versions released within the last two years\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v12.0.0...v13.0.0\"\u003e13.0.0\u003c/a\u003e (2025-09-08)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/bce9d72a3ae5b9a3dcd8eb21ef6d1820288a427a\"\u003ebce9d72\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v11.1.0...v12.0.0\"\u003e12.0.0\u003c/a\u003e (2025-09-05)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eupdate to typescript@5.2 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/887\"\u003e#887\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove CommonJS support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/886\"\u003e#886\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@16 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/883\"\u003e#883\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd node@24 to ci matrix (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/879\"\u003e#879\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/42b6178aa21a593257f0a72abacd220f0b7b8a92\"\u003e42b6178\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@16 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/883\"\u003e#883\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/0f38cf10366ab074f9328ae2021eea04d5f2e530\"\u003e0f38cf1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove CommonJS support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/886\"\u003e#886\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/ae786e27265f50bcf7cead196c29f1869297c42f\"\u003eae786e2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate to typescript@5.2 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/887\"\u003e#887\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/c7ee40598ed78584d81ab78dffded9fe5ff20b01\"\u003ec7ee405\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eimprove v4() performance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/894\"\u003e#894\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/5fd974c12718c8848035650b69b8948f12ace197\"\u003e5fd974c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erestore node: prefix (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/889\"\u003e#889\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/e1f42a354593093ba0479f0b4047dae82d28c507\"\u003ee1f42a3\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v11.0.5...v11.1.0\"\u003e11.1.0\u003c/a\u003e (2025-02-19)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/7c1ea087a8149b57380fc8bb7f68c3a215cb6e4b\"\u003e\u003ccode\u003e7c1ea08\u003c/code\u003e\u003c/a\u003e chore(main): release 14.0.0 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/926\"\u003e#926\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/3d2c5b0342f0fcb52a5ac681c3d47c13e7444b34\"\u003e\u003ccode\u003e3d2c5b0\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/f2c235f93059325fa43e1106e624b5291bb523c4\"\u003e\u003ccode\u003ef2c235f\u003c/code\u003e\u003c/a\u003e fix!: expect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/529ef0899f5dd503d2ee90d690585d63d78bc212\"\u003e\u003ccode\u003e529ef08\u003c/code\u003e\u003c/a\u003e chore: upgrade TypeScript and fixup types (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/927\"\u003e#927\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/086fd7976f11433edf9ac80be876b3ad243fe087\"\u003e\u003ccode\u003e086fd79\u003c/code\u003e\u003c/a\u003e chore: update dependencies (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/933\"\u003e#933\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/dc4ddb87272ed2843faccd130bcc41d492688bd3\"\u003e\u003ccode\u003edc4ddb8\u003c/code\u003e\u003c/a\u003e feat!: drop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/0f1f9c9c9cedbae5a1d363d5406c5dfbabe81404\"\u003e\u003ccode\u003e0f1f9c9\u003c/code\u003e\u003c/a\u003e chore: switch to Biome for parsing and linting (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/932\"\u003e#932\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/e2879e64bf125add903c1eff6e0860542c605013\"\u003e\u003ccode\u003ee2879e6\u003c/code\u003e\u003c/a\u003e chore: use maintained version of npm-run-all (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/930\"\u003e#930\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/ffa31383e8e4e1f0b4e22e504561272041b8738c\"\u003e\u003ccode\u003effa3138\u003c/code\u003e\u003c/a\u003e fix: Use GITHUB_TOKEN for release-please and enable npm provenance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/925\"\u003e#925\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/0423d49df2dc8efc300c804731d25f4d7e0fccc4\"\u003e\u003ccode\u003e0423d49\u003c/code\u003e\u003c/a\u003e docs: remove obsolete v1 option notes (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/915\"\u003e#915\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/uuidjs/uuid/compare/v8.3.2...v14.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for uuid since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ws` from 8.2.3 to 8.20.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/websockets/ws/releases\"\u003ews's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.20.1\u003c/h2\u003e\n\u003ch1\u003eBug fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an uninitialized memory disclosure issue in \u003ccode\u003ewebsocket.close()\u003c/code\u003e\n(c0327ec1).\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eProviding a \u003ccode\u003eTypedArray\u003c/code\u003e (e.g. \u003ccode\u003eFloat32Array\u003c/code\u003e) as the \u003ccode\u003ereason\u003c/code\u003e argument for\n\u003ccode\u003ewebsocket.close()\u003c/code\u003e, rather than the supported string or \u003ccode\u003eBuffer\u003c/code\u003e types, caused\nuninitialized memory to be disclosed to the remote peer.\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003eimport { deepStrictEqual } from 'node:assert';\r\nimport { WebSocket, WebSocketServer } from 'ws';\r\n\u003cp\u003econst wss = new WebSocketServer(\n{ port: 0, skipUTF8Validation: true },\nfunction () {\nconst { port } = wss.address();\nconst ws = new WebSocket(\u003ccode\u003ews://localhost:${port}\u003c/code\u003e, {\nskipUTF8Validation: true\n});\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003ews.on('close', function (code, reason) {\r\n  deepStrictEqual(reason, Buffer.alloc(80));\r\n});\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003e}\n);\u003c/p\u003e\n\u003cp\u003ewss.on('connection', function (ws) {\nws.close(1000, new Float32Array(20));\n});\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cp\u003eThe issue was privately reported by \u003ca href=\"https://github.com/ChALkeR\"\u003eNikita Skovoroda\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003e8.20.0\u003c/h2\u003e\n\u003ch1\u003eFeatures\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdded exports for the \u003ccode\u003ePerMessageDeflate\u003c/code\u003e class and utilities for the\n\u003ccode\u003eSec-WebSocket-Extensions\u003c/code\u003e and \u003ccode\u003eSec-WebSocket-Protocol\u003c/code\u003e headers (d3503c1f).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.19.0\u003c/h2\u003e\n\u003ch1\u003eFeatures\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdded the \u003ccode\u003ecloseTimeout\u003c/code\u003e option (\u003ca href=\"https://redirect.github.com/websockets/ws/issues/2308\"\u003e#2308\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBug fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eHandled a forthcoming breaking change in Node.js core (19984854).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/5d9b316230ea931532a6671cc450f18c11edd02f\"\u003e\u003ccode\u003e5d9b316\u003c/code\u003e\u003c/a\u003e [dist] 8.20.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/c0327ec15a54d701eb6ccefaa8bef328cfc03086\"\u003e\u003ccode\u003ec0327ec\u003c/code\u003e\u003c/a\u003e [security] Fix uninitialized memory disclosure in \u003ccode\u003ewebsocket.close()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/ce2a3d62437995a47e6056d485a33d21b6a8f867\"\u003e\u003ccode\u003ece2a3d6\u003c/code\u003e\u003c/a\u003e [ci] Test on node 26\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/58e45b872bb0f35a3edd553c27e105300a4f5bd0\"\u003e\u003ccode\u003e58e45b8\u003c/code\u003e\u003c/a\u003e [ci] Do not test on node 25\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/5f26c245231a4b018479a9269e8c3da4773fe42f\"\u003e\u003ccode\u003e5f26c24\u003c/code\u003e\u003c/a\u003e [ci] Run the lint step on node 24\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/843925544e2f4cffe445e0179947f56d6c5b608f\"\u003e\u003ccode\u003e8439255\u003c/code\u003e\u003c/a\u003e [dist] 8.20.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/d3503c1fd36a310985108f62b343bae18346ab67\"\u003e\u003ccode\u003ed3503c1\u003c/code\u003e\u003c/a\u003e [minor] Export the \u003ccode\u003ePerMessageDeflate\u003c/code\u003e class and header utils\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/3ee5349a0b1580f6e1f347b59ec3371011bd8481\"\u003e\u003ccode\u003e3ee5349\u003c/code\u003e\u003c/a\u003e [api] Convert the \u003ccode\u003eisServer\u003c/code\u003e and \u003ccode\u003emaxPayload\u003c/code\u003e parameters to options\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/91707b470ebd803aaa3fd1e896217740f39267d4\"\u003e\u003ccode\u003e91707b4\u003c/code\u003e\u003c/a\u003e [doc] Add missing space\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/8b553192268810a83253e2a4a39ac16768e75bb3\"\u003e\u003ccode\u003e8b55319\u003c/code\u003e\u003c/a\u003e [pkg] Update eslint to version 10.0.1\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/websockets/ws/compare/8.2.3...8.20.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@babel/plugin-transform-modules-systemjs` from 7.12.1 to 7.29.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/babel/babel/releases\"\u003e@​babel/plugin-transform-modules-systemjs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.29.4 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-plugin-transform-modules-systemjs\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17974\"\u003e#17974\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 1\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.3 (2026-04-30)\u003c/h2\u003e\n\u003ch4\u003e:eyeglasses: Spec Compliance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17923\"\u003e#17923\u003c/a\u003e Support flow extends bound (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helper-create-class-features-plugin\u003c/code\u003e, \u003ccode\u003ebabel-plugin-proposal-decorators\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17931\"\u003e#17931\u003c/a\u003e fix(decorators): replace super within all removed static elements (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-register\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17915\"\u003e#17915\u003c/a\u003e Fix thread synchronization issues in \u003ccode\u003e@babel/register\u003c/code\u003e (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-compat-data\u003c/code\u003e, \u003ccode\u003ebabel-plugin-bugfix-safari-rest-destructuring-rhs-array\u003c/code\u003e, \u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17788\"\u003e#17788\u003c/a\u003e Add bugfix plugin for Safari array rest destructuring bug (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:nail_care: Polish\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17782\"\u003e#17782\u003c/a\u003e Improve trailing comma comment handling (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:memo: Documentation\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17847\"\u003e#17847\u003c/a\u003e Replace npmjs.com links with npmx.dev (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:running_woman: Performance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helper-import-to-platform-api\u003c/code\u003e, \u003ccode\u003ebabel-plugin-proposal-import-wasm-source\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-json-modules\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17818\"\u003e#17818\u003c/a\u003e Load async Wasm and JSON imports in parallel (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 4\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eBabel Bot (\u003ca href=\"https://github.com/babel-bot\"\u003e\u003ccode\u003e@​babel-bot\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNicolò Ribaudo (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.2 (2026-03-16)\u003c/h2\u003e\n\u003ch4\u003e:eyeglasses: Spec Compliance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17840\"\u003e#17840\u003c/a\u003e [7.x backport] async x =\u0026gt; {} must be in leading pos (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helpers\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-async-generator-functions\u003c/code\u003e, \u003ccode\u003ebabel-preset-env\u003c/code\u003e, \u003ccode\u003ebabel-runtime-corejs3\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17805\"\u003e#17805\u003c/a\u003e [7.x backport] fix: Properly handle await in finally (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-preset-env\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/a458f66074b97d54773db8159af673d23b26079b\"\u003e\u003ccode\u003ea458f66\u003c/code\u003e\u003c/a\u003e v7.29.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/32ebd5aaf2526ddd176fd6a3d1e3dc594abdc8d9\"\u003e\u003ccode\u003e32ebd5a\u003c/code\u003e\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17974\"\u003e#17974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/aa8394e454337d118ac3d40bfa3ee1a3cb3f3ed2\"\u003e\u003ccode\u003eaa8394e\u003c/code\u003e\u003c/a\u003e v7.29.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/0053db620c05acf0036f593b5aaf4e372daa79d0\"\u003e\u003ccode\u003e0053db6\u003c/code\u003e\u003c/a\u003e Update polyfill packages (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17727\"\u003e#17727\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/61647ae2397c82c3c71f077b5ab109106a5cac0f\"\u003e\u003ccode\u003e61647ae\u003c/code\u003e\u003c/a\u003e v7.28.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/a177d551adba99773f4ff00ea9bf46550def6132\"\u003e\u003ccode\u003ea177d55\u003c/code\u003e\u003c/a\u003e [Babel 8] Use \u003ccode\u003et.traverseFast\u003c/code\u003e to replace some \u003ccode\u003epath.traverse\u003c/code\u003e (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17518\"\u003e#17518\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/eebd3a06021c13d335b5b0bd79734df3abbea678\"\u003e\u003ccode\u003eeebd3a0\u003c/code\u003e\u003c/a\u003e v7.27.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/317e332e650bc04907bc787ab79f930288a3e71e\"\u003e\u003ccode\u003e317e332\u003c/code\u003e\u003c/a\u003e Enforce node protocol import (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17207\"\u003e#17207\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/fdc0fb59e119ee0b38bced63867a344a5b4bc2f3\"\u003e\u003ccode\u003efdc0fb5\u003c/code\u003e\u003c/a\u003e [Babel 8] Bump nodejs requirements to \u003ccode\u003e^20.19.0 || \u0026gt;= 22.12.0\u003c/code\u003e (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17204\"\u003e#17204\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/cd24cc07ef6558b7f6510f9177f6393c91b0549f\"\u003e\u003ccode\u003ecd24cc0\u003c/code\u003e\u003c/a\u003e chore: Update TS 5.7 (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17053\"\u003e#17053\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/babel/babel/commits/v7.29.4/packages/babel-plugin-transform-modules-systemjs\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for \u003ccode\u003e@​babel/plugin-transform-modules-systemjs\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `bn.js` from 4.11.9 to 4.12.3\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/39fe4389c773327ed15f29f77f8b7dbbff4beb4c\"\u003e\u003ccode\u003e39fe438\u003c/code\u003e\u003c/a\u003e 4.12.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/67ecb35dabaf252001b649c12d69c4b57deac6f6\"\u003e\u003ccode\u003e67ecb35\u003c/code\u003e\u003c/a\u003e backport(4.x): fix imaskn state (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/317\"\u003e#317\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/c4098bac2470418f8e0f6bf11fe0cb676a2b9047\"\u003e\u003ccode\u003ec4098ba\u003c/code\u003e\u003c/a\u003e 4.12.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/6277fd705e51edae1c404c65f03ba2e512706945\"\u003e\u003ccode\u003e6277fd7\u003c/code\u003e\u003c/a\u003e backport(4.x): Fix imuln/muln with zero (backport of \u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/313\"\u003e#313\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/314\"\u003e#314\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/ac0d4afaae91701815b9edc19789e44e7690d688\"\u003e\u003ccode\u003eac0d4af\u003c/code\u003e\u003c/a\u003e 4.12.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/a5f14b43ec61bc7cafc6de2e7444913b9f581b00\"\u003e\u003ccode\u003ea5f14b4\u003c/code\u003e\u003c/a\u003e Fix serious issue in \u003ccode\u003e.toString(16)\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/309\"\u003e#309\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/0cd2661b9d08512263c940662586042ef8aaccc6\"\u003e\u003ccode\u003e0cd2661\u003c/code\u003e\u003c/a\u003e Remove package-lock.json added by npm\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/84ae31344a557abb78ddabe3bac923b7503e4fb5\"\u003e\u003ccode\u003e84ae313\u003c/code\u003e\u003c/a\u003e 4.12.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/967ed0a50a9400bbbd83b450550cf37f7fa178b9\"\u003e\u003ccode\u003e967ed0a\u003c/code\u003e\u003c/a\u003e fix: Buffer not using global in browser (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/260\"\u003e#260\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/61962320d7907a1a4d03a665782cb2733160c907\"\u003e\u003ccode\u003e6196232\u003c/code\u003e\u003c/a\u003e Fix LE constructor for HEX (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/265\"\u003e#265\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/indutny/bn.js/compare/v4.11.9...v4.12.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cipher-base` from 1.0.4 to 1.0.7\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/browserify/cipher-base/blob/master/CHANGELOG.md\"\u003ecipher-base's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/browserify/cipher-base/compare/v1.0.6...v1.0.7\"\u003ev1.0.7\u003c/a\u003e - 2025-09-24\u003c/h2\u003e\n\u003ch3\u003eCommits\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Refactor] use \u003ccode\u003eto-buffer\u003c/code\u003e \u003ca href=\"https://github.com/browserify/cipher-base/commit/fd1e5eeafccbc8eaa827ee6b9b60c14608aa784f\"\u003e\u003ccode\u003efd1e5ee\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e \u003ca href=\"https://github.com/browserify/cipher-base/commit/08ba8034223a53d300b7dccf33d8f14e52379a34\"\u003e\u003ccode\u003e08ba803\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/browserify/cipher-base/compare/v1.0.5...v1.0.6\"\u003ev1.0.6\u003c/a\u003e - 2024-11-26\u003c/h2\u003e\n\u003ch3\u003eCommits\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] io.js 3.0 - Node.js 5.3 typed array support \u003ca href=\"https://github.com/browserify/cipher-base/commit/b7ddd2ac24e65cc47befc1e0eb5026422f8ab037\"\u003e\u003ccode\u003eb7ddd2a\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/browserify/cipher-base/compare/v1.0.4...v1.0.5\"\u003ev1.0.5\u003c/a\u003e - 2024-11-17\u003c/h2\u003e\n\u003ch3\u003eCommits\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Tests] standard -\u0026gt; eslint, make test dir, etc \u003ca href=\"https://github.com/browserify/cipher-base/commit/ae02fd6624c41ac4ac18077be797111d1955bc76\"\u003e\u003ccode\u003eae02fd6\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] migrate from travis to GHA \u003ca href=\"https://github.com/browserify/cipher-base/commit/66387d71461287ad9067bb1bcbfdc47403a33ee7\"\u003e\u003ccode\u003e66387d7\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] fix package.json indentation \u003ca href=\"https://github.com/browserify/cipher-base/commit/5c02918ac58c875ed36913c2dc3e1043f4d1c99c\"\u003e\u003ccode\u003e5c02918\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] return valid values on multi-byte-wide TypedArray input \u003ca href=\"https://github.com/browserify/cipher-base/commit/8fd136432ca298a664f5637629cf2b42a6c7f294\"\u003e\u003ccode\u003e8fd1364\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] add \u003ccode\u003eauto-changelog\u003c/code\u003e \u003ca href=\"https://github.com/browserify/cipher-base/commit/88dc806806d3dc41444dbf639c87c00f82c949b3\"\u003e\u003ccode\u003e88dc806\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] add \u003ccode\u003enpmignore\u003c/code\u003e and \u003ccode\u003esafe-publish-latest\u003c/code\u003e \u003ca href=\"https://github.com/browserify/cipher-base/commit/7a137d749ce7ea7ea56b9c096844b1b8ab723f61\"\u003e\u003ccode\u003e7a137d7\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eOnly apps should have lockfiles \u003ca href=\"https://github.com/browserify/cipher-base/commit/42528f291db16bf2e7d5f831ebe2ad87fd0b1f42\"\u003e\u003ccode\u003e42528f2\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003einherits\u003c/code\u003e, \u003ccode\u003esafe-buffer\u003c/code\u003e \u003ca href=\"https://github.com/browserify/cipher-base/commit/0e7a2d9a33a391e82fa9cf512d6e25cc91ab8613\"\u003e\u003ccode\u003e0e7a2d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] add missing \u003ccode\u003eengines.node\u003c/code\u003e \u003ca href=\"https://github.com/browserify/cipher-base/commit/f2dc13e47bbcf3c873db9a9e0f83e5f29d0783fe\"\u003e\u003ccode\u003ef2dc13e\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/00567180c846dd3db3848c9223991c58a0d5490c\"\u003e\u003ccode\u003e0056718\u003c/code\u003e\u003c/a\u003e v1.0.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/fd1e5eeafccbc8eaa827ee6b9b60c14608aa784f\"\u003e\u003ccode\u003efd1e5ee\u003c/code\u003e\u003c/a\u003e [Refactor] use \u003ccode\u003eto-buffer\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/08ba8034223a53d300b7dccf33d8f14e52379a34\"\u003e\u003ccode\u003e08ba803\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/f5249f94611506ef35a8be4d48a3fc5ecf1fac63\"\u003e\u003ccode\u003ef5249f9\u003c/code\u003e\u003c/a\u003e v1.0.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/b7ddd2ac24e65cc47befc1e0eb5026422f8ab037\"\u003e\u003ccode\u003eb7ddd2a\u003c/code\u003e\u003c/a\u003e [Fix] io.js 3.0 - Node.js 5.3 typed array support\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/f03cebfdad1cba1d56614c58affa303b0fa2a43e\"\u003e\u003ccode\u003ef03cebf\u003c/code\u003e\u003c/a\u003e v1.0.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/88dc806806d3dc41444dbf639c87c00f82c949b3\"\u003e\u003ccode\u003e88dc806\u003c/code\u003e\u003c/a\u003e [meta] add \u003ccode\u003eauto-changelog\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/7a137d749ce7ea7ea56b9c096844b1b8ab723f61\"\u003e\u003ccode\u003e7a137d7\u003c/code\u003e\u003c/a\u003e [meta] add \u003ccode\u003enpmignore\u003c/code\u003e and \u003ccode\u003esafe-publish-latest\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/5c02918ac58c875ed36913c2dc3e1043f4d1c99c\"\u003e\u003ccode\u003e5c02918\u003c/code\u003e\u003c/a\u003e [meta] fix package.json indentation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/8fd136432ca298a664f5637629cf2b42a6c7f294\"\u003e\u003ccode\u003e8fd1364\u003c/code\u003e\u003c/a\u003e [Fix] return valid values on multi-byte-wide TypedArray input\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/crypto-browserify/cipher-base/compare/v1.0.4...v1.0.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~ljharb\"\u003eljharb\u003c/a\u003e, a new releaser for cipher-base since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepublish\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `flatted` from 3.1.1 to 3.4.2\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/3bf09091c3562e17a0647bc06710dd6097079cf7\"\u003e\u003ccode\u003e3bf0909\u003c/code\u003e\u003c/a\u003e 3.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/885ddcc33cf9657caf38c57c7be45ae1c5272802\"\u003e\u003ccode\u003e885ddcc\u003c/code\u003e\u003c/a\u003e fix CWE-1321\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/0bdba705d130f00892b1b8fcc80cf4cdea0631e3\"\u003e\u003ccode\u003e0bdba70\u003c/code\u003e\u003c/a\u003e added flatted-view to the benchmark\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/2a02dce7c641dec31194c67663f9b0b12e62da20\"\u003e\u003ccode\u003e2a02dce\u003c/code\u003e\u003c/a\u003e 3.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/fba4e8f2e113665da275b19cd0f695f3d98e9416\"\u003e\u003ccode\u003efba4e8f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/WebReflection/flatted/issues/89\"\u003e#89\u003c/a\u003e from WebReflection/python-fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/5fe86485e6df7f7f34a07a2a85498bd3e17384e7\"\u003e\u003ccode\u003e5fe8648\u003c/code\u003e\u003c/a\u003e added \u0026quot;when in Rome\u0026quot; also a test for PHP\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/53517adbefe724fe472b2f9ebcdb01910d0ae3f0\"\u003e\u003ccode\u003e53517ad\u003c/code\u003e\u003c/a\u003e some minor improvement\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/b3e2a0c387bf446435fec45ad7f05299f012346f\"\u003e\u003ccode\u003eb3e2a0c\u003c/code\u003e\u003c/a\u003e Fixing recursion issue in Python too\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/c4b46dbcbf782326e54ea1b65d3ebb1dc7a23fad\"\u003e\u003ccode\u003ec4b46db\u003c/code\u003e\u003c/a\u003e Add SECURITY.md for security policy and reporting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/f86d071e0f70de5a7d8200198824a3f07fc9c988\"\u003e\u003ccode\u003ef86d071\u003c/code\u003e\u003c/a\u003e Create dependabot.yml for version updates\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/WebReflection/flatted/compare/v3.1.1...v3.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `follow-redirects` from 1.9.0 to 1.16.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/0c23a223067201c368035e82954c11eb2578a33b\"\u003e\u003ccode\u003e0c23a22\u003c/code\u003e\u003c/a\u003e Release version 1.16.0 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/844c4d302ac963d29bdb5dc1754ec7df3d70d7f9\"\u003e\u003ccode\u003e844c4d3\u003c/code\u003e\u003c/a\u003e Add sensitiveHeaders option.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5e8b8d024e2c76f804a284258e585ecb49a575be\"\u003e\u003ccode\u003e5e8b8d0\u003c/code\u003e\u003c/a\u003e ci: add Node.js 24.x to the CI matrix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7953e2255aa0b93602eed3804f3bc5e6923a03af\"\u003e\u003ccode\u003e7953e22\u003c/code\u003e\u003c/a\u003e ci: upgrade GitHub Actions to use setup-node@v6 and checkout@v6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/86dc1f86e4b56bcd642c78384d51f10f123aea75\"\u003e\u003ccode\u003e86dc1f8\u003c/code\u003e\u003c/a\u003e Sanitizing input.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/21ef28a544c5e57f4c34b8476d75f2144609a1eb\"\u003e\u003ccode\u003e21ef28a\u003c/code\u003e\u003c/a\u003e Release version 1.15.11 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7c88135da3bd0681a7e156ee66b16b2f6f98b480\"\u003e\u003ccode\u003e7c88135\u003c/code\u003e\u003c/a\u003e Roll back tree shaking.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/6e389ba094beec211a8847788a146917a16c1bdb\"\u003e\u003ccode\u003e6e389ba\u003c/code\u003e\u003c/a\u003e Release version 1.15.10 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5bc496e0229abda823221e0c6267926a3f93f262\"\u003e\u003ccode\u003e5bc496e\u003c/code\u003e\u003c/a\u003e Shake me up before you go-go.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/694d6b47a42bc8377e5ef1480394de451e16bd5b\"\u003e\u003ccode\u003e694d6b4\u003c/code\u003e\u003c/a\u003e Bump minimist from 1.2.5 to 1.2.8\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/follow-redirects/follow-redirects/compare/v1.9.0...v1.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `handlebars` from 4.7.6 to 4.7.9\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/handlebars-lang/handlebars.js/releases\"\u003ehandlebars's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.7.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: enable shell mode for spawn to resolve Windows EINVAL issue - e0137c2\u003c/li\u003e\n\u003cli\u003efix type \u0026quot;RuntimeOptions\u0026quot; also accepting string partials - eab1d14\u003c/li\u003e\n\u003cli\u003efeat(types): set \u003ccode\u003ehash\u003c/code\u003e to be a \u003ccode\u003eRecord\u0026lt;string, any\u0026gt;\u003c/code\u003e - de4414d\u003c/li\u003e\n\u003cli\u003efix non-contiguous program indices - 4512766\u003c/li\u003e\n\u003cli\u003erefactor: rename i to startPartIndex - e497a35\u003c/li\u003e\n\u003cli\u003esecurity: fix security issues - 68d8df5\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2w6w-674q-4c4q\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2w6w-674q-4c4q\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-3mfm-83xf-c92r\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-3mfm-83xf-c92r\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xhpv-hc6g-r9c6\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xhpv-hc6g-r9c6\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xjpj-3mr7-gcpf\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xjpj-3mr7-gcpf\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-9cx6-37pm-9jff\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-9cx6-37pm-9jff\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2qvq-rjwj-gvw9\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2qvq-rjwj-gvw9\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-7rx3-28cr-v5wh\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-7rx3-28cr-v5wh\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-442j-39wm-28r2\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-442j-39wm-28r2\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.8...v4.7.9\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.7.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMake library compatible with workers (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1894\"\u003e#1894\u003c/a\u003e) - 3d3796c\u003c/li\u003e\n\u003cli\u003eDon't rely on Node.js global object (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1776\"\u003e#1776\u003c/a\u003e) - 2954e7e\u003c/li\u003e\n\u003cli\u003eFix compiling of each block params in strict mode (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1855\"\u003e#1855\u003c/a\u003e) - 30dbf04\u003c/li\u003e\n\u003cli\u003eFix rollup warning when importing Handlebars as ESM - 03d387b\u003c/li\u003e\n\u003cli\u003eFix bundler issue with webpack 5 (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1862\"\u003e#1862\u003c/a\u003e) - c6c6bbb\u003c/li\u003e\n\u003cli\u003eUse https instead of git for mustache submodule - 88ac068\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.7...v4.7.8\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/handlebars-lang/handlebars.js/blob/v4.7.9/release-notes.md\"\u003ehandlebars's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.7.9 - March 26th, 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: enable shell mode for spawn to resolve Windows EINVAL issue - e0137c2\u003c/li\u003e\n\u003cli\u003efix type \u0026quot;RuntimeOptions\u0026quot; also accepting string partials - eab1d14\u003c/li\u003e\n\u003cli\u003efeat(types): set \u003ccode\u003ehash\u003c/code\u003e to be a \u003ccode\u003eRecord\u0026lt;string, any\u0026gt;\u003c/code\u003e - de4414d\u003c/li\u003e\n\u003cli\u003efix non-contiguous program indices - 4512766\u003c/li\u003e\n\u003cli\u003erefactor: rename i to startPartIndex - e497a35\u003c/li\u003e\n\u003cli\u003esecurity: fix security issues - 68d8df5\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.8...v4.7.9\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.7.8 - July 27th, 2023\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMake library compatible with workers (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1894\"\u003e#1894\u003c/a\u003e) - 3d3796c\u003c/li\u003e\n\u003cli\u003eDon't rely on Node.js global object (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1...\n\n_Description has been truncated_","html_url":"https://github.com/jcstein/next.js/pull/21","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/jcstein%2Fnext.js/issues/21","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/21/packages"},{"uuid":"4511268663","node_id":"PR_kwDOGn7O-c7ewz4S","number":19,"state":"closed","title":"Bump the npm_and_yarn group across 13 directories with 20 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-24T23:53:28.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-24T10:42:32.000Z","updated_at":"2026-05-24T23:53:30.000Z","time_to_close":47456,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":20,"packages":[{"name":"express","old_version":"4.17.0","new_version":"4.22.0","repository_url":"https://github.com/expressjs/express"},{"name":"minimatch","old_version":"3.0.4","new_version":"3.1.4","repository_url":"https://github.com/isaacs/minimatch"},{"name":"tar","old_version":"4.4.10","new_version":"7.5.11","repository_url":"https://github.com/isaacs/node-tar"},{"name":"devalue","old_version":"2.0.1","new_version":"5.8.1","repository_url":"https://github.com/sveltejs/devalue"},{"name":"uuid","old_version":"8.3.2","new_version":"14.0.0","repository_url":"https://github.com/uuidjs/uuid"},{"name":"ws","old_version":"8.2.3","new_version":"8.20.1","repository_url":"https://github.com/websockets/ws"},{"name":"@babel/plugin-transform-modules-systemjs","old_version":"7.12.1","new_version":"7.29.4","repository_url":"https://github.com/babel/babel"},{"name":"bn.js","old_version":"4.11.9","new_version":"4.12.3","repository_url":"https://github.com/indutny/bn.js"},{"name":"cipher-base","old_version":"1.0.4","new_version":"1.0.7","repository_url":"https://github.com/crypto-browserify/cipher-base"},{"name":"flatted","old_version":"3.1.1","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"follow-redirects","old_version":"1.9.0","new_version":"1.16.0","repository_url":"https://github.com/follow-redirects/follow-redirects"},{"name":"handlebars","old_version":"4.7.6","new_version":"4.7.9","repository_url":"https://github.com/handlebars-lang/handlebars.js"},{"name":"js-yaml","old_version":"3.13.1","new_version":"3.14.2","repository_url":"https://github.com/nodeca/js-yaml"},{"name":"jws","old_version":"3.2.2","new_version":"3.2.3","repository_url":"https://github.com/brianloveswords/node-jws"},{"name":"rollup","old_version":"2.35.1","new_version":"2.80.0","repository_url":"https://github.com/rollup/rollup"},{"name":"sha.js","old_version":"2.4.11","new_version":"2.4.12","repository_url":"https://github.com/crypto-browserify/sha.js"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 16 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [express](https://github.com/expressjs/express) | `4.17.0` | `4.22.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.4` |\n| [tar](https://github.com/isaacs/node-tar) | `4.4.10` | `7.5.11` |\n| [devalue](https://github.com/sveltejs/devalue) | `2.0.1` | `5.8.1` |\n| [uuid](https://github.com/uuidjs/uuid) | `8.3.2` | `14.0.0` |\n| [ws](https://github.com/websockets/ws) | `8.2.3` | `8.20.1` |\n| [@babel/plugin-transform-modules-systemjs](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs) | `7.12.1` | `7.29.4` |\n| [bn.js](https://github.com/indutny/bn.js) | `4.11.9` | `4.12.3` |\n| [cipher-base](https://github.com/crypto-browserify/cipher-base) | `1.0.4` | `1.0.7` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.1.1` | `3.4.2` |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.9.0` | `1.16.0` |\n| [handlebars](https://github.com/handlebars-lang/handlebars.js) | `4.7.6` | `4.7.9` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.13.1` | `3.14.2` |\n| [jws](https://github.com/brianloveswords/node-jws) | `3.2.2` | `3.2.3` |\n| [rollup](https://github.com/rollup/rollup) | `2.35.1` | `2.80.0` |\n| [sha.js](https://github.com/crypto-browserify/sha.js) | `2.4.11` | `2.4.12` |\n\nBumps the npm_and_yarn group with 1 update in the /examples/auth-with-stytch directory: [next](https://github.com/vercel/next.js).\nBumps the npm_and_yarn group with 1 update in the /examples/blog-with-comment directory: [next](https://github.com/vercel/next.js).\nBumps the npm_and_yarn group with 1 update in the /examples/styled-jsx-with-csp directory: [next](https://github.com/vercel/next.js).\nBumps the npm_and_yarn group with 1 update in the /examples/using-preact directory: [next](https://github.com/vercel/next.js).\nBumps the npm_and_yarn group with 1 update in the /examples/with-aws-amplify-typescript directory: [next](https://github.com/vercel/next.js).\nBumps the npm_and_yarn group with 1 update in the /examples/with-i18n-next-intl directory: [next-intl](https://github.com/amannn/next-intl).\nBumps the npm_and_yarn group with 1 update in the /examples/with-next-translate directory: [next](https://github.com/vercel/next.js).\nBumps the npm_and_yarn group with 1 update in the /examples/with-nhost-auth-realtime-graphql directory: [next](https://github.com/vercel/next.js).\nBumps the npm_and_yarn group with 1 update in the /examples/with-paste-typescript directory: [next](https://github.com/vercel/next.js).\nBumps the npm_and_yarn group with 1 update in the /examples/with-react-intl directory: [next](https://github.com/vercel/next.js).\nBumps the npm_and_yarn group with 1 update in the /examples/with-redis directory: [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 3 updates in the /packages/next directory: [devalue](https://github.com/sveltejs/devalue), [uuid](https://github.com/uuidjs/uuid) and [ws](https://github.com/websockets/ws).\n\nUpdates `express` from 4.17.0 to 4.22.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/expressjs/express/releases\"\u003eexpress's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.22.0\u003c/h2\u003e\n\u003ch2\u003eImportant: Security\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity fix for \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2024-51999\"\u003eCVE-2024-51999\u003c/a\u003e (\u003ca href=\"https://github.com/expressjs/express/security/advisories/GHSA-pj86-cfqh-vqx6\"\u003eGHSA-pj86-cfqh-vqx6\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRefactor: improve readability by \u003ca href=\"https://github.com/sazk07\"\u003e\u003ccode\u003e@​sazk07\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6190\"\u003eexpressjs/express#6190\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add support for Node.js@23.0 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6080\"\u003eexpressjs/express#6080\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMethod functions with no path should error by \u003ca href=\"https://github.com/wesleytodd\"\u003e\u003ccode\u003e@​wesleytodd\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/5957\"\u003eexpressjs/express#5957\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: updated github actions ci workflow by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6323\"\u003eexpressjs/express#6323\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: reorder \u003ccode\u003enpm i\u003c/code\u003e steps to fix ci for older node versions by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6336\"\u003eexpressjs/express#6336\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBackport: ci: add node.js 24 to test matrix by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6506\"\u003eexpressjs/express#6506\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(4.x): wider range for query test skip by \u003ca href=\"https://github.com/jonchurch\"\u003e\u003ccode\u003e@​jonchurch\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6513\"\u003eexpressjs/express#6513\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003euse tilde notation for certain dependencies by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6905\"\u003eexpressjs/express#6905\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeps: qs@6.14.0 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6909\"\u003eexpressjs/express#6909\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeps: use tilde notation for \u003ccode\u003eqs\u003c/code\u003e by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6919\"\u003eexpressjs/express#6919\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelease: 4.22.0 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6921\"\u003eexpressjs/express#6921\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/expressjs/express/compare/4.21.2...4.22.0\"\u003ehttps://github.com/expressjs/express/compare/4.21.2...4.22.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e4.21.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd funding field (v4) by \u003ca href=\"https://github.com/bjohansebas\"\u003e\u003ccode\u003e@​bjohansebas\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6065\"\u003eexpressjs/express#6065\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeps: path-to-regexp@0.1.11 by \u003ca href=\"https://github.com/blakeembrey\"\u003e\u003ccode\u003e@​blakeembrey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/5956\"\u003eexpressjs/express#5956\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeps: bump path-to-regexp@0.1.12 by \u003ca href=\"https://github.com/jonchurch\"\u003e\u003ccode\u003e@​jonchurch\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6209\"\u003eexpressjs/express#6209\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelease: 4.21.2 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6094\"\u003eexpressjs/express#6094\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/expressjs/express/compare/4.21.1...4.21.2\"\u003ehttps://github.com/expressjs/express/compare/4.21.1...4.21.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e4.21.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBackport a fix for CVE-2024-47764 to the 4.x branch by \u003ca href=\"https://github.com/joshbuker\"\u003e\u003ccode\u003e@​joshbuker\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6029\"\u003eexpressjs/express#6029\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelease: 4.21.1 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6031\"\u003eexpressjs/express#6031\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/expressjs/express/compare/4.21.0...4.21.1\"\u003ehttps://github.com/expressjs/express/compare/4.21.0...4.21.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e4.21.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate \u003ccode\u003e\u0026quot;back\u0026quot;\u003c/code\u003e magic string in redirects by \u003ca href=\"https://github.com/blakeembrey\"\u003e\u003ccode\u003e@​blakeembrey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/5935\"\u003eexpressjs/express#5935\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efinalhandler@1.3.1 by \u003ca href=\"https://github.com/wesleytodd\"\u003e\u003ccode\u003e@​wesleytodd\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/5954\"\u003eexpressjs/express#5954\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(deps): serve-static@1.16.2 by \u003ca href=\"https://github.com/wesleytodd\"\u003e\u003ccode\u003e@​wesleytodd\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/5951\"\u003eexpressjs/express#5951\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgraded dependency qs to 6.13.0 to match qs in body-parser by \u003ca href=\"https://github.com/agadzinski93\"\u003e\u003ccode\u003e@​agadzinski93\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/5946\"\u003eexpressjs/express#5946\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agadzinski93\"\u003e\u003ccode\u003e@​agadzinski93\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/5946\"\u003eexpressjs/express#5946\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/expressjs/express/blob/4.22.0/History.md\"\u003eexpress's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e4.22.0 / 2025-12-01\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity fix for \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2024-51999\"\u003eCVE-2024-51999\u003c/a\u003e (\u003ca href=\"https://github.com/expressjs/express/security/advisories/GHSA-pj86-cfqh-vqx6\"\u003eGHSA-pj86-cfqh-vqx6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edeps: use tilde notation for dependencies\u003c/li\u003e\n\u003cli\u003edeps: qs@6.14.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e4.21.2 / 2024-11-06\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003edeps: path-to-regexp@0.1.12\n\u003cul\u003e\n\u003cli\u003eFix backtracking protection\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003edeps: path-to-regexp@0.1.11\n\u003cul\u003e\n\u003cli\u003eThrows an error on invalid path values\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e4.21.1 / 2024-10-08\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eBackported a fix for \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2024-47764\"\u003eCVE-2024-47764\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e4.21.0 / 2024-09-11\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate \u003ccode\u003eres.location(\u0026quot;back\u0026quot;)\u003c/code\u003e and \u003ccode\u003eres.redirect(\u0026quot;back\u0026quot;)\u003c/code\u003e magic string\u003c/li\u003e\n\u003cli\u003edeps: serve-static@1.16.2\n\u003cul\u003e\n\u003cli\u003eincludes send@0.19.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003edeps: finalhandler@1.3.1\u003c/li\u003e\n\u003cli\u003edeps: qs@6.13.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e4.20.0 / 2024-09-10\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003edeps: serve-static@0.16.0\n\u003cul\u003e\n\u003cli\u003eRemove link renderization in html while redirecting\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003edeps: send@0.19.0\n\u003cul\u003e\n\u003cli\u003eRemove link renderization in html while redirecting\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003edeps: body-parser@0.6.0\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003edepth\u003c/code\u003e option to customize the depth level in the parser\u003c/li\u003e\n\u003cli\u003eIMPORTANT: The default \u003ccode\u003edepth\u003c/code\u003e level for parsing URL-encoded data is now \u003ccode\u003e32\u003c/code\u003e (previously was \u003ccode\u003eInfinity\u003c/code\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eRemove link renderization in html while using \u003ccode\u003eres.redirect\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003edeps: path-to-regexp@0.1.10\n\u003cul\u003e\n\u003cli\u003eAdds support for named matching groups in the routes using a regex\u003c/li\u003e\n\u003cli\u003eAdds backtracking protection to parameters without regexes defined\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003edeps: encodeurl@~2.0.0\n\u003cul\u003e\n\u003cli\u003eRemoves encoding of \u003ccode\u003e\\\u003c/code\u003e, \u003ccode\u003e|\u003c/code\u003e, and \u003ccode\u003e^\u003c/code\u003e to align better with URL spec\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eDeprecate passing \u003ccode\u003eoptions.maxAge\u003c/code\u003e and \u003ccode\u003eoptions.expires\u003c/code\u003e to \u003ccode\u003eres.clearCookie\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003eWill be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e4.19.2 / 2024-03-25\u003c/h1\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/49744abd1120484fe64d7bde1cd3197c32523b6e\"\u003e\u003ccode\u003e49744ab\u003c/code\u003e\u003c/a\u003e 4.22.0 (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6921\"\u003e#6921\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/6e97452f600a3b01719fbc5517d833c7646b0bb7\"\u003e\u003ccode\u003e6e97452\u003c/code\u003e\u003c/a\u003e sec: security patch for CVE-2024-51999\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/6a23d34d652b9e69a4486d2a2a0dea54b9685fa5\"\u003e\u003ccode\u003e6a23d34\u003c/code\u003e\u003c/a\u003e deps: use tilde notation for \u003ccode\u003eqs\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6919\"\u003e#6919\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/8c12cdf93b89a4628b59179e3cc0722fc517d6b3\"\u003e\u003ccode\u003e8c12cdf\u003c/code\u003e\u003c/a\u003e deps: qs@6.14.0 (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6909\"\u003e#6909\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/7fea74fcf02764580f38f2a7f1932dfa54cddd90\"\u003e\u003ccode\u003e7fea74f\u003c/code\u003e\u003c/a\u003e deps: use tilde notation for certain dependencies (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6905\"\u003e#6905\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/dac7a0475a99e9dfc57b3b8e6d5bdf52813f1944\"\u003e\u003ccode\u003edac7a04\u003c/code\u003e\u003c/a\u003e chore: wider range for query test skip (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6513\"\u003e#6513\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/997919b48879bbd53171c3b4e5dd1b04ad139241\"\u003e\u003ccode\u003e997919b\u003c/code\u003e\u003c/a\u003e ci: add node.js 24 to test matrix (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6506\"\u003e#6506\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/36fb59c6c7d9dfca0b08dfeafb5b6e4a249234a1\"\u003e\u003ccode\u003e36fb59c\u003c/code\u003e\u003c/a\u003e fix(ci): reorder \u003ccode\u003enpm i\u003c/code\u003e steps to fix ci for older node versions (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6336\"\u003e#6336\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/3a5edfaff06f1a2c7079b08d0635108b371eddfd\"\u003e\u003ccode\u003e3a5edfa\u003c/code\u003e\u003c/a\u003e fix(ci): updated github actions ci workflow (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6323\"\u003e#6323\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/52d978119a7af27667cce5d99ac0739dc269d818\"\u003e\u003ccode\u003e52d9781\u003c/code\u003e\u003c/a\u003e fix(test): add test for method routes without paths \u003ca href=\"https://redirect.github.com/expressjs/express/issues/5955\"\u003e#5955\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/expressjs/express/compare/4.17.0...4.22.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~ulisesgascon\"\u003eulisesgascon\u003c/a\u003e, a new releaser for express since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 3.0.4 to 3.1.4\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a2e084af579731af66c221214e3ca8222c9bf23\"\u003e\u003ccode\u003e1a2e084\u003c/code\u003e\u003c/a\u003e 3.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/ae24656237c3d58067442f790ce17eff84463a47\"\u003e\u003ccode\u003eae24656\u003c/code\u003e\u003c/a\u003e update lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/b1003749228b2a79e1f237963a0d559ef7a0941e\"\u003e\u003ccode\u003eb100374\u003c/code\u003e\u003c/a\u003e limit recursion for **, improve perf considerably\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/26ffeaa091b9f660833e23f42e07165b33e85c13\"\u003e\u003ccode\u003e26ffeaa\u003c/code\u003e\u003c/a\u003e lockfile update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/9eca892a4e5dbb20534f9f30483b85cdeee6c2eb\"\u003e\u003ccode\u003e9eca892\u003c/code\u003e\u003c/a\u003e lock node version to 14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/00c323b188b704e5d4bc534ecec2268cfa70a32a\"\u003e\u003ccode\u003e00c323b\u003c/code\u003e\u003c/a\u003e 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/30486b2048929264f44d18822891cfffa02af78b\"\u003e\u003ccode\u003e30486b2\u003c/code\u003e\u003c/a\u003e update CI matrix and actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/9c31b2d4e0af72a6c2d2d62c5dbc2247da669802\"\u003e\u003ccode\u003e9c31b2d\u003c/code\u003e\u003c/a\u003e update test expectations for coalesced consecutive stars\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/46fe687857cf02f6cf45469cc593b97e11b10c96\"\u003e\u003ccode\u003e46fe687\u003c/code\u003e\u003c/a\u003e coalesce consecutive non-globstar * characters\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/5a9ccbda64befc5d94b965534dbea2853c92aebd\"\u003e\u003ccode\u003e5a9ccbd\u003c/code\u003e\u003c/a\u003e [meta] update publishConfig.tag to legacy-v3\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v3.0.4...v3.1.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `tar` from 4.4.10 to 7.5.11\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/isaacs/node-tar/releases\"\u003etar's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.1.13\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/npm/node-tar/compare/v6.1.12...v6.1.13\"\u003e6.1.13\u003c/a\u003e (2022-12-07)\u003c/h2\u003e\n\u003ch3\u003eDependencies\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-tar/commit/cc4e0ddfe523a0bce383846a67442c637a65d486\"\u003e\u003ccode\u003ecc4e0dd\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-tar/pull/343\"\u003e#343\u003c/a\u003e bump minipass from 3.3.6 to 4.0.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.1.12\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/npm/node-tar/compare/v6.1.11...v6.1.12\"\u003e6.1.12\u003c/a\u003e (2022-10-31)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-tar/commit/57493ee66ece50d62114e02914282fc37be3a91a\"\u003e\u003ccode\u003e57493ee\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-tar/pull/332\"\u003e#332\u003c/a\u003e ensuring close event is emited after stream has ended (\u003ca href=\"https://github.com/webark\"\u003e\u003ccode\u003e@​webark\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-tar/commit/b003c64f624332e24e19b30dc011069bb6708680\"\u003e\u003ccode\u003eb003c64\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-tar/pull/314\"\u003e#314\u003c/a\u003e replace deprecated String.prototype.substr() (\u003ca href=\"https://redirect.github.com/isaacs/node-tar/issues/314\"\u003e#314\u003c/a\u003e) (\u003ca href=\"https://github.com/CommanderRoot\"\u003e\u003ccode\u003e@​CommanderRoot\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/lukekarrys\"\u003e\u003ccode\u003e@​lukekarrys\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-tar/commit/f12992932f171ea248b27fad95e7d489a56d31ed\"\u003e\u003ccode\u003ef129929\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-tar/pull/313\"\u003e#313\u003c/a\u003e remove dead link to benchmarks (\u003ca href=\"https://redirect.github.com/isaacs/node-tar/issues/313\"\u003e#313\u003c/a\u003e) (\u003ca href=\"https://github.com/yetzt\"\u003e\u003ccode\u003e@​yetzt\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-tar/commit/c1faa9f44001dfb0bc7638b2850eb6058bd56a4a\"\u003e\u003ccode\u003ec1faa9f\u003c/code\u003e\u003c/a\u003e add examples/explanation of using tar.t (\u003ca href=\"https://github.com/isaacs\"\u003e\u003ccode\u003e@​isaacs\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md\"\u003etar's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003e7.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003ezstd\u003c/code\u003e compression support.\u003c/li\u003e\n\u003cli\u003eConsistent TOCTOU behavior in sync t.list\u003c/li\u003e\n\u003cli\u003eOnly read from ustar block if not specified in Pax\u003c/li\u003e\n\u003cli\u003eFix sync tar.list when file size reduces while reading\u003c/li\u003e\n\u003cli\u003eSanitize absolute linkpaths properly\u003c/li\u003e\n\u003cli\u003ePrevent writing hardlink entries to the archive ahead of their\nfile target\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate \u003ccode\u003eonentry\u003c/code\u003e in favor of \u003ccode\u003eonReadEntry\u003c/code\u003e for clarity.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eonWriteEntry\u003c/code\u003e option\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDRY the command definitions into a single \u003ccode\u003emakeCommand\u003c/code\u003e method,\nand update the type signatures to more appropriately infer the\nreturn type from the options and arguments provided.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate minipass to v7.1.0\u003c/li\u003e\n\u003cli\u003eUpdate the type definitions of \u003ccode\u003ewrite()\u003c/code\u003e and \u003ccode\u003eend()\u003c/code\u003e methods on\n\u003ccode\u003eUnpack\u003c/code\u003e and \u003ccode\u003eParser\u003c/code\u003e classes to be compatible with the\nNodeJS.WritableStream type in the latest versions of\n\u003ccode\u003e@types/node\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for node \u0026lt;18\u003c/li\u003e\n\u003cli\u003eRewrite in TypeScript, provide ESM and CommonJS hybrid\ninterface\u003c/li\u003e\n\u003cli\u003eAdd tree-shake friendly exports, like \u003ccode\u003eimport('tar/create')\u003c/code\u003e\nand \u003ccode\u003eimport('tar/read-entry')\u003c/code\u003e to get individual functions or\nclasses.\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003echmod\u003c/code\u003e option that defaults to false, and deprecate\n\u003ccode\u003enoChmod\u003c/code\u003e. That is, reverse the default option regarding\nexplicitly setting file system modes to match tar entry\nsettings.\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eprocessUmask\u003c/code\u003e option to avoid having to call\n\u003ccode\u003eprocess.umask()\u003c/code\u003e when \u003ccode\u003echmod: true\u003c/code\u003e (or \u003ccode\u003enoChmod: false\u003c/code\u003e) is\nset.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/bf776f673164215074b62749e0fe80e5834588f4\"\u003e\u003ccode\u003ebf776f6\u003c/code\u003e\u003c/a\u003e 7.5.11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/f48b5fa3b7985ddab96dc0f2125a4ffc9911b6ad\"\u003e\u003ccode\u003ef48b5fa\u003c/code\u003e\u003c/a\u003e prevent escaping symlinks with drive-relative paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/97cff15d3539a37a4095eb3d287147d9d77c2dc3\"\u003e\u003ccode\u003e97cff15\u003c/code\u003e\u003c/a\u003e docs: more security info\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/2b72abc1d47c3570e1ad95c9ab557fc4c2e6e4b1\"\u003e\u003ccode\u003e2b72abc\u003c/code\u003e\u003c/a\u003e 7.5.10\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/7bc755dd85e623c0279e08eb3784909e6d7e4b9f\"\u003e\u003ccode\u003e7bc755d\u003c/code\u003e\u003c/a\u003e parse root off paths before sanitizing .. parts\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/c8cb84629dee649feedde03f2f4ea48f2e44e778\"\u003e\u003ccode\u003ec8cb846\u003c/code\u003e\u003c/a\u003e update deps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/1f0c2c9006b10199cf2686f8ef43e79a1773e1aa\"\u003e\u003ccode\u003e1f0c2c9\u003c/code\u003e\u003c/a\u003e 7.5.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/fbb08518bf290733b68ca4d4135f75becf73fd75\"\u003e\u003ccode\u003efbb0851\u003c/code\u003e\u003c/a\u003e build minified version as default export\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/6b8eba0ef367ac937e703238daa6df94ae6f823f\"\u003e\u003ccode\u003e6b8eba0\u003c/code\u003e\u003c/a\u003e 7.5.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/2cb1120bcefe28d7ecc719b41441ade59c52e384\"\u003e\u003ccode\u003e2cb1120\u003c/code\u003e\u003c/a\u003e fix(unpack): improve UnpackSync symlink error \u0026quot;into\u0026quot; path accuracy\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/node-tar/compare/v4.4.10...v7.5.11\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~isaacs\"\u003eisaacs\u003c/a\u003e, a new releaser for tar since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `devalue` from 2.0.1 to 5.8.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sveltejs/devalue/releases\"\u003edevalue's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.8.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e206ca67: fix: force sparse arrays to allocate sparsely\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.8.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ec5115b0: feat: add \u003ccode\u003estringifyAsync\u003c/code\u003e for async serialization\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.7.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e8becc7c: fix: handle regexes consistently in uneval's value and reference formats\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.7.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edf2e284: feat: use native alternatives to encode/decode base64\u003c/li\u003e\n\u003cli\u003e498656e: feat: add \u003ccode\u003eDataView\u003c/code\u003e support\u003c/li\u003e\n\u003cli\u003ea210130: feat: whitelist \u003ccode\u003eFloat16Array\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003edf2e284: feat: simplify TypedArray slices\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e5590634: fix: get \u003ccode\u003euneval\u003c/code\u003e type handling up to parity with \u003ccode\u003estringify\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e57f73fc: fix: correctly support boxed bigints and sentinel values\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.6.4\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e87c1f3c: fix: reject \u003ccode\u003e__proto__\u003c/code\u003e keys in malformed \u003ccode\u003eObject\u003c/code\u003e wrapper payloads\u003c/p\u003e\n\u003cp\u003eThis validates the \u003ccode\u003e\u0026quot;Object\u0026quot;\u003c/code\u003e parse path and throws when the wrapped value has an own \u003ccode\u003e__proto__\u003c/code\u003e key.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e40f1db1: fix: ensure sparse array indices are integers\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e87c1f3c: fix: disallow \u003ccode\u003e__proto__\u003c/code\u003e keys in null-prototype object parsing\u003c/p\u003e\n\u003cp\u003eThis disallows \u003ccode\u003e__proto__\u003c/code\u003e keys in the \u003ccode\u003e\u0026quot;null\u0026quot;\u003c/code\u003e parse path so null-prototype object hydration cannot carry that key through parse/unflatten.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.6.3\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e0f04d4d: fix: Properly handle \u003ccode\u003e__proto__\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e819f1ac: fix: better encoding for sparse arrays\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.6.2\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sveltejs/devalue/blob/main/CHANGELOG.md\"\u003edevalue's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.8.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e206ca67: fix: force sparse arrays to allocate sparsely\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.8.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ec5115b0: feat: add \u003ccode\u003estringifyAsync\u003c/code\u003e for async serialization\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.7.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e8becc7c: fix: handle regexes consistently in uneval's value and reference formats\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.7.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edf2e284: feat: use native alternatives to encode/decode base64\u003c/li\u003e\n\u003cli\u003e498656e: feat: add \u003ccode\u003eDataView\u003c/code\u003e support\u003c/li\u003e\n\u003cli\u003ea210130: feat: whitelist \u003ccode\u003eFloat16Array\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003edf2e284: feat: simplify TypedArray slices\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e5590634: fix: get \u003ccode\u003euneval\u003c/code\u003e type handling up to parity with \u003ccode\u003estringify\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e57f73fc: fix: correctly support boxed bigints and sentinel values\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.6.4\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e87c1f3c: fix: reject \u003ccode\u003e__proto__\u003c/code\u003e keys in malformed \u003ccode\u003eObject\u003c/code\u003e wrapper payloads\u003c/p\u003e\n\u003cp\u003eThis validates the \u003ccode\u003e\u0026quot;Object\u0026quot;\u003c/code\u003e parse path and throws when the wrapped value has an own \u003ccode\u003e__proto__\u003c/code\u003e key.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e40f1db1: fix: ensure sparse array indices are integers\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e87c1f3c: fix: disallow \u003ccode\u003e__proto__\u003c/code\u003e keys in null-prototype object parsing\u003c/p\u003e\n\u003cp\u003eThis disallows \u003ccode\u003e__proto__\u003c/code\u003e keys in the \u003ccode\u003e\u0026quot;null\u0026quot;\u003c/code\u003e parse path so null-prototype object hydration cannot carry that key through parse/unflatten.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.6.3\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e0f04d4d: fix: Properly handle \u003ccode\u003e__proto__\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e819f1ac: fix: better encoding for sparse arrays\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.6.2\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/devalue/commit/796ea83a76eb7e0f2af376f9c2c875f1d057f50f\"\u003e\u003ccode\u003e796ea83\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://redirect.github.com/sveltejs/devalue/issues/152\"\u003e#152\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/devalue/commit/206ca6712fbc380a4571c59de9ab04b91110792d\"\u003e\u003ccode\u003e206ca67\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/devalue/commit/14933f78ff6b712829162628682b0a1993e75d19\"\u003e\u003ccode\u003e14933f7\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://redirect.github.com/sveltejs/devalue/issues/151\"\u003e#151\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/devalue/commit/c5115b0074ec298fb4077f6cee5616cefbd13902\"\u003e\u003ccode\u003ec5115b0\u003c/code\u003e\u003c/a\u003e feat: \u003ccode\u003estringifyAsync\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/sveltejs/devalue/issues/150\"\u003e#150\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/devalue/commit/67dad450b5db18ea9aa3059d334d8b0ee6704d9e\"\u003e\u003ccode\u003e67dad45\u003c/code\u003e\u003c/a\u003e docs: update README to reflect serialization stability non-goal (\u003ca href=\"https://redirect.github.com/sveltejs/devalue/issues/147\"\u003e#147\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/devalue/commit/6eb920a7db6fe388f24f640d0e4e874a57f148fb\"\u003e\u003ccode\u003e6eb920a\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://redirect.github.com/sveltejs/devalue/issues/146\"\u003e#146\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/devalue/commit/8becc7c436f0d4f85e2e5b32cb49dcfdf4fdec42\"\u003e\u003ccode\u003e8becc7c\u003c/code\u003e\u003c/a\u003e fix: handle regexes consistently in uneval's value and reference formats (\u003ca href=\"https://redirect.github.com/sveltejs/devalue/issues/145\"\u003e#145\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/devalue/commit/2eee2e435ea0ea3d495dc7a266486df95a4eb6ed\"\u003e\u003ccode\u003e2eee2e4\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://redirect.github.com/sveltejs/devalue/issues/144\"\u003e#144\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/devalue/commit/498656e75d36dfc63a386240722bdeac63337b25\"\u003e\u003ccode\u003e498656e\u003c/code\u003e\u003c/a\u003e DataView support (\u003ca href=\"https://redirect.github.com/sveltejs/devalue/issues/143\"\u003e#143\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/devalue/commit/5590634db53ed555d3ce2e2024924b30352a6afc\"\u003e\u003ccode\u003e5590634\u003c/code\u003e\u003c/a\u003e Improve platform types support (\u003ca href=\"https://redirect.github.com/sveltejs/devalue/issues/142\"\u003e#142\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sveltejs/devalue/compare/v2.0.1...v5.8.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for devalue since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `uuid` from 8.3.2 to 14.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/uuidjs/uuid/releases\"\u003euuid's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev14.0.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v14.0.0\"\u003e14.0.0\u003c/a\u003e (2026-04-19)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eexpect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/dc4ddb87272ed2843faccd130bcc41d492688bd3\"\u003edc4ddb8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eexpect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/f2c235f93059325fa43e1106e624b5291bb523c4\"\u003ef2c235f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse GITHUB_TOKEN for release-please and enable npm provenance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/925\"\u003e#925\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/ffa31383e8e4e1f0b4e22e504561272041b8738c\"\u003effa3138\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.2\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.1...v13.0.2\"\u003e13.0.2\u003c/a\u003e (2026-05-04)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ererelease to fix provenance. (\u003ca href=\"https://github.com/uuidjs/uuid/commit/49ccb35f78c0c4ce1409dd2f1d89f83caadba10b\"\u003e49ccb35\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v13.0.1\"\u003e13.0.1\u003c/a\u003e (2026-04-27)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebackport fix for GHSA-w5hq-g745-h8pq (\u003ca href=\"https://github.com/uuidjs/uuid/commit/9d27ddf7046ce496ef39569ff84d948eeff9cb2a\"\u003e9d27ddf\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v12.0.0...v13.0.0\"\u003e13.0.0\u003c/a\u003e (2025-09-08)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/bce9d72a3ae5b9a3dcd8eb21ef6d1820288a427a\"\u003ebce9d72\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev12.0.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v12.0.0...v12.0.1\"\u003e12.0.1\u003c/a\u003e (2026-04-29)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md\"\u003euuid's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v14.0.0\"\u003e14.0.0\u003c/a\u003e (2026-04-19)\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixes \u003ca href=\"https://github.com/uuidjs/uuid/security/advisories/GHSA-w5hq-g745-h8pq\"\u003eGHSA-w5hq-g745-h8pq\u003c/a\u003e: \u003ccode\u003ev3()\u003c/code\u003e, \u003ccode\u003ev5()\u003c/code\u003e, and \u003ccode\u003ev6()\u003c/code\u003e did not validate that writes would remain within the bounds of a caller-supplied buffer, allowing out-of-bounds writes when an invalid \u003ccode\u003eoffset\u003c/code\u003e was provided. A \u003ccode\u003eRangeError\u003c/code\u003e is now thrown if \u003ccode\u003eoffset \u0026lt; 0\u003c/code\u003e or \u003ccode\u003eoffset + 16 \u0026gt; buf.length\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ecrypto\u003c/code\u003e is now expected to be globally defined (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade minimum supported TypeScript version to 5.4.3, in keeping with the project's policy of supporting TypeScript versions released within the last two years\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v12.0.0...v13.0.0\"\u003e13.0.0\u003c/a\u003e (2025-09-08)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/bce9d72a3ae5b9a3dcd8eb21ef6d1820288a427a\"\u003ebce9d72\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v11.1.0...v12.0.0\"\u003e12.0.0\u003c/a\u003e (2025-09-05)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eupdate to typescript@5.2 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/887\"\u003e#887\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove CommonJS support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/886\"\u003e#886\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@16 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/883\"\u003e#883\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd node@24 to ci matrix (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/879\"\u003e#879\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/42b6178aa21a593257f0a72abacd220f0b7b8a92\"\u003e42b6178\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@16 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/883\"\u003e#883\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/0f38cf10366ab074f9328ae2021eea04d5f2e530\"\u003e0f38cf1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove CommonJS support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/886\"\u003e#886\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/ae786e27265f50bcf7cead196c29f1869297c42f\"\u003eae786e2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate to typescript@5.2 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/887\"\u003e#887\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/c7ee40598ed78584d81ab78dffded9fe5ff20b01\"\u003ec7ee405\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eimprove v4() performance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/894\"\u003e#894\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/5fd974c12718c8848035650b69b8948f12ace197\"\u003e5fd974c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erestore node: prefix (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/889\"\u003e#889\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/e1f42a354593093ba0479f0b4047dae82d28c507\"\u003ee1f42a3\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v11.0.5...v11.1.0\"\u003e11.1.0\u003c/a\u003e (2025-02-19)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/7c1ea087a8149b57380fc8bb7f68c3a215cb6e4b\"\u003e\u003ccode\u003e7c1ea08\u003c/code\u003e\u003c/a\u003e chore(main): release 14.0.0 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/926\"\u003e#926\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/3d2c5b0342f0fcb52a5ac681c3d47c13e7444b34\"\u003e\u003ccode\u003e3d2c5b0\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/f2c235f93059325fa43e1106e624b5291bb523c4\"\u003e\u003ccode\u003ef2c235f\u003c/code\u003e\u003c/a\u003e fix!: expect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/529ef0899f5dd503d2ee90d690585d63d78bc212\"\u003e\u003ccode\u003e529ef08\u003c/code\u003e\u003c/a\u003e chore: upgrade TypeScript and fixup types (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/927\"\u003e#927\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/086fd7976f11433edf9ac80be876b3ad243fe087\"\u003e\u003ccode\u003e086fd79\u003c/code\u003e\u003c/a\u003e chore: update dependencies (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/933\"\u003e#933\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/dc4ddb87272ed2843faccd130bcc41d492688bd3\"\u003e\u003ccode\u003edc4ddb8\u003c/code\u003e\u003c/a\u003e feat!: drop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/0f1f9c9c9cedbae5a1d363d5406c5dfbabe81404\"\u003e\u003ccode\u003e0f1f9c9\u003c/code\u003e\u003c/a\u003e chore: switch to Biome for parsing and linting (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/932\"\u003e#932\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/e2879e64bf125add903c1eff6e0860542c605013\"\u003e\u003ccode\u003ee2879e6\u003c/code\u003e\u003c/a\u003e chore: use maintained version of npm-run-all (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/930\"\u003e#930\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/ffa31383e8e4e1f0b4e22e504561272041b8738c\"\u003e\u003ccode\u003effa3138\u003c/code\u003e\u003c/a\u003e fix: Use GITHUB_TOKEN for release-please and enable npm provenance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/925\"\u003e#925\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/0423d49df2dc8efc300c804731d25f4d7e0fccc4\"\u003e\u003ccode\u003e0423d49\u003c/code\u003e\u003c/a\u003e docs: remove obsolete v1 option notes (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/915\"\u003e#915\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/uuidjs/uuid/compare/v8.3.2...v14.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for uuid since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ws` from 8.2.3 to 8.20.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/websockets/ws/releases\"\u003ews's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.20.1\u003c/h2\u003e\n\u003ch1\u003eBug fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an uninitialized memory disclosure issue in \u003ccode\u003ewebsocket.close()\u003c/code\u003e\n(c0327ec1).\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eProviding a \u003ccode\u003eTypedArray\u003c/code\u003e (e.g. \u003ccode\u003eFloat32Array\u003c/code\u003e) as the \u003ccode\u003ereason\u003c/code\u003e argument for\n\u003ccode\u003ewebsocket.close()\u003c/code\u003e, rather than the supported string or \u003ccode\u003eBuffer\u003c/code\u003e types, caused\nuninitialized memory to be disclosed to the remote peer.\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003eimport { deepStrictEqual } from 'node:assert';\r\nimport { WebSocket, WebSocketServer } from 'ws';\r\n\u003cp\u003econst wss = new WebSocketServer(\n{ port: 0, skipUTF8Validation: true },\nfunction () {\nconst { port } = wss.address();\nconst ws = new WebSocket(\u003ccode\u003ews://localhost:${port}\u003c/code\u003e, {\nskipUTF8Validation: true\n});\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003ews.on('close', function (code, reason) {\r\n  deepStrictEqual(reason, Buffer.alloc(80));\r\n});\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003e}\n);\u003c/p\u003e\n\u003cp\u003ewss.on('connection', function (ws) {\nws.close(1000, new Float32Array(20));\n});\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cp\u003eThe issue was privately reported by \u003ca href=\"https://github.com/ChALkeR\"\u003eNikita Skovoroda\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003e8.20.0\u003c/h2\u003e\n\u003ch1\u003eFeatures\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdded exports for the \u003ccode\u003ePerMessageDeflate\u003c/code\u003e class and utilities for the\n\u003ccode\u003eSec-WebSocket-Extensions\u003c/code\u003e and \u003ccode\u003eSec-WebSocket-Protocol\u003c/code\u003e headers (d3503c1f).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.19.0\u003c/h2\u003e\n\u003ch1\u003eFeatures\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdded the \u003ccode\u003ecloseTimeout\u003c/code\u003e option (\u003ca href=\"https://redirect.github.com/websockets/ws/issues/2308\"\u003e#2308\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBug fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eHandled a forthcoming breaking change in Node.js core (19984854).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/5d9b316230ea931532a6671cc450f18c11edd02f\"\u003e\u003ccode\u003e5d9b316\u003c/code\u003e\u003c/a\u003e [dist] 8.20.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/c0327ec15a54d701eb6ccefaa8bef328cfc03086\"\u003e\u003ccode\u003ec0327ec\u003c/code\u003e\u003c/a\u003e [security] Fix uninitialized memory disclosure in \u003ccode\u003ewebsocket.close()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/ce2a3d62437995a47e6056d485a33d21b6a8f867\"\u003e\u003ccode\u003ece2a3d6\u003c/code\u003e\u003c/a\u003e [ci] Test on node 26\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/58e45b872bb0f35a3edd553c27e105300a4f5bd0\"\u003e\u003ccode\u003e58e45b8\u003c/code\u003e\u003c/a\u003e [ci] Do not test on node 25\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/5f26c245231a4b018479a9269e8c3da4773fe42f\"\u003e\u003ccode\u003e5f26c24\u003c/code\u003e\u003c/a\u003e [ci] Run the lint step on node 24\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/843925544e2f4cffe445e0179947f56d6c5b608f\"\u003e\u003ccode\u003e8439255\u003c/code\u003e\u003c/a\u003e [dist] 8.20.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/d3503c1fd36a310985108f62b343bae18346ab67\"\u003e\u003ccode\u003ed3503c1\u003c/code\u003e\u003c/a\u003e [minor] Export the \u003ccode\u003ePerMessageDeflate\u003c/code\u003e class and header utils\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/3ee5349a0b1580f6e1f347b59ec3371011bd8481\"\u003e\u003ccode\u003e3ee5349\u003c/code\u003e\u003c/a\u003e [api] Convert the \u003ccode\u003eisServer\u003c/code\u003e and \u003ccode\u003emaxPayload\u003c/code\u003e parameters to options\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/91707b470ebd803aaa3fd1e896217740f39267d4\"\u003e\u003ccode\u003e91707b4\u003c/code\u003e\u003c/a\u003e [doc] Add missing space\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/8b553192268810a83253e2a4a39ac16768e75bb3\"\u003e\u003ccode\u003e8b55319\u003c/code\u003e\u003c/a\u003e [pkg] Update eslint to version 10.0.1\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/websockets/ws/compare/8.2.3...8.20.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@babel/plugin-transform-modules-systemjs` from 7.12.1 to 7.29.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/babel/babel/releases\"\u003e@​babel/plugin-transform-modules-systemjs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.29.4 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-plugin-transform-modules-systemjs\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17974\"\u003e#17974\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 1\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.3 (2026-04-30)\u003c/h2\u003e\n\u003ch4\u003e:eyeglasses: Spec Compliance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17923\"\u003e#17923\u003c/a\u003e Support flow extends bound (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helper-create-class-features-plugin\u003c/code\u003e, \u003ccode\u003ebabel-plugin-proposal-decorators\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17931\"\u003e#17931\u003c/a\u003e fix(decorators): replace super within all removed static elements (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-register\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17915\"\u003e#17915\u003c/a\u003e Fix thread synchronization issues in \u003ccode\u003e@babel/register\u003c/code\u003e (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-compat-data\u003c/code\u003e, \u003ccode\u003ebabel-plugin-bugfix-safari-rest-destructuring-rhs-array\u003c/code\u003e, \u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17788\"\u003e#17788\u003c/a\u003e Add bugfix plugin for Safari array rest destructuring bug (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:nail_care: Polish\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17782\"\u003e#17782\u003c/a\u003e Improve trailing comma comment handling (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:memo: Documentation\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17847\"\u003e#17847\u003c/a\u003e Replace npmjs.com links with npmx.dev (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:running_woman: Performance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helper-import-to-platform-api\u003c/code\u003e, \u003ccode\u003ebabel-plugin-proposal-import-wasm-source\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-json-modules\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17818\"\u003e#17818\u003c/a\u003e Load async Wasm and JSON imports in parallel (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 4\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eBabel Bot (\u003ca href=\"https://github.com/babel-bot\"\u003e\u003ccode\u003e@​babel-bot\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNicolò Ribaudo (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.2 (2026-03-16)\u003c/h2\u003e\n\u003ch4\u003e:eyeglasses: Spec Compliance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17840\"\u003e#17840\u003c/a\u003e [7.x backport] async x =\u0026gt; {} must be in leading pos (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helpers\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-async-generator-functions\u003c/code\u003e, \u003ccode\u003ebabel-preset-env\u003c/code\u003e, \u003ccode\u003ebabel-runtime-corejs3\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17805\"\u003e#17805\u003c/a\u003e [7.x backport] fix: Properly handle await in finally (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-preset-env\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/a458f66074b97d54773db8159af673d23b26079b\"\u003e\u003ccode\u003ea458f66\u003c/code\u003e\u003c/a\u003e v7.29.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/32ebd5aaf2526ddd176fd6a3d1e3dc594abdc8d9\"\u003e\u003ccode\u003e32ebd5a\u003c/code\u003e\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17974\"\u003e#17974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/aa8394e454337d118ac3d40bfa3ee1a3cb3f3ed2\"\u003e\u003ccode\u003eaa8394e\u003c/code\u003e\u003c/a\u003e v7.29.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/0053db620c05acf0036f593b5aaf4e372daa79d0\"\u003e\u003ccode\u003e0053db6\u003c/code\u003e\u003c/a\u003e Update polyfill packages (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17727\"\u003e#17727\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/61647ae2397c82c3c71f077b5ab109106a5cac0f\"\u003e\u003ccode\u003e61647ae\u003c/code\u003e\u003c/a\u003e v7.28.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/a177d551adba99773f4ff00ea9bf46550def6132\"\u003e\u003ccode\u003ea177d55\u003c/code\u003e\u003c/a\u003e [Babel 8] Use \u003ccode\u003et.traverseFast\u003c/code\u003e to replace some \u003ccode\u003epath.traverse\u003c/code\u003e (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17518\"\u003e#17518\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/eebd3a06021c13d335b5b0bd79734df3abbea678\"\u003e\u003ccode\u003eeebd3a0\u003c/code\u003e\u003c/a\u003e v7.27.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/317e332e650bc04907bc787ab79f930288a3e71e\"\u003e\u003ccode\u003e317e332\u003c/code\u003e\u003c/a\u003e Enforce node protocol import (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17207\"\u003e#17207\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/fdc0fb59e119ee0b38bced63867a344a5b4bc2f3\"\u003e\u003ccode\u003efdc0fb5\u003c/code\u003e\u003c/a\u003e [Babel 8] Bump nodejs requirements to \u003ccode\u003e^20.19.0 || \u0026gt;= 22.12.0\u003c/code\u003e (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17204\"\u003e#17204\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/cd24cc07ef6558b7f6510f9177f6393c91b0549f\"\u003e\u003ccode\u003ecd24cc0\u003c/code\u003e\u003c/a\u003e chore: Update TS 5.7 (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17053\"\u003e#17053\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/babel/babel/commits/v7.29.4/packages/babel-plugin-transform-modules-systemjs\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for \u003ccode\u003e@​babel/plugin-transform-modules-systemjs\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `bn.js` from 4.11.9 to 4.12.3\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/39fe4389c773327ed15f29f77f8b7dbbff4beb4c\"\u003e\u003ccode\u003e39fe438\u003c/code\u003e\u003c/a\u003e 4.12.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/67ecb35dabaf252001b649c12d69c4b57deac6f6\"\u003e\u003ccode\u003e67ecb35\u003c/code\u003e\u003c/a\u003e backport(4.x): fix imaskn state (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/317\"\u003e#317\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/c4098bac2470418f8e0f6bf11fe0cb676a2b9047\"\u003e\u003ccode\u003ec4098ba\u003c/code\u003e\u003c/a\u003e 4.12.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/6277fd705e51edae1c404c65f03ba2e512706945\"\u003e\u003ccode\u003e6277fd7\u003c/code\u003e\u003c/a\u003e backport(4.x): Fix imuln/muln with zero (backport of \u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/313\"\u003e#313\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/314\"\u003e#314\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/ac0d4afaae91701815b9edc19789e44e7690d688\"\u003e\u003ccode\u003eac0d4af\u003c/code\u003e\u003c/a\u003e 4.12.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/a5f14b43ec61bc7cafc6de2e7444913b9f581b00\"\u003e\u003ccode\u003ea5f14b4\u003c/code\u003e\u003c/a\u003e Fix serious issue in \u003ccode\u003e.toString(16)\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/309\"\u003e#309\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/0cd2661b9d08512263c940662586042ef8aaccc6\"\u003e\u003ccode\u003e0cd2661\u003c/code\u003e\u003c/a\u003e Remove package-lock.json added by npm\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/84ae31344a557abb78ddabe3bac923b7503e4fb5\"\u003e\u003ccode\u003e84ae313\u003c/code\u003e\u003c/a\u003e 4.12.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/967ed0a50a9400bbbd83b450550cf37f7fa178b9\"\u003e\u003ccode\u003e967ed0a\u003c/code\u003e\u003c/a\u003e fix: Buffer not using global in browser (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/260\"\u003e#260\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/61962320d7907a1a4d03a665782cb2733160c907\"\u003e\u003ccode\u003e6196232\u003c/code\u003e\u003c/a\u003e Fix LE constructor for HEX (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/265\"\u003e#265\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/indutny/bn.js/compare/v4.11.9...v4.12.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cipher-base` from 1.0.4 to 1.0.7\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/browserify/cipher-base/blob/master/CHANGELOG.md\"\u003ecipher-base's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/browserify/cipher-base/compare/v1.0.6...v1.0.7\"\u003ev1.0.7\u003c/a\u003e - 2025-09-24\u003c/h2\u003e\n\u003ch3\u003eCommits\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Refactor] use \u003ccode\u003eto-buffer\u003c/code\u003e \u003ca href=\"https://github.com/browserify/cipher-base/commit/fd1e5eeafccbc8eaa827ee6b9b60c14608aa784f\"\u003e\u003ccode\u003efd1e5ee\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e \u003ca href=\"https://github.com/browserify/cipher-base/commit/08ba8034223a53d300b7dccf33d8f14e52379a34\"\u003e\u003ccode\u003e08ba803\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/browserify/cipher-base/compare/v1.0.5...v1.0.6\"\u003ev1.0.6\u003c/a\u003e - 2024-11-26\u003c/h2\u003e\n\u003ch3\u003eCommits\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] io.js 3.0 - Node.js 5.3 typed array support \u003ca href=\"https://github.com/browserify/cipher-base/commit/b7ddd2ac24e65cc47befc1e0eb5026422f8ab037\"\u003e\u003ccode\u003eb7ddd2a\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/browserify/cipher-base/compare/v1.0.4...v1.0.5\"\u003ev1.0.5\u003c/a\u003e - 2024-11-17\u003c/h2\u003e\n\u003ch3\u003eCommits\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Tests] standard -\u0026gt; eslint, make test dir, etc \u003ca href=\"https://github.com/browserify/cipher-base/commit/ae02fd6624c41ac4ac18077be797111d1955bc76\"\u003e\u003ccode\u003eae02fd6\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] migrate from travis to GHA \u003ca href=\"https://github.com/browserify/cipher-base/commit/66387d71461287ad9067bb1bcbfdc47403a33ee7\"\u003e\u003ccode\u003e66387d7\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] fix package.json indentation \u003ca href=\"https://github.com/browserify/cipher-base/commit/5c02918ac58c875ed36913c2dc3e1043f4d1c99c\"\u003e\u003ccode\u003e5c02918\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] return valid values on multi-byte-wide TypedArray input \u003ca href=\"https://github.com/browserify/cipher-base/commit/8fd136432ca298a664f5637629cf2b42a6c7f294\"\u003e\u003ccode\u003e8fd1364\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] add \u003ccode\u003eauto-changelog\u003c/code\u003e \u003ca href=\"https://github.com/browserify/cipher-base/commit/88dc806806d3dc41444dbf639c87c00f82c949b3\"\u003e\u003ccode\u003e88dc806\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] add \u003ccode\u003enpmignore\u003c/code\u003e and \u003ccode\u003esafe-publish-latest\u003c/code\u003e \u003ca href=\"https://github.com/browserify/cipher-base/commit/7a137d749ce7ea7ea56b9c096844b1b8ab723f61\"\u003e\u003ccode\u003e7a137d7\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eOnly apps should have lockfiles \u003ca href=\"https://github.com/browserify/cipher-base/commit/42528f291db16bf2e7d5f831ebe2ad87fd0b1f42\"\u003e\u003ccode\u003e42528f2\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003einherits\u003c/code\u003e, \u003ccode\u003esafe-buffer\u003c/code\u003e \u003ca href=\"https://github.com/browserify/cipher-base/commit/0e7a2d9a33a391e82fa9cf512d6e25cc91ab8613\"\u003e\u003ccode\u003e0e7a2d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] add missing \u003ccode\u003eengines.node\u003c/code\u003e \u003ca href=\"https://github.com/browserify/cipher-base/commit/f2dc13e47bbcf3c873db9a9e0f83e5f29d0783fe\"\u003e\u003ccode\u003ef2dc13e\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/00567180c846dd3db3848c9223991c58a0d5490c\"\u003e\u003ccode\u003e0056718\u003c/code\u003e\u003c/a\u003e v1.0.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/fd1e5eeafccbc8eaa827ee6b9b60c14608aa784f\"\u003e\u003ccode\u003efd1e5ee\u003c/code\u003e\u003c/a\u003e [Refactor] use \u003ccode\u003eto-buffer\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/08ba8034223a53d300b7dccf33d8f14e52379a34\"\u003e\u003ccode\u003e08ba803\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/f5249f94611506ef35a8be4d48a3fc5ecf1fac63\"\u003e\u003ccode\u003ef5249f9\u003c/code\u003e\u003c/a\u003e v1.0.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/b7ddd2ac24e65cc47befc1e0eb5026422f8ab037\"\u003e\u003ccode\u003eb7ddd2a\u003c/code\u003e\u003c/a\u003e [Fix] io.js 3.0 - Node.js 5.3 typed array support\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/f03cebfdad1cba1d56614c58affa303b0fa2a43e\"\u003e\u003ccode\u003ef03cebf\u003c/code\u003e\u003c/a\u003e v1.0.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/88dc806806d3dc41444dbf639c87c00f82c949b3\"\u003e\u003ccode\u003e88dc806\u003c/code\u003e\u003c/a\u003e [meta] add \u003ccode\u003eauto-changelog\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/7a137d749ce7ea7ea56b9c096844b1b8ab723f61\"\u003e\u003ccode\u003e7a137d7\u003c/code\u003e\u003c/a\u003e [meta] add \u003ccode\u003enpmignore\u003c/code\u003e and \u003ccode\u003esafe-publish-latest\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/5c02918ac58c875ed36913c2dc3e1043f4d1c99c\"\u003e\u003ccode\u003e5c02918\u003c/code\u003e\u003c/a\u003e [meta] fix package.json indentation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/8fd136432ca298a664f5637629cf2b42a6c7f294\"\u003e\u003ccode\u003e8fd1364\u003c/code\u003e\u003c/a\u003e [Fix] return valid values on multi-byte-wide TypedArray input\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/crypto-browserify/cipher-base/compare/v1.0.4...v1.0.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~ljharb\"\u003eljharb\u003c/a\u003e, a new releaser for cipher-base since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepublish\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `flatted` from 3.1.1 to 3.4.2\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/3bf09091c3562e17a0647bc06710dd6097079cf7\"\u003e\u003ccode\u003e3bf0909\u003c/code\u003e\u003c/a\u003e 3.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/885ddcc33cf9657caf38c57c7be45ae1c5272802\"\u003e\u003ccode\u003e885ddcc\u003c/code\u003e\u003c/a\u003e fix CWE-1321\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/0bdba705d130f00892b1b8fcc80cf4cdea0631e3\"\u003e\u003ccode\u003e0bdba70\u003c/code\u003e\u003c/a\u003e added flatted-view to the benchmark\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/2a02dce7c641dec31194c67663f9b0b12e62da20\"\u003e\u003ccode\u003e2a02dce\u003c/code\u003e\u003c/a\u003e 3.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/fba4e8f2e113665da275b19cd0f695f3d98e9416\"\u003e\u003ccode\u003efba4e8f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/WebReflection/flatted/issues/89\"\u003e#89\u003c/a\u003e from WebReflection/python-fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/5fe86485e6df7f7f34a07a2a85498bd3e17384e7\"\u003e\u003ccode\u003e5fe8648\u003c/code\u003e\u003c/a\u003e added \u0026quot;when in Rome\u0026quot; also a test for PHP\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/53517adbefe724fe472b2f9ebcdb01910d0ae3f0\"\u003e\u003ccode\u003e53517ad\u003c/code\u003e\u003c/a\u003e some minor improvement\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/b3e2a0c387bf446435fec45ad7f05299f012346f\"\u003e\u003ccode\u003eb3e2a0c\u003c/code\u003e\u003c/a\u003e Fixing recursion issue in Python too\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/c4b46dbcbf782326e54ea1b65d3ebb1dc7a23fad\"\u003e\u003ccode\u003ec4b46db\u003c/code\u003e\u003c/a\u003e Add SECURITY.md for security policy and reporting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/f86d071e0f70de5a7d8200198824a3f07fc9c988\"\u003e\u003ccode\u003ef86d071\u003c/code\u003e\u003c/a\u003e Create dependabot.yml for version updates\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/WebReflection/flatted/compare/v3.1.1...v3.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `follow-redirects` from 1.9.0 to 1.16.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/0c23a223067201c368035e82954c11eb2578a33b\"\u003e\u003ccode\u003e0c23a22\u003c/code\u003e\u003c/a\u003e Release version 1.16.0 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/844c4d302ac963d29bdb5dc1754ec7df3d70d7f9\"\u003e\u003ccode\u003e844c4d3\u003c/code\u003e\u003c/a\u003e Add sensitiveHeaders option.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5e8b8d024e2c76f804a284258e585ecb49a575be\"\u003e\u003ccode\u003e5e8b8d0\u003c/code\u003e\u003c/a\u003e ci: add Node.js 24.x to the CI matrix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7953e2255aa0b93602eed3804f3bc5e6923a03af\"\u003e\u003ccode\u003e7953e22\u003c/code\u003e\u003c/a\u003e ci: upgrade GitHub Actions to use setup-node@v6 and checkout@v6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/86dc1f86e4b56bcd642c78384d51f10f123aea75\"\u003e\u003ccode\u003e86dc1f8\u003c/code\u003e\u003c/a\u003e Sanitizing input.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/21ef28a544c5e57f4c34b8476d75f2144609a1eb\"\u003e\u003ccode\u003e21ef28a\u003c/code\u003e\u003c/a\u003e Release version 1.15.11 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7c88135da3bd0681a7e156ee66b16b2f6f98b480\"\u003e\u003ccode\u003e7c88135\u003c/code\u003e\u003c/a\u003e Roll back tree shaking.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/6e389ba094beec211a8847788a146917a16c1bdb\"\u003e\u003ccode\u003e6e389ba\u003c/code\u003e\u003c/a\u003e Release version 1.15.10 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5bc496e0229abda823221e0c6267926a3f93f262\"\u003e\u003ccode\u003e5bc496e\u003c/code\u003e\u003c/a\u003e Shake me up before you go-go.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/694d6b47a42bc8377e5ef1480394de451e16bd5b\"\u003e\u003ccode\u003e694d6b4\u003c/code\u003e\u003c/a\u003e Bump minimist from 1.2.5 to 1.2.8\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/follow-redirects/follow-redirects/compare/v1.9.0...v1.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `handlebars` from 4.7.6 to 4.7.9\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/handlebars-lang/handlebars.js/releases\"\u003ehandlebars's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.7.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: enable shell mode for spawn to resolve Windows EINVAL issue - e0137c2\u003c/li\u003e\n\u003cli\u003efix type \u0026quot;RuntimeOptions\u0026quot; also accepting string partials - eab1d14\u003c/li\u003e\n\u003cli\u003efeat(types): set \u003ccode\u003ehash\u003c/code\u003e to be a \u003ccode\u003eRecord\u0026lt;string, any\u0026gt;\u003c/code\u003e - de4414d\u003c/li\u003e\n\u003cli\u003efix non-contiguous program indices - 4512766\u003c/li\u003e\n\u003cli\u003erefactor: rename i to startPartIndex - e497a35\u003c/li\u003e\n\u003cli\u003esecurity: fix security issues - 68d8df5\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2w6w-674q-4c4q\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2w6w-674q-4c4q\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-3mfm-83xf-c92r\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-3mfm-83xf-c92r\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xhpv-hc6g-r9c6\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xhpv-hc6g-r9c6\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xjpj-3mr7-gcpf\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xjpj-3mr7-gcpf\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-9cx6-37pm-9jff\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-9cx6-37pm-9jff\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2qvq-rjwj-gvw9\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2qvq-rjwj-gvw9\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-7rx3-28cr-v5wh\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-7rx3-28cr-v5wh\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-442j-39wm-28r2\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-442j-39wm-28r2\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.8...v4.7.9\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.7.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMake library compatible with workers (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1894\"\u003e#1894\u003c/a\u003e) - 3d3796c\u003c/li\u003e\n\u003cli\u003eDon't rely on Node.js global object (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1776\"\u003e#1776\u003c/a\u003e) - 2954e7e\u003c/li\u003e\n\u003cli\u003eFix compiling of each block params in strict mode (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1855\"\u003e#1855\u003c/a\u003e) - 30dbf04\u003c/li\u003e\n\u003cli\u003eFix rollup warning when importing Handlebars as ESM - 03d387b\u003c/li\u003e\n\u003cli\u003eFix bundler issue with webpack 5 (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1862\"\u003e#1862\u003c/a\u003e) - c6c6bbb\u003c/li\u003e\n\u003cli\u003eUse https instead of git for mustache submodule - 88ac068\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.7...v4.7.8\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/handlebars-lang/handlebars.js/blob/v4.7.9/release-notes.md\"\u003ehandlebars's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.7.9 - March 26th, 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: enable shell mode for spawn to resolve Windows EINVAL issue - e0137c2\u003c/li\u003e\n\u003cli\u003efix type \u0026quot;RuntimeOptions\u0026quot; also accepting string partials - eab1d14\u003c/li\u003e\n\u003cli\u003efeat(types): set \u003ccode\u003ehash\u003c/code\u003e to be a \u003ccode\u003eRecord\u0026lt;string, any\u0026gt;\u003c/code\u003e - de4414d\u003c/li\u003e\n\u003cli\u003efix non-contiguous program indices - 4512766\u003c/li\u003e\n\u003cli\u003erefactor: rename i to startPartIndex - e497a35\u003c/li\u003e\n\u003cli\u003esecurity: fix security issues - 68d8df5\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.8...v4.7.9\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.7.8 - July 27th, 2023\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMake library compatible with workers (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1894\"\u003e#1894\u003c/a\u003e) - 3d3796c\u003c/li\u003e\n\u003cli\u003eDon't rely on Node.js global object (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1776\"\u003e#1776\u003c/a\u003e) - 2954e7e\u003c/li\u003e\n\u003cli\u003eFix compiling of each block params in strict mode (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1855\"\u003e#1855\u003c/a\u003e) - 30dbf04\u003c/li\u003e\n\u003cli\u003eFix rollup warning when importing Handlebars as ESM - 03d387b\u003c/li\u003e\n\u003cli\u003eFix bundler issue with webpack 5 (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1862\"\u003e#1862\u003c/a\u003e) - c6c6bbb\u003c/li\u003e\n...\n\n_Description has been truncated_","html_url":"https://github.com/jcstein/next.js/pull/19","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/jcstein%2Fnext.js/issues/19","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/19/packages"},{"uuid":"4507692225","node_id":"PR_kwDOPFeS3s7emKqp","number":25,"state":"open","title":"build(deps): bump the npm_and_yarn group across 3 directories with 21 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-23T09:51:47.000Z","updated_at":"2026-05-23T09:52:16.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"npm_and_yarn","update_count":21,"packages":[{"name":"glob","old_version":"10.4.5","new_version":"10.5.0","repository_url":"https://github.com/isaacs/node-glob"},{"name":"lodash","old_version":"4.17.21","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"diff","old_version":"7.0.0","new_version":"9.0.0","repository_url":"https://github.com/kpdecker/jsdiff"},{"name":"@modelcontextprotocol/sdk","old_version":"1.15.1","new_version":"1.29.0","repository_url":"https://github.com/modelcontextprotocol/typescript-sdk"},{"name":"@opentelemetry/sdk-node","old_version":"0.52.1","new_version":"0.218.0","repository_url":"https://github.com/open-telemetry/opentelemetry-js"},{"name":"ajv","old_version":"8.17.1","new_version":"8.18.0","repository_url":"https://github.com/ajv-validator/ajv"},{"name":"simple-git","old_version":"3.28.0","new_version":"3.36.0","repository_url":"https://github.com/steveukx/git-js"},{"name":"undici","old_version":"7.10.0","new_version":"7.25.0","repository_url":"https://github.com/nodejs/undici"},{"name":"brace-expansion","old_version":"1.1.12","new_version":"1.1.14","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"minimatch","old_version":"3.1.2","new_version":"3.1.5","repository_url":"https://github.com/isaacs/minimatch"},{"name":"fast-uri","old_version":"3.0.6","new_version":"3.1.2","repository_url":"https://github.com/fastify/fast-uri"},{"name":"flatted","old_version":"3.3.3","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"js-yaml","old_version":"4.1.0","new_version":"4.1.1","repository_url":"https://github.com/nodeca/js-yaml"},{"name":"jws","old_version":"4.0.0","new_version":"4.0.1","repository_url":"https://github.com/brianloveswords/node-jws"},{"name":"path-to-regexp","old_version":"8.2.0","new_version":"8.4.2","repository_url":"https://github.com/pillarjs/path-to-regexp"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"picomatch","old_version":"4.0.2","new_version":"4.0.4","repository_url":"https://github.com/micromatch/picomatch"},{"name":"rollup","old_version":"4.44.0","new_version":"4.60.4","repository_url":"https://github.com/rollup/rollup"},{"name":"vite","old_version":"7.0.0","new_version":"7.3.3","repository_url":"https://github.com/vitejs/vite"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 18 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [glob](https://github.com/isaacs/node-glob) | `10.4.5` | `10.5.0` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [diff](https://github.com/kpdecker/jsdiff) | `7.0.0` | `9.0.0` |\n| [@modelcontextprotocol/sdk](https://github.com/modelcontextprotocol/typescript-sdk) | `1.15.1` | `1.29.0` |\n| [@opentelemetry/sdk-node](https://github.com/open-telemetry/opentelemetry-js) | `0.52.1` | `0.218.0` |\n| [ajv](https://github.com/ajv-validator/ajv) | `8.17.1` | `8.18.0` |\n| [simple-git](https://github.com/steveukx/git-js/tree/HEAD/simple-git) | `3.28.0` | `3.36.0` |\n| [undici](https://github.com/nodejs/undici) | `7.10.0` | `7.25.0` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.12` | `1.1.14` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [fast-uri](https://github.com/fastify/fast-uri) | `3.0.6` | `3.1.2` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `4.1.0` | `4.1.1` |\n| [jws](https://github.com/brianloveswords/node-jws) | `4.0.0` | `4.0.1` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `8.2.0` | `8.4.2` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [picomatch](https://github.com/micromatch/picomatch) | `4.0.2` | `4.0.4` |\n| [rollup](https://github.com/rollup/rollup) | `4.44.0` | `4.60.4` |\n| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `7.0.0` | `7.3.3` |\n\nBumps the npm_and_yarn group with 10 updates in the /packages/core directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [glob](https://github.com/isaacs/node-glob) | `10.4.5` | `12.0.0` |\n| [diff](https://github.com/kpdecker/jsdiff) | `7.0.0` | `8.0.3` |\n| [@modelcontextprotocol/sdk](https://github.com/modelcontextprotocol/typescript-sdk) | `1.12.3` | `1.29.0` |\n| [@opentelemetry/sdk-node](https://github.com/open-telemetry/opentelemetry-js) | `0.52.1` | `0.217.0` |\n| [simple-git](https://github.com/steveukx/git-js/tree/HEAD/simple-git) | `3.28.0` | `3.36.0` |\n| [undici](https://github.com/nodejs/undici) | `7.10.0` | `7.24.0` |\n| [jws](https://github.com/brianloveswords/node-jws) | `4.0.0` | `4.0.1` |\n| [protobufjs](https://github.com/protobufjs/protobuf.js) | `7.5.3` | `7.6.1` |\n| [rollup](https://github.com/rollup/rollup) | `4.43.0` | `4.60.4` |\n| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `6.3.5` | `7.3.3` |\n\nBumps the npm_and_yarn group with 8 updates in the /packages/vscode-ide-companion directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [@modelcontextprotocol/sdk](https://github.com/modelcontextprotocol/typescript-sdk) | `1.15.1` | `1.26.0` |\n| [ajv](https://github.com/ajv-validator/ajv) | `6.12.6` | `6.15.0` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.12` | `1.1.14` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `2.0.2` | `2.1.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [minimatch](https://github.com/isaacs/minimatch) | `9.0.5` | `9.0.9` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `4.1.0` | `4.1.1` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `8.2.0` | `8.4.2` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n\n\nUpdates `glob` from 10.4.5 to 10.5.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-glob/commit/56774ef73b495eb0b17cdd0f42921f5ef62297c1\"\u003e\u003ccode\u003e56774ef\u003c/code\u003e\u003c/a\u003e 10.5.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-glob/commit/1e4e297342a09f2aa0ced87fcd4a70ddc325d75f\"\u003e\u003ccode\u003e1e4e297\u003c/code\u003e\u003c/a\u003e bin: Do not expose filenames to shell expansion\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/isaacs/node-glob/compare/v10.4.5...v10.5.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lodash` from 4.17.21 to 4.18.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lodash/lodash/releases\"\u003elodash's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.18.1\u003c/h2\u003e\n\u003ch2\u003eBugs\u003c/h2\u003e\n\u003cp\u003eFixes a \u003ccode\u003eReferenceError\u003c/code\u003e issue in \u003ccode\u003elodash\u003c/code\u003e \u003ccode\u003elodash-es\u003c/code\u003e \u003ccode\u003elodash-amd\u003c/code\u003e and \u003ccode\u003elodash.template\u003c/code\u003e when using the \u003ccode\u003etemplate\u003c/code\u003e and \u003ccode\u003efromPairs\u003c/code\u003e functions from the modular builds. See \u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6167#issuecomment-4165269769\"\u003elodash/lodash#6167\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThese defects were related to how lodash distributions are built from the main branch using \u003ca href=\"https://github.com/lodash-archive/lodash-cli\"\u003ehttps://github.com/lodash-archive/lodash-cli\u003c/a\u003e. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.\u003c/p\u003e\n\u003cp\u003eThere is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003elodash\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-es\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-amd\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash.template\u003c/code\u003e\u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.18.0\u003c/h2\u003e\n\u003ch2\u003ev4.18.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.23...4.18.0\"\u003ehttps://github.com/lodash/lodash/compare/4.17.23...4.18.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.unset\u003c/code\u003e / \u003ccode\u003e_.omit\u003c/code\u003e\u003c/strong\u003e: Fixed prototype pollution via \u003ccode\u003econstructor\u003c/code\u003e/\u003ccode\u003eprototype\u003c/code\u003e path traversal (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-f23m-r3pf-42rh\"\u003eGHSA-f23m-r3pf-42rh\u003c/a\u003e, \u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003efe8d32e\u003c/a\u003e). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now \u003ccode\u003econstructor\u003c/code\u003e and \u003ccode\u003eprototype\u003c/code\u003e are blocked unconditionally as non-terminal path keys, matching \u003ccode\u003ebaseSet\u003c/code\u003e. Calls that previously returned \u003ccode\u003etrue\u003c/code\u003e and deleted the property now return \u003ccode\u003efalse\u003c/code\u003e and leave the target untouched.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.template\u003c/code\u003e\u003c/strong\u003e: Fixed code injection via \u003ccode\u003eimports\u003c/code\u003e keys (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-r5fr-rjxr-66jc\"\u003eGHSA-r5fr-rjxr-66jc\u003c/a\u003e, CVE-2026-4800, \u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e879aaa9\u003c/a\u003e). Fixes an incomplete patch for CVE-2021-23337. The \u003ccode\u003evariable\u003c/code\u003e option was validated against \u003ccode\u003ereForbiddenIdentifierChars\u003c/code\u003e but \u003ccode\u003eimportsKeys\u003c/code\u003e was left unguarded, allowing code injection via the same \u003ccode\u003eFunction()\u003c/code\u003e constructor sink. \u003ccode\u003eimports\u003c/code\u003e keys containing forbidden identifier characters now throw \u003ccode\u003e\u0026quot;Invalid imports option passed into _.template\u0026quot;\u003c/code\u003e.\u003c/p\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd security notice for \u003ccode\u003e_.template\u003c/code\u003e in threat model and API docs (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6099\"\u003e#6099\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDocument \u003ccode\u003elower \u0026gt; upper\u003c/code\u003e behavior in \u003ccode\u003e_.random\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6115\"\u003e#6115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix quotes in \u003ccode\u003e_.compact\u003c/code\u003e jsdoc (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6090\"\u003e#6090\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ccode\u003elodash.*\u003c/code\u003e modular packages\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6157\"\u003eDiff\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eWe have also regenerated and published a select number of the \u003ccode\u003elodash.*\u003c/code\u003e modular packages.\u003c/p\u003e\n\u003cp\u003eThese modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.orderby\"\u003elodash.orderby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.tonumber\"\u003elodash.tonumber\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trim\"\u003elodash.trim\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trimend\"\u003elodash.trimend\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.sortedindexby\"\u003elodash.sortedindexby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.zipobjectdeep\"\u003elodash.zipobjectdeep\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.unset\"\u003elodash.unset\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.omit\"\u003elodash.omit\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.template\"\u003elodash.template\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/cb0b9b9212521c08e3eafe7c8cb0af1b42b6649e\"\u003e\u003ccode\u003ecb0b9b9\u003c/code\u003e\u003c/a\u003e release(patch): bump main to 4.18.1 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6177\"\u003e#6177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/75535f57883b7225adb96de1cfc1cd4169cfcb51\"\u003e\u003ccode\u003e75535f5\u003c/code\u003e\u003c/a\u003e chore: prune stale advisory refs (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6170\"\u003e#6170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/62e91bc6a39c98d85b9ada8c44d40593deaf82a4\"\u003e\u003ccode\u003e62e91bc\u003c/code\u003e\u003c/a\u003e docs: remove n_ Node.js \u0026lt; 6 REPL note from README (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6165\"\u003e#6165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/59be2de61f8aa9461c7856533b51d31b7d8babc4\"\u003e\u003ccode\u003e59be2de\u003c/code\u003e\u003c/a\u003e release(minor): bump to 4.18.0 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6161\"\u003e#6161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/af634573030f979194871da7c68f79420992f53d\"\u003e\u003ccode\u003eaf63457\u003c/code\u003e\u003c/a\u003e fix: broken tests for _.template 879aaa9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/1073a7693e1727e0cf3641e5f71f75ddcf8de7c0\"\u003e\u003ccode\u003e1073a76\u003c/code\u003e\u003c/a\u003e fix: linting issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e\u003ccode\u003e879aaa9\u003c/code\u003e\u003c/a\u003e fix: validate imports keys in _.template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003e\u003ccode\u003efe8d32e\u003c/code\u003e\u003c/a\u003e fix: block prototype pollution in baseUnset via constructor/prototype traversal\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/18ba0a32f42fd02117f096b032f89c984173462d\"\u003e\u003ccode\u003e18ba0a3\u003c/code\u003e\u003c/a\u003e refactor(fromPairs): use baseAssignValue for consistent assignment (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6153\"\u003e#6153\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/b8190803d48d60b8c80ad45d39125f32fa618cb2\"\u003e\u003ccode\u003eb819080\u003c/code\u003e\u003c/a\u003e ci: add dist sync validation workflow (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6137\"\u003e#6137\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.21...4.18.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `diff` from 7.0.0 to 9.0.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kpdecker/jsdiff/blob/master/release-notes.md\"\u003ediff's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e9.0.0\u003c/h2\u003e\n\u003cp\u003e(All changes part of PR \u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/672\"\u003e#672\u003c/a\u003e.)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eES5 support is dropped\u003c/strong\u003e. \u003ccode\u003eparsePatch\u003c/code\u003e now uses \u003ccode\u003eTextDecoder\u003c/code\u003e and \u003ccode\u003eUint8Array\u003c/code\u003e, which are not available in ES5, and TypeScript is now compiled with the \u0026quot;es6\u0026quot; \u003ccode\u003etarget\u003c/code\u003e. From now on, I intend to freely use any features that are deemed \u0026quot;Widely available\u0026quot; by \u003ca href=\"https://web.dev/baseline\"\u003eBaseline\u003c/a\u003e. Users who need ES5 support should stick to version 8.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eC-style quoted strings in filename headers are now properly supported\u003c/strong\u003e.\u003c/p\u003e\n\u003cp\u003eWhen the name of either the old or new file in a patch contains \u0026quot;special characters\u0026quot;, both GNU \u003ccode\u003ediff\u003c/code\u003e and Git quote the filename in the patch's headers and escape special characters using the same escape sequences that are used in string literals in C, including octal escapes for all non-ASCII characters. Previously, jsdiff had very little support for this; \u003ccode\u003eparsePatch\u003c/code\u003e would remove the quotes, and unescape any escaped backslashes, but would not unescape other escape sequences. \u003ccode\u003eformatPatch\u003c/code\u003e, meanwhile, did not quote or escape special characters at all.\u003c/p\u003e\n\u003cp\u003eNow, \u003ccode\u003eparsePatch\u003c/code\u003e parses all the possible escape sequences that GNU diff (or Git) ever output, and \u003ccode\u003eformatPatch\u003c/code\u003e quotes and escapes filenames containing special characters in the same way GNU diff does.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003eformatPatch\u003c/code\u003e now omits file headers when \u003ccode\u003eoldFileName\u003c/code\u003e or \u003ccode\u003enewFileName\u003c/code\u003e in the provided patch object are \u003ccode\u003eundefined\u003c/code\u003e\u003c/strong\u003e, regardless of the \u003ccode\u003eheaderOptions\u003c/code\u003e parameter. (Previously, it would treat the absence of \u003ccode\u003eoldFileName\u003c/code\u003e or \u003ccode\u003enewFileName\u003c/code\u003e as indicating the filename was the word \u0026quot;undefined\u0026quot; and emit headers \u003ccode\u003e--- undefined\u003c/code\u003e / \u003ccode\u003e+++ undefined\u003c/code\u003e.)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003eformatPatch\u003c/code\u003e no longer outputs trailing tab characters at the end of \u003ccode\u003e---\u003c/code\u003e/\u003ccode\u003e+++\u003c/code\u003e headers.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003ePreviously, if \u003ccode\u003eformatPatch\u003c/code\u003e was passed a patch object to serialize that had empty strings for the \u003ccode\u003eoldHeader\u003c/code\u003e or \u003ccode\u003enewHeader\u003c/code\u003e property, it would include a trailing tab character after the filename in the \u003ccode\u003e---\u003c/code\u003e and/or \u003ccode\u003e+++\u003c/code\u003e file header. Now, this scenario is treated the same as when \u003ccode\u003eoldHeader\u003c/code\u003e/\u003ccode\u003enewHeader\u003c/code\u003e is \u003ccode\u003eundefined\u003c/code\u003e - i.e. the trailing tab is omitted.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003eformatPatch\u003c/code\u003e no longer mutates its input\u003c/strong\u003e when serializing a patch containing a hunk where either the old or new content contained zero lines. (Such a hunk occurs only when the hunk has no context lines and represents a pure insertion or pure deletion, which for instance will occur whenever one of the two files being diffed is completely empty.) Previously \u003ccode\u003eformatPatch\u003c/code\u003e would provide the correct output but also mutate the \u003ccode\u003eoldLines\u003c/code\u003e or \u003ccode\u003enewLines\u003c/code\u003e property on the hunk, changing the meaning of the underlying patch.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eGit-style patches are now supported by \u003ccode\u003eparsePatch\u003c/code\u003e, \u003ccode\u003eformatPatch\u003c/code\u003e, and \u003ccode\u003ereversePatch\u003c/code\u003e\u003c/strong\u003e.\u003c/p\u003e\n\u003cp\u003ePatches output by \u003ccode\u003egit diff\u003c/code\u003e can include some features that are unlike those output by GNU \u003ccode\u003ediff\u003c/code\u003e, and therefore not handled by an ordinary unified diff format parser. An ordinary diff simply describes the differences between the \u003cem\u003econtent\u003c/em\u003e of two files, but Git diffs can also indicate, via \u0026quot;extended headers\u0026quot;, the creation or deletion of (potentially empty) files, indicate that a file was renamed, and contain information about file mode changes. Furthermore, when these changes appear in a diff in the absence of a content change (e.g. when an empty file is created, or a file is renamed without content changes), the patch will contain no associated \u003ccode\u003e---\u003c/code\u003e/\u003ccode\u003e+++\u003c/code\u003e file headers nor any hunks.\u003c/p\u003e\n\u003cp\u003ejsdiff previously did not support parsing Git's extended headers, nor hunkless patches. Now \u003ccode\u003eparsePatch\u003c/code\u003e parses some of the extended headers, parses hunkless Git patches, and can determine filenames (e.g. from the extended headers) when parsing a patch that includes no \u003ccode\u003e---\u003c/code\u003e or \u003ccode\u003e+++\u003c/code\u003e file headers. The additional information conveyed by the extended headers we support is recorded on new fields on the result object returned by \u003ccode\u003eparsePatch\u003c/code\u003e. See \u003ccode\u003eisGit\u003c/code\u003e and subsequent properties in the docs in the README.md file.\u003c/p\u003e\n\u003cp\u003e\u003ccode\u003eformatPatch\u003c/code\u003e now outputs extended headers based on these new Git-specific properties, and \u003ccode\u003ereversePatch\u003c/code\u003e respects them as far as possible (with one unavoidable caveat noted in the README.md file).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eUnpaired file headers now cause \u003ccode\u003eparsePatch\u003c/code\u003e to throw\u003c/strong\u003e.\u003c/p\u003e\n\u003cp\u003eIt remains acceptable to have a patch with no file headers whatsoever (e.g. one that begins with a \u003ccode\u003e@@\u003c/code\u003e hunk header on the very first line), but a patch with \u003cem\u003eonly\u003c/em\u003e a \u003ccode\u003e---\u003c/code\u003e header or only a \u003ccode\u003e+++\u003c/code\u003e header is now considered an error.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003eparsePatch\u003c/code\u003e is now more tolerant of \u0026quot;trailing garbage\u0026quot;\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eThat is: after a patch, or between files/indexes in a patch, it is now acceptable to have arbitrary lines of \u0026quot;garbage\u0026quot; (so long as they unambiguously have no syntactic meaning - e.g. trailing garbage that leads with a \u003ccode\u003e+\u003c/code\u003e, \u003ccode\u003e-\u003c/code\u003e, or \u003ccode\u003e \u003c/code\u003e and thus is interpretable as part of a hunk still triggers a throw).\u003c/p\u003e\n\u003cp\u003eThis means we no longer reject patches output by tools that include extra data in \u0026quot;garbage\u0026quot; lines not understood by generic unified diff parsers. (For example, SVN patches can include \u0026quot;Property changes on:\u0026quot; lines that generic unified diff parsers should discard as garbage; jsdiff previously threw errors when encountering them.)\u003c/p\u003e\n\u003cp\u003eThis change brings jsdiff's behaviour more in line with GNU \u003ccode\u003epatch\u003c/code\u003e, which is highly permissive of \u0026quot;garbage\u0026quot;.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eThe \u003ccode\u003eoldFileName\u003c/code\u003e and \u003ccode\u003enewFileName\u003c/code\u003e fields of \u003ccode\u003eStructuredPatch\u003c/code\u003e are now typed as \u003ccode\u003estring | undefined\u003c/code\u003e instead of \u003ccode\u003estring\u003c/code\u003e\u003c/strong\u003e. This type change reflects the (pre-existing) reality that \u003ccode\u003eparsePatch\u003c/code\u003e can produce patches without filenames (e.g. when parsing a patch that simply contains hunks with no file headers).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.0.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/667\"\u003e#667\u003c/a\u003e - \u003cstrong\u003efix another bug in \u003ccode\u003ediffWords\u003c/code\u003e when used with an \u003ccode\u003eIntl.Segmenter\u003c/code\u003e\u003c/strong\u003e. If the text to be diffed included a combining mark after a whitespace character (i.e. roughly speaking, an accented space), \u003ccode\u003ediffWords\u003c/code\u003e would previously crash. Now this case is handled correctly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.0.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/631\"\u003e#631\u003c/a\u003e - \u003cstrong\u003efix support for using an \u003ccode\u003eIntl.Segmenter\u003c/code\u003e with \u003ccode\u003ediffWords\u003c/code\u003e\u003c/strong\u003e. This has been almost completely broken since the feature was added in v6.0.0, since it would outright crash on any text that featured two consecutive newlines between a pair of words (a very common case).\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/635\"\u003e#635\u003c/a\u003e - \u003cstrong\u003esmall tweaks to tokenization behaviour of \u003ccode\u003ediffWords\u003c/code\u003e\u003c/strong\u003e when used \u003cem\u003ewithout\u003c/em\u003e an \u003ccode\u003eIntl.Segmenter\u003c/code\u003e. Specifically, the soft hyphen (U+00AD) is no longer considered to be a word break, and the multiplication and division signs (\u003ccode\u003e×\u003c/code\u003e and \u003ccode\u003e÷\u003c/code\u003e) are now treated as punctuation instead of as letters / word characters.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/ed13aca03aa25735fafc0645d1185e7a1c68fd8c\"\u003e\u003ccode\u003eed13aca\u003c/code\u003e\u003c/a\u003e Update version in package.json and in release notes (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/683\"\u003e#683\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/7a49317b503a932b88fc72ad9c57a481df038e24\"\u003e\u003ccode\u003e7a49317\u003c/code\u003e\u003c/a\u003e Bump dependencies again (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/682\"\u003e#682\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/afe5aecad189c9f5941ad3feb3c94c46b32ecb0a\"\u003e\u003ccode\u003eafe5aec\u003c/code\u003e\u003c/a\u003e Add Git support, and otherwise variously improve \u0026amp; fix parsePatch (and other ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/2e46779d8866ce7da1303a03db33ed038590c6f6\"\u003e\u003ccode\u003e2e46779\u003c/code\u003e\u003c/a\u003e Fix a typo (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/679\"\u003e#679\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/dd2f99497703a1540b2ae406b51c49b74b5fc1a1\"\u003e\u003ccode\u003edd2f994\u003c/code\u003e\u003c/a\u003e 8.0.4 release (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/678\"\u003e#678\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/3cc438434db53c5d1c40412b727ea7650f6f145a\"\u003e\u003ccode\u003e3cc4384\u003c/code\u003e\u003c/a\u003e Update docs on releasing to reflect migration to yarn berry (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/677\"\u003e#677\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/6fc2aa6b7672af08774b50aae00d97b99c5b5715\"\u003e\u003ccode\u003e6fc2aa6\u003c/code\u003e\u003c/a\u003e yarn up '*' \u0026amp;\u0026amp; yarn up -R '**' (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/676\"\u003e#676\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/af7393ac3404565dc8da655c2e7aeeed28c01ff7\"\u003e\u003ccode\u003eaf7393a\u003c/code\u003e\u003c/a\u003e yarn up '*' \u0026amp;\u0026amp; yarn up -R '**' (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/670\"\u003e#670\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/4b5d1800370bf29b61a3378fb8086aeb231d3ef7\"\u003e\u003ccode\u003e4b5d180\u003c/code\u003e\u003c/a\u003e Fix another bug in diffWords's \u0026quot;intlSegmenter\u0026quot; mode (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/667\"\u003e#667\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/10da50c466709e7bd4b192dac96af0af46f8b7bd\"\u003e\u003ccode\u003e10da50c\u003c/code\u003e\u003c/a\u003e yarn up '*' \u0026amp;\u0026amp; yarn up -R '**' (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/666\"\u003e#666\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kpdecker/jsdiff/compare/7.0.0...v9.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@modelcontextprotocol/sdk` from 1.15.1 to 1.29.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/releases\"\u003e@​modelcontextprotocol/sdk's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.29.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: treat v1.x as primary branch for npm latest tag (backport \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1577\"\u003e#1577\u003c/a\u003e) by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1749\"\u003emodelcontextprotocol/typescript-sdk#1749\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[v1.x] fix: disallow null (infinite) requested TTL by \u003ca href=\"https://github.com/LucaButBoring\"\u003e\u003ccode\u003e@​LucaButBoring\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1339\"\u003emodelcontextprotocol/typescript-sdk#1339\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[v1.x] fix: add missing size field to ResourceSchema by \u003ca href=\"https://github.com/olaservo\"\u003e\u003ccode\u003e@​olaservo\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1575\"\u003emodelcontextprotocol/typescript-sdk#1575\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd typings exports by \u003ca href=\"https://github.com/tdraier\"\u003e\u003ccode\u003e@​tdraier\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1623\"\u003emodelcontextprotocol/typescript-sdk#1623\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev1.x npm audit fix by \u003ca href=\"https://github.com/KKonstantinov\"\u003e\u003ccode\u003e@​KKonstantinov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1780\"\u003emodelcontextprotocol/typescript-sdk#1780\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev1.x \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1623\"\u003e#1623\u003c/a\u003e follow up -add missing types to package.json by \u003ca href=\"https://github.com/KKonstantinov\"\u003e\u003ccode\u003e@​KKonstantinov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1773\"\u003emodelcontextprotocol/typescript-sdk#1773\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[v1.x backport] Allow servers / clients to advertise extensions in the capability object by \u003ca href=\"https://github.com/localden\"\u003e\u003ccode\u003e@​localden\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1811\"\u003emodelcontextprotocol/typescript-sdk#1811\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(stdio): always set windowsHide on Windows, not just in Electron by \u003ca href=\"https://github.com/jnMetaCode\"\u003e\u003ccode\u003e@​jnMetaCode\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1640\"\u003emodelcontextprotocol/typescript-sdk#1640\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: bump version to 1.29.0 by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1820\"\u003emodelcontextprotocol/typescript-sdk#1820\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tdraier\"\u003e\u003ccode\u003e@​tdraier\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1623\"\u003emodelcontextprotocol/typescript-sdk#1623\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jnMetaCode\"\u003e\u003ccode\u003e@​jnMetaCode\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1640\"\u003emodelcontextprotocol/typescript-sdk#1640\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/v1.28.0...v1.29.0\"\u003ehttps://github.com/modelcontextprotocol/typescript-sdk/compare/v1.28.0...v1.29.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.28.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: use scopes_supported from resource metadata by default (fixes \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/580\"\u003e#580\u003c/a\u003e) by \u003ca href=\"https://github.com/antogyn\"\u003e\u003ccode\u003e@​antogyn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/757\"\u003emodelcontextprotocol/typescript-sdk#757\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[v1.x backport] Default to client_secret_basic when server omits token_endpoint_auth_methods_supported by \u003ca href=\"https://github.com/pcarleton\"\u003e\u003ccode\u003e@​pcarleton\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1611\"\u003emodelcontextprotocol/typescript-sdk#1611\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: reject plain JSON Schema objects passed as inputSchema by \u003ca href=\"https://github.com/tiluckdave\"\u003e\u003ccode\u003e@​tiluckdave\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1596\"\u003emodelcontextprotocol/typescript-sdk#1596\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: clear _timeoutInfo in _onclose() and scope .finally() abort controller cleanup by \u003ca href=\"https://github.com/pcarleton\"\u003e\u003ccode\u003e@​pcarleton\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1462\"\u003emodelcontextprotocol/typescript-sdk#1462\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(server/auth): RFC 8252 loopback port relaxation by \u003ca href=\"https://github.com/poteat\"\u003e\u003ccode\u003e@​poteat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1738\"\u003emodelcontextprotocol/typescript-sdk#1738\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: bump version to 1.28.0 by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1746\"\u003emodelcontextprotocol/typescript-sdk#1746\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/antogyn\"\u003e\u003ccode\u003e@​antogyn\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/757\"\u003emodelcontextprotocol/typescript-sdk#757\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tiluckdave\"\u003e\u003ccode\u003e@​tiluckdave\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1596\"\u003emodelcontextprotocol/typescript-sdk#1596\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/poteat\"\u003e\u003ccode\u003e@​poteat\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1738\"\u003emodelcontextprotocol/typescript-sdk#1738\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/v1.27.1...v1.28.0\"\u003ehttps://github.com/modelcontextprotocol/typescript-sdk/compare/v1.27.1...v1.28.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.27.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: implement auth/pre-registration conformance scenario by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1545\"\u003emodelcontextprotocol/typescript-sdk#1545\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: add governance documentation for SEP-1730 by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1547\"\u003emodelcontextprotocol/typescript-sdk#1547\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: comprehensive feature documentation for SEP-1730 Tier 1 by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1548\"\u003emodelcontextprotocol/typescript-sdk#1548\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: prevent command injection in example URL opening (v1.x backport) by \u003ca href=\"https://github.com/maxisbey\"\u003e\u003ccode\u003e@​maxisbey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1579\"\u003emodelcontextprotocol/typescript-sdk#1579\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: call onerror for silently swallowed transport errors by \u003ca href=\"https://github.com/qing-ant\"\u003e\u003ccode\u003e@​qing-ant\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1580\"\u003emodelcontextprotocol/typescript-sdk#1580\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: bump version to 1.27.1 by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1581\"\u003emodelcontextprotocol/typescript-sdk#1581\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qing-ant\"\u003e\u003ccode\u003e@​qing-ant\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1580\"\u003emodelcontextprotocol/typescript-sdk#1580\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/v1.27.0...v1.27.1\"\u003ehttps://github.com/modelcontextprotocol/typescript-sdk/compare/v1.27.0...v1.27.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.27.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/e12cbd7078db388152f6e839abdbe09ba01f3f32\"\u003e\u003ccode\u003ee12cbd7\u003c/code\u003e\u003c/a\u003e chore: bump version to 1.29.0 (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1820\"\u003e#1820\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/3913fd4443a86536155e3ebef9edd2045c372c1e\"\u003e\u003ccode\u003e3913fd4\u003c/code\u003e\u003c/a\u003e fix(stdio): always set windowsHide on Windows, not just in Electron (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1640\"\u003e#1640\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/5608e78dd0d4ca6cd7dd03278419578f1780365a\"\u003e\u003ccode\u003e5608e78\u003c/code\u003e\u003c/a\u003e [v1.x backport] Allow servers / clients to advertise extensions in the capabi...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/7213816788e634ffb9d09affe50f0295093bfb73\"\u003e\u003ccode\u003e7213816\u003c/code\u003e\u003c/a\u003e v1.x \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1623\"\u003e#1623\u003c/a\u003e follow up -add missing types to package.json (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1773\"\u003e#1773\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/364f38ca2d8895aed7c37b7a0a1031bb7ae4841c\"\u003e\u003ccode\u003e364f38c\u003c/code\u003e\u003c/a\u003e v1.x npm audit fix (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1780\"\u003e#1780\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/c95cc0943b045517e4cc414baf1f168b216c3142\"\u003e\u003ccode\u003ec95cc09\u003c/code\u003e\u003c/a\u003e Add typings exports (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1623\"\u003e#1623\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/ddadaa6cc633fb5db0c094bf031b15b68a357820\"\u003e\u003ccode\u003eddadaa6\u003c/code\u003e\u003c/a\u003e [v1.x] fix: add missing size field to ResourceSchema (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1575\"\u003e#1575\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/2a158513028d9f862c4188b6957e78cd5663f26b\"\u003e\u003ccode\u003e2a15851\u003c/code\u003e\u003c/a\u003e [v1.x] fix: disallow null (infinite) requested TTL (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1339\"\u003e#1339\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/13e30f1d36de8442417fec695983bdb155c00768\"\u003e\u003ccode\u003e13e30f1\u003c/code\u003e\u003c/a\u003e fix: treat v1.x as primary branch for npm latest tag (backport \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1577\"\u003e#1577\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1749\"\u003e#1749\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/a0565695218544fc53e99bf5b544a887d373cefa\"\u003e\u003ccode\u003ea056569\u003c/code\u003e\u003c/a\u003e chore: bump version to 1.28.0 (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1746\"\u003e#1746\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/1.15.1...v1.29.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~pcarleton\"\u003epcarleton\u003c/a\u003e, a new releaser for \u003ccode\u003e@​modelcontextprotocol/sdk\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@opentelemetry/sdk-node` from 0.52.1 to 0.218.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/releases\"\u003e@​opentelemetry/sdk-node's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eexperimental/v0.218.0\u003c/h2\u003e\n\u003ch2\u003e0.218.0\u003c/h2\u003e\n\u003ch3\u003e:rocket: Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat(otlp-transformer): replace protobufjs metrics serialization with custom implementation \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6629\"\u003e#6625\u003c/a\u003e \u003ca href=\"https://github.com/pichlermarc\"\u003e\u003ccode\u003e@​pichlermarc\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(configuration): show all config validation errors, if there are multiple \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6683\"\u003e#6683\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(sdk-node): allow startNodeSDK() without an arg \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6688\"\u003e#6688\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e:house: Internal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003erefactor(sdk-logs): alias \u003ccode\u003eLoggerProviderConfig\u003c/code\u003e to \u003ccode\u003eLoggerProviderOptions\u003c/code\u003e \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6691\"\u003e#6691\u003c/a\u003e \u003ca href=\"https://github.com/david-luna\"\u003e\u003ccode\u003e@​david-luna\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erefactor(sdk-logs): use \u003ccode\u003eLogger.enabled()\u003c/code\u003e within \u003ccode\u003eLogger.emit()\u003c/code\u003e implementation \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6680\"\u003e#6680\u003c/a\u003e \u003ca href=\"https://github.com/david-luna\"\u003e\u003ccode\u003e@​david-luna\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eexperimental/v0.217.0\u003c/h2\u003e\n\u003ch2\u003e0.217.0\u003c/h2\u003e\n\u003ch3\u003e:rocket: Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat(otlp-transformer): replace protobufjs trace serialization with custom implementation \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6625\"\u003e#6625\u003c/a\u003e \u003ca href=\"https://github.com/pichlermarc\"\u003e\u003ccode\u003e@​pichlermarc\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(configuration): auto-generate TypeScript types from OTel declarative config JSON schema (stable v1.0.0) using \u003ccode\u003ejson-schema-to-typescript\u003c/code\u003e and \u003ccode\u003eajv\u003c/code\u003e \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6533\"\u003e#6533\u003c/a\u003e \u003ca href=\"https://github.com/MikeGoldsmith\"\u003e\u003ccode\u003e@​MikeGoldsmith\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(configuration, sdk-node): \u003ccode\u003estartNodeSDK()\u003c/code\u003e code path now uses \u003ccode\u003elog_level\u003c/code\u003e configuration to setup a DiagConsoleLogger \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6668\"\u003e#6668\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eNote that allowed values for \u003ccode\u003elog_level\u003c/code\u003e in a configuration YAML file are \u003cem\u003enot\u003c/em\u003e the same set as for \u003ccode\u003eOTEL_LOG_LEVEL\u003c/code\u003e. Use \u003ccode\u003elog_level: trace\u003c/code\u003e to see \u003cem\u003eall\u003c/em\u003e logs (equivalent of \u003ccode\u003eOTEL_LOG_LEVEL=ALL\u003c/code\u003e). Use \u003ccode\u003elog_level: fatal\u003c/code\u003e to effectively disable the SDK's internal diagnostic logger (equivalent of \u003ccode\u003eOTEL_LOG_LEVEL=NONE\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eIf \u003ccode\u003elog_level\u003c/code\u003e is not specified, a diagnostic console logger at \u0026quot;info\u0026quot; level will be setup.\u003c/li\u003e\n\u003cli\u003eAn invalid YAML config file will now result in a noop OTel SDK.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e:bug: Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix(configuration): do not validate \u003ccode\u003eOTEL_CONFIG_FILE\u003c/code\u003e value before using it for file config \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6643\"\u003e#6643\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(configuration): improve how 'additionalProperties' in JSON schema is translated to TS types \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6650\"\u003e#6650\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(configuration): remove stripMinItems and preprocessNullArrays from validation/parsing \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6657\"\u003e#6657\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(configuration): improve handling of enums in generated types \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6659\"\u003e#6659\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(configuration): improve the technique for removing '| null' on types the JSON Schema \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6662\"\u003e#6662\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(sampler-jaeger-remote): add missing axios dep \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6656\"\u003e#6656\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(exporter-prometheus): handle malformed URLs in Prometheus exporter request handler \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6674\"\u003e#6674\u003c/a\u003e \u003ca href=\"https://github.com/homanp\"\u003e\u003ccode\u003e@​homanp\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eexperimental/v0.216.0\u003c/h2\u003e\n\u003ch2\u003e0.216.0\u003c/h2\u003e\n\u003ch3\u003e:rocket: Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat(sdk-node): wire attribute_keys from declarative configuration to ViewOptions.attributesProcessors \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6427\"\u003e#6427\u003c/a\u003e \u003ca href=\"https://github.com/ravitheja4531-cell\"\u003e\u003ccode\u003e@​ravitheja4531-cell\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(sdk-node): set TracerProvider in startNodeSDK() \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6607\"\u003e#6607\u003c/a\u003e \u003ca href=\"https://github.com/maryliag\"\u003e\u003ccode\u003e@​maryliag\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e:bug: Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix(instrumentation-xml-http-request): avoid unwrapping \u003ccode\u003eXMLHttpRequest\u003c/code\u003e API when disabling \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6611\"\u003e#6611\u003c/a\u003e \u003ca href=\"https://github.com/david-luna\"\u003e\u003ccode\u003e@​david-luna\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(instrumentation-fetch): tolerate non-writable \u003ccode\u003eglobalThis.fetch\u003c/code\u003e and fix premature \u003ccode\u003e_isEnabled\u003c/code\u003e / \u003ccode\u003e_isFetchPatched\u003c/code\u003e flips in \u003ccode\u003eenable()\u003c/code\u003e \u003ca href=\"https://github.com/brunorodmoreira\"\u003e\u003ccode\u003e@​brunorodmoreira\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/06ad0eaaecbd49f5ead871325f852cc2a3454079\"\u003e\u003ccode\u003e06ad0ea\u003c/code\u003e\u003c/a\u003e chore: prepare next release (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6703\"\u003e#6703\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/38ca257e64ebd13f5603d5539f8a48d6d9232037\"\u003e\u003ccode\u003e38ca257\u003c/code\u003e\u003c/a\u003e feat(otlp-transformer): replace protobufjs metrics serialization with custom ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/013c60085b84351a4c1e4e4f79e3dd67c56661cd\"\u003e\u003ccode\u003e013c600\u003c/code\u003e\u003c/a\u003e chore: prepare next release (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6699\"\u003e#6699\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/b7a0c63bde39d7916fdb73cbb3d64cf1c93282c5\"\u003e\u003ccode\u003eb7a0c63\u003c/code\u003e\u003c/a\u003e feat(semantic-conventions): update semantic conventions to v1.41.1 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6695\"\u003e#6695\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/774143b2c6667c6537c000ab48ea5ce998278ca0\"\u003e\u003ccode\u003e774143b\u003c/code\u003e\u003c/a\u003e chore(renovate): add minimumReleaseAge to config (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6697\"\u003e#6697\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/e0dafe0d9fadaccf7dd8d7b02dd85531356e2ac1\"\u003e\u003ccode\u003ee0dafe0\u003c/code\u003e\u003c/a\u003e fix(otlp-exporter-base): remove brackets from IPv6 hostname in HTTP transport...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/f804c93d1d6d903036b8bf38f8c3713dbbaf0360\"\u003e\u003ccode\u003ef804c93\u003c/code\u003e\u003c/a\u003e chore(deps): update github/codeql-action digest to 68bde55 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6682\"\u003e#6682\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/95e48e7afcc475ded350b95b43070c54591ecbbb\"\u003e\u003ccode\u003e95e48e7\u003c/code\u003e\u003c/a\u003e refactor(sdk-logs): alias \u003ccode\u003eLoggerProviderConfig\u003c/code\u003e to \u003ccode\u003eLoggerProviderOptions\u003c/code\u003e (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/907b627d9ada25844b0f06551ecd9bbda5c0ea4f\"\u003e\u003ccode\u003e907b627\u003c/code\u003e\u003c/a\u003e feat(sdk-node): allow startNodeSDK() without an arg (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6688\"\u003e#6688\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/0d1526198fafe7f90078ff353103d0427e6c64d4\"\u003e\u003ccode\u003e0d15261\u003c/code\u003e\u003c/a\u003e docs: Add SIG meeting info and welcoming language (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6689\"\u003e#6689\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/compare/experimental/v0.52.1...experimental/v0.218.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for \u003ccode\u003e@​opentelemetry/sdk-node\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ajv` from 8.17.1 to 8.18.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ajv-validator/ajv/releases\"\u003eajv's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.18.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: allow tree-shaking by adding \u003ccode\u003e\u0026quot;sideEffects\u0026quot;: false\u003c/code\u003e to \u003ccode\u003epackage.json\u003c/code\u003e by \u003ca href=\"https://github.com/josdejong\"\u003e\u003ccode\u003e@​josdejong\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2480\"\u003eajv-validator/ajv#2480\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2482\"\u003e#2482\u003c/a\u003e Infinity and NaN serialise to null by \u003ca href=\"https://github.com/jasoniangreen\"\u003e\u003ccode\u003e@​jasoniangreen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2487\"\u003eajv-validator/ajv#2487\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: small grammatical error in managing-schemas.md by \u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2508\"\u003eajv-validator/ajv#2508\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: typos in schema-language.md by \u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2507\"\u003eajv-validator/ajv#2507\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(pattern): use configured RegExp engine with $data keyword to mitigate ReDoS attacks (CVE-2025-69873) by \u003ca href=\"https://github.com/epoberezkin\"\u003e\u003ccode\u003e@​epoberezkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2586\"\u003eajv-validator/ajv#2586\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/josdejong\"\u003e\u003ccode\u003e@​josdejong\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2480\"\u003eajv-validator/ajv#2480\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2508\"\u003eajv-validator/ajv#2508\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0\"\u003ehttps://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/142ce84b807c4fe66e619c22480a28d0e4bd50fa\"\u003e\u003ccode\u003e142ce84\u003c/code\u003e\u003c/a\u003e 8.18.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/720a23fa453ffae8340e92c9b0fe886c54cfe0d5\"\u003e\u003ccode\u003e720a23f\u003c/code\u003e\u003c/a\u003e fix(pattern): use configured RegExp engine with $data keyword to mitigate ReD...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/82735a15826a30cc51e97a1bbfb59b3d388e4b98\"\u003e\u003ccode\u003e82735a1\u003c/code\u003e\u003c/a\u003e fix: typos in schema-language.md (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2507\"\u003e#2507\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/b17ec32cd97542e90ae27231d8a8bce88b9e53b6\"\u003e\u003ccode\u003eb17ec32\u003c/code\u003e\u003c/a\u003e fix: small grammatical error in managing-schemas.md (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2508\"\u003e#2508\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/69568d08564303e2c32a2de61feb833b41075f96\"\u003e\u003ccode\u003e69568d0\u003c/code\u003e\u003c/a\u003e fix: \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2482\"\u003e#2482\u003c/a\u003e Infinity and NaN serialise to null (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2487\"\u003e#2487\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/f06766f33ed7291f84c19f22a1286a34475fbdaf\"\u003e\u003ccode\u003ef06766f\u003c/code\u003e\u003c/a\u003e feat: allow tree-shaking by adding ``\u0026quot;sideEffects\u0026quot;: false\u003ccode\u003eto\u003c/code\u003epackage.json` ...\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `simple-git` from 3.28.0 to 3.36.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/steveukx/git-js/releases\"\u003esimple-git's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003esimple-git@3.36.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e89a2294: Extend known exploitable configuration keys and per-task environment variables.\u003c/p\u003e\n\u003cp\u003eNote - \u003ccode\u003eParsedVulnerabilities\u003c/code\u003e from \u003ccode\u003eargv-parser\u003c/code\u003e is removed in favour of a readonly array of \u003ccode\u003eVulnerability\u003c/code\u003e to match usage in \u003ccode\u003esimple-git\u003c/code\u003e, rolled into the new \u003ccode\u003evulnerabilityCheck\u003c/code\u003e for simpler access to the identified issues.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/zebbern\"\u003e\u003ccode\u003e@​zebbern\u003c/code\u003e\u003c/a\u003e for identifying the need to block \u003ccode\u003ecore.fsmonitor\u003c/code\u003e.\nThanks to \u003ca href=\"https://github.com/kodareef5\"\u003e\u003ccode\u003e@​kodareef5\u003c/code\u003e\u003c/a\u003e for identifying the need to block \u003ccode\u003eGIT_CONFIG_COUNT\u003c/code\u003e environment variables and \u003ccode\u003e--template\u003c/code\u003e / \u003ccode\u003emerge\u003c/code\u003e related config.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e1ad57e8: Remove conflicting node:buffer import\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [89a2294]\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [675570a]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/argv-parser\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.1.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/args-pathspec\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esimple-git@3.35.2\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e0cf9d8c: Improvements for mono-repo publishing pipeline\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [0cf9d8c]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/args-pathspec\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.2\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/argv-parser\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esimple-git@3.35.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e0de400e: Update monorepo version handling during publish\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [0de400e]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/argv-parser\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.2\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esimple-git@3.33.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ea263635: Use \u003ccode\u003epathspec\u003c/code\u003e wrappers for remote and local paths when running either \u003ccode\u003egit.clone\u003c/code\u003e or \u003ccode\u003egit.mirror\u003c/code\u003e to\navoid leaving them less open for unexpected outcomes when passing unsanitised data into these tasks.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003ee253a0d: Enhanced \u003ccode\u003egit -c\u003c/code\u003e checks in \u003ccode\u003eunsafe\u003c/code\u003e plugin.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/JohannesLks\"\u003e\u003ccode\u003e@​JohannesLks\u003c/code\u003e\u003c/a\u003e for identifying the issue\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esimple-git@3.32.3\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ef704208: Enhanced \u003ccode\u003eprotocol.allow\u003c/code\u003e checks in \u003ccode\u003eallowUnsafeExtProtocol\u003c/code\u003e handling.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/steveukx/git-js/blob/main/simple-git/CHANGELOG.md\"\u003esimple-git's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.36.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e89a2294: Extend known exploitable configuration keys and per-task environment variables.\u003c/p\u003e\n\u003cp\u003eNote - \u003ccode\u003eParsedVulnerabilities\u003c/code\u003e from \u003ccode\u003eargv-parser\u003c/code\u003e is removed in favour of a readonly array of \u003ccode\u003eVulnerability\u003c/code\u003e to match usage in \u003ccode\u003esimple-git\u003c/code\u003e, rolled into the new \u003ccode\u003evulnerabilityCheck\u003c/code\u003e for simpler access to the identified issues.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/zebbern\"\u003e\u003ccode\u003e@​zebbern\u003c/code\u003e\u003c/a\u003e for identifying the need to block \u003ccode\u003ecore.fsmonitor\u003c/code\u003e.\nThanks to \u003ca href=\"https://github.com/kodareef5\"\u003e\u003ccode\u003e@​kodareef5\u003c/code\u003e\u003c/a\u003e for identifying the need to block \u003ccode\u003eGIT_CONFIG_COUNT\u003c/code\u003e environment variables and \u003ccode\u003e--template\u003c/code\u003e / \u003ccode\u003emerge\u003c/code\u003e related config.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e1ad57e8: Remove conflicting node:buffer import\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [89a2294]\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [675570a]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/argv-parser\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.1.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/args-pathspec\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.35.2\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e0cf9d8c: Improvements for mono-repo publishing pipeline\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [0cf9d8c]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/args-pathspec\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.2\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/argv-parser\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.35.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e0de400e: Update monorepo version handling during publish\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [0de400e]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/argv-parser\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.2\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.35.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e3d8708b: Updating publish config\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated dependencies [3d8708b]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/args-pathspec\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.1\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/argv-parser\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.34.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/7dc1a532a9ec92fb08c93202954be73175b07d83\"\u003e\u003ccode\u003e7dc1a53\u003c/code\u003e\u003c/a\u003e Version Packages\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/76f5376bd418cb8baf5ec32757af442d47128e22\"\u003e\u003ccode\u003e76f5376\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://github.com/steveukx/git-js/tree/HEAD/simple-git/issues/1061\"\u003e#1061\u003c/a\u003e from Vinzent03/fix/buffer-import\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/89a2294febed5dfe737c4c735d936bb6018746a8\"\u003e\u003ccode\u003e89a2294\u003c/code\u003e\u003c/a\u003e Environment Parsing (\u003ca href=\"https://github.com/steveukx/git-js/tree/HEAD/simple-git/issues/1156\"\u003e#1156\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/1b91b762f047777ca6686f34ac3f7b8a543a4780\"\u003e\u003ccode\u003e1b91b76\u003c/code\u003e\u003c/a\u003e fix: remove explicit node:buffer import\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/e390685960a3461875dce89d87ab80e3143d79fe\"\u003e\u003ccode\u003ee390685\u003c/code\u003e\u003c/a\u003e Version Packages\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/3c9e4b8309667d0cb4102cda770f92075fc781dd\"\u003e\u003ccode\u003e3c9e4b8\u003c/code\u003e\u003c/a\u003e Pin version of \u003ccode\u003e@​simple-git/args-pathspec\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/94ee21fd5a2a6182fbf0f218a5efca2057b567cd\"\u003e\u003ccode\u003e94ee21f\u003c/code\u003e\u003c/a\u003e Export \u003ccode\u003epathspec\u003c/code\u003e types through \u003ccode\u003esimple-git\u003c/code\u003e for backward compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/6d7cb5174273aa33d131172d3770cb386e795171\"\u003e\u003ccode\u003e6d7cb51\u003c/code\u003e\u003c/a\u003e Version Packages\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/0de400e7b014a48113acf673b3409a95b9c87a15\"\u003e\u003ccode\u003e0de400e\u003c/code\u003e\u003c/a\u003e Switch to semver from workspace revisions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/2264722abcb637042dd4cc50d903d69e4ee14b38\"\u003e\u003ccode\u003e2264722\u003c/code\u003e\u003c/a\u003e Version Packages\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/steveukx/git-js/commits/simple-git@3.36.0/simple-git\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for simple-git since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `undici` from 7.10.0 to 7.25.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodejs/undici/releases\"\u003eundici's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.25.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.24.8...v7.25.0\"\u003ehttps://github.com/nodejs/undici/compare/v7.24.8...v7.25.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.24.8\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: backport 401 stream-backed body fix to v7.x by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/5006\"\u003enodejs/undici#5006\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.24.7...v7.24.8\"\u003ehttps://github.com/nodejs/undici/compare/v7.24.7...v7.24.8\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.24.7\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: update broken links in file \u0026quot;Dispatcher.md\u0026quot; by \u003ca href=\"https://github.com/samuel871211\"\u003e\u003ccode\u003e@​samuel871211\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4924\"\u003enodejs/undici#4924\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edoc: remove unused parameter \u003ccode\u003eredirectionLimitReached\u003c/code\u003e by \u003ca href=\"https://github.com/samuel871211\"\u003e\u003ccode\u003e@​samuel871211\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4933\"\u003enodejs/undici#4933\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: skip flaky macOS Node 20 cookie fetch cases by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4932\"\u003enodejs/undici#4932\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(types): align Response with DOM fetch types by \u003ca href=\"https://github.com/theamodhshetty\"\u003e\u003ccode\u003e@​theamodhshetty\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4867\"\u003enodejs/undici#4867\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(types): Fix clone method type declaration to be an instance method rather than instance property by \u003ca href=\"https://github.com/mistval\"\u003e\u003ccode\u003e@​mistval\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4925\"\u003enodejs/undici#4925\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: skip IPv6 tests when IPv6 is not available by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4939\"\u003enodejs/undici#4939\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: correctly handle multi-value rawHeaders in fetch by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4938\"\u003enodejs/undici#4938\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eignore AGENTS.md by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4942\"\u003enodejs/undici#4942\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/samuel871211\"\u003e\u003ccode\u003e@​samuel871211\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4924\"\u003enodejs/undici#4924\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mistval\"\u003e\u003ccode\u003e@​mistval\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4925\"\u003enodejs/undici#4925\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.24.6...v7.24.7\"\u003ehttps://github.com/nodejs/undici/compare/v7.24.6...v7.24.7\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.24.6\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(test): client wasm compatible with clang 22 by \u003ca href=\"https://github.com/rozzilla\"\u003e\u003ccode\u003e@​rozzilla\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4909\"\u003enodejs/undici#4909\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(mock): improve error message when intercepts are exhausted by \u003ca href=\"https://github.com/travisbreaks\"\u003e\u003ccode\u003e@​travisbreaks\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4912\"\u003enodejs/undici#4912\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(websocket): support open diagnostics over h2 by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4921\"\u003enodejs/undici#4921\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: assume http/https scheme for scheme-less proxy env vars by \u003ca href=\"https://github.com/travisbreaks\"\u003e\u003ccode\u003e@​travisbreaks\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4914\"\u003enodejs/undici#4914\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(cache): check Authorization on request headers per RFC 9111 §3.5 by \u003ca href=\"https://github.com/metalix2\"\u003e\u003ccode\u003e@​metalix2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4911\"\u003enodejs/undici#4911\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: wrap kConnector call in try/catch to prevent client hang by \u003ca href=\"https://github.com/veeceey\"\u003e\u003ccode\u003e@​veeceey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4834\"\u003enodejs/undici#4834\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: clarify fetch and FormData pairing by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4922\"\u003enodejs/undici#4922\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: support Connection header with connection-specific header names per RFC 7230 by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4775\"\u003enodejs/undici#4775\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: avoid prototype collisions in parseHeaders by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4923\"\u003enodejs/undici#4923\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump typescript from 5.9.3 to 6.0.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4926\"\u003enodejs/undici#4926\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: auto-init WPT submodule by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4930\"\u003enodejs/undici#4930\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rozzilla\"\u003e\u003ccode\u003e@​rozzilla\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4909\"\u003enodejs/undici#4909\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/veeceey\"\u003e\u003ccode\u003e@​veeceey\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4834\"\u003enodejs/undici#4834\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.24.5...v7.24.6\"\u003ehttps://github.com/nodejs/undici/compare/v7.24.5...v7.24.6\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/12d9045923b7caebb1ae6975ef34c29dbcfd95d0\"\u003e\u003ccode\u003e12d9045\u003c/code\u003e\u003c/a\u003e Bumped v7.25.0 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/5025\"\u003e#5025\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/7a6f7febb30a30748a04f38c21e3641c77d21b0e\"\u003e\u003ccode\u003e7a6f7fe\u003c/code\u003e\u003c/a\u003e Bumped v7.24.8 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/5020\"\u003e#5020\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/1f85ae4b27ed6401e7ccc35eb546ad2e5976121f\"\u003e\u003ccode\u003e1f85ae4\u003c/code\u003e\u003c/a\u003e fix: avoid 401 failures for stream-backed request bodies (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4941\"\u003e#4941\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/5006\"\u003e#5006\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/c6610674dfad7c205ddf0f27831133973ad7894e\"\u003e\u003ccode\u003ec661067\u003c/code\u003e\u003c/a\u003e chore: update v7.x maintenance release flow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/84f23e2a19cd0f585579c4257d801e4ec2d65dbd\"\u003e\u003ccode\u003e84f23e2\u003c/code\u003e\u003c/a\u003e Bumped v7.24.7 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4947\"\u003e#4947\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/a770b1033201984b9e8082a9bf955414bff5dc2e\"\u003e\u003ccode\u003ea770b10\u003c/code\u003e\u003c/a\u003e ignore AGENTS.md (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4942\"\u003e#4942\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/6acd19beaf67c1a2d07bcd38f40d0b751a81e7cc\"\u003e\u003ccode\u003e6acd19b\u003c/code\u003e\u003c/a\u003e fix: correctly handle multi-value rawHeaders in fetch (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4938\"\u003e#4938\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/1da1c747c7d6e01b93ab295e0efb86623f3c8e06\"\u003e\u003ccode\u003e1da1c74\u003c/code\u003e\u003c/a\u003e test: skip IPv6 tests when IPv6 is not available (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4939\"\u003e#4939\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/04cb77327f7ada95c2e5b67424cddcb22d7bf882\"\u003e\u003ccode\u003e04cb773\u003c/code\u003e\u003c/a\u003e fix(types): Fix clone method type declaration to be an instance method rather...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/5145a7c47080d1715b2723591def3a75b0c3ba63\"\u003e\u003ccode\u003e5145a7c\u003c/code\u003e\u003c/a\u003e fix(types): align Response with DOM fetch types (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4867\"\u003e#4867\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nodejs/undici/compare/v7.10.0...v7.25.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for undici since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `brace-expansion` from 1.1.12 to 1.1.14\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/10c05fcf3699b1a29ef5e611c011af3d3c97e6e3\"\u003e\u003ccode\u003e10c05fc\u003c/code\u003e\u003c/a\u003e 1.1.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/1afa1b22ead12f6a7a02f25bf0f7d64c2439b007\"\u003e\u003ccode\u003e1afa1b2\u003c/code\u003e\u003c/a\u003e Add opt-in { max } mitigation to v1 l...\n\n_Description has been truncated_","html_url":"https://github.com/ahump20/gemini-cli/pull/25","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/ahump20%2Fgemini-cli/issues/25","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/25/packages"},{"uuid":"4507198611","node_id":"PR_kwDOQ5tu8c7eko6i","number":13,"state":"closed","title":"chore(deps): bump the npm_and_yarn group across 2 directories with 21 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-23T07:45:38.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-23T06:52:51.000Z","updated_at":"2026-05-23T07:45:40.000Z","time_to_close":3167,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"npm_and_yarn","update_count":21,"packages":[{"name":"simple-git","old_version":"3.28.0","new_version":"3.36.0","repository_url":"https://github.com/steveukx/git-js"},{"name":"tar","old_version":"7.5.2","new_version":"7.5.11","repository_url":"https://github.com/isaacs/node-tar"},{"name":"@modelcontextprotocol/sdk","old_version":"1.23.0","new_version":"1.29.0","repository_url":"https://github.com/modelcontextprotocol/typescript-sdk"},{"name":"diff","old_version":"7.0.0","new_version":"9.0.0","repository_url":"https://github.com/kpdecker/jsdiff"},{"name":"undici","old_version":"7.15.0","new_version":"7.25.0","repository_url":"https://github.com/nodejs/undici"},{"name":"ajv","old_version":"8.17.1","new_version":"8.18.0","repository_url":"https://github.com/ajv-validator/ajv"},{"name":"picomatch","old_version":"4.0.3","new_version":"4.0.4","repository_url":"https://github.com/micromatch/picomatch"},{"name":"vite","old_version":"7.2.2","new_version":"7.3.2","repository_url":"https://github.com/vitejs/vite"},{"name":"@isaacs/brace-expansion","old_version":"5.0.0","new_version":"5.0.1"},{"name":"@tootallnate/once","old_version":"2.0.0","new_version":"2.0.1","repository_url":"https://github.com/TooTallNate/once"},{"name":"brace-expansion","old_version":"1.1.12","new_version":"1.1.14","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"minimatch","old_version":"3.1.2","new_version":"3.1.5","repository_url":"https://github.com/isaacs/minimatch"},{"name":"fast-uri","old_version":"3.0.6","new_version":"3.1.2","repository_url":"https://github.com/fastify/fast-uri"},{"name":"fast-xml-parser","old_version":"4.5.3","new_version":"5.8.0","repository_url":"https://github.com/NaturalIntelligence/fast-xml-parser"},{"name":"flatted","old_version":"3.3.3","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"jws","old_version":"4.0.0","new_version":"4.0.1","repository_url":"https://github.com/brianloveswords/node-jws"},{"name":"jws","old_version":"3.2.2","new_version":"3.2.3","repository_url":"https://github.com/brianloveswords/node-jws"},{"name":"lodash","old_version":"4.17.21","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"path-to-regexp","old_version":"8.2.0","new_version":"8.4.2","repository_url":"https://github.com/pillarjs/path-to-regexp"},{"name":"rollup","old_version":"4.53.2","new_version":"4.60.4","repository_url":"https://github.com/rollup/rollup"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 19 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [simple-git](https://github.com/steveukx/git-js/tree/HEAD/simple-git) | `3.28.0` | `3.36.0` |\n| [tar](https://github.com/isaacs/node-tar) | `7.5.2` | `7.5.11` |\n| [@modelcontextprotocol/sdk](https://github.com/modelcontextprotocol/typescript-sdk) | `1.23.0` | `1.29.0` |\n| [diff](https://github.com/kpdecker/jsdiff) | `7.0.0` | `9.0.0` |\n| [undici](https://github.com/nodejs/undici) | `7.15.0` | `7.25.0` |\n| [ajv](https://github.com/ajv-validator/ajv) | `8.17.1` | `8.18.0` |\n| [picomatch](https://github.com/micromatch/picomatch) | `4.0.3` | `4.0.4` |\n| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `7.2.2` | `7.3.2` |\n| @isaacs/brace-expansion | `5.0.0` | `5.0.1` |\n| [@tootallnate/once](https://github.com/TooTallNate/once) | `2.0.0` | `2.0.1` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.12` | `1.1.14` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [fast-uri](https://github.com/fastify/fast-uri) | `3.0.6` | `3.1.2` |\n| [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) | `4.5.3` | `5.8.0` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` |\n| [jws](https://github.com/brianloveswords/node-jws) | `4.0.0` | `4.0.1` |\n| [jws](https://github.com/brianloveswords/node-jws) | `3.2.2` | `3.2.3` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `8.2.0` | `8.4.2` |\n| [rollup](https://github.com/rollup/rollup) | `4.53.2` | `4.60.4` |\n\nBumps the npm_and_yarn group with 1 update in the /packages/core directory: [diff](https://github.com/kpdecker/jsdiff).\n\nUpdates `simple-git` from 3.28.0 to 3.36.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/steveukx/git-js/releases\"\u003esimple-git's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003esimple-git@3.36.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e89a2294: Extend known exploitable configuration keys and per-task environment variables.\u003c/p\u003e\n\u003cp\u003eNote - \u003ccode\u003eParsedVulnerabilities\u003c/code\u003e from \u003ccode\u003eargv-parser\u003c/code\u003e is removed in favour of a readonly array of \u003ccode\u003eVulnerability\u003c/code\u003e to match usage in \u003ccode\u003esimple-git\u003c/code\u003e, rolled into the new \u003ccode\u003evulnerabilityCheck\u003c/code\u003e for simpler access to the identified issues.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/zebbern\"\u003e\u003ccode\u003e@​zebbern\u003c/code\u003e\u003c/a\u003e for identifying the need to block \u003ccode\u003ecore.fsmonitor\u003c/code\u003e.\nThanks to \u003ca href=\"https://github.com/kodareef5\"\u003e\u003ccode\u003e@​kodareef5\u003c/code\u003e\u003c/a\u003e for identifying the need to block \u003ccode\u003eGIT_CONFIG_COUNT\u003c/code\u003e environment variables and \u003ccode\u003e--template\u003c/code\u003e / \u003ccode\u003emerge\u003c/code\u003e related config.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e1ad57e8: Remove conflicting node:buffer import\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [89a2294]\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [675570a]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/argv-parser\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.1.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/args-pathspec\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esimple-git@3.35.2\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e0cf9d8c: Improvements for mono-repo publishing pipeline\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [0cf9d8c]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/args-pathspec\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.2\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/argv-parser\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esimple-git@3.35.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e0de400e: Update monorepo version handling during publish\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [0de400e]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/argv-parser\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.2\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esimple-git@3.33.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ea263635: Use \u003ccode\u003epathspec\u003c/code\u003e wrappers for remote and local paths when running either \u003ccode\u003egit.clone\u003c/code\u003e or \u003ccode\u003egit.mirror\u003c/code\u003e to\navoid leaving them less open for unexpected outcomes when passing unsanitised data into these tasks.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003ee253a0d: Enhanced \u003ccode\u003egit -c\u003c/code\u003e checks in \u003ccode\u003eunsafe\u003c/code\u003e plugin.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/JohannesLks\"\u003e\u003ccode\u003e@​JohannesLks\u003c/code\u003e\u003c/a\u003e for identifying the issue\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esimple-git@3.32.3\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ef704208: Enhanced \u003ccode\u003eprotocol.allow\u003c/code\u003e checks in \u003ccode\u003eallowUnsafeExtProtocol\u003c/code\u003e handling.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/steveukx/git-js/blob/main/simple-git/CHANGELOG.md\"\u003esimple-git's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.36.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e89a2294: Extend known exploitable configuration keys and per-task environment variables.\u003c/p\u003e\n\u003cp\u003eNote - \u003ccode\u003eParsedVulnerabilities\u003c/code\u003e from \u003ccode\u003eargv-parser\u003c/code\u003e is removed in favour of a readonly array of \u003ccode\u003eVulnerability\u003c/code\u003e to match usage in \u003ccode\u003esimple-git\u003c/code\u003e, rolled into the new \u003ccode\u003evulnerabilityCheck\u003c/code\u003e for simpler access to the identified issues.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/zebbern\"\u003e\u003ccode\u003e@​zebbern\u003c/code\u003e\u003c/a\u003e for identifying the need to block \u003ccode\u003ecore.fsmonitor\u003c/code\u003e.\nThanks to \u003ca href=\"https://github.com/kodareef5\"\u003e\u003ccode\u003e@​kodareef5\u003c/code\u003e\u003c/a\u003e for identifying the need to block \u003ccode\u003eGIT_CONFIG_COUNT\u003c/code\u003e environment variables and \u003ccode\u003e--template\u003c/code\u003e / \u003ccode\u003emerge\u003c/code\u003e related config.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e1ad57e8: Remove conflicting node:buffer import\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [89a2294]\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [675570a]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/argv-parser\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.1.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/args-pathspec\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.35.2\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e0cf9d8c: Improvements for mono-repo publishing pipeline\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [0cf9d8c]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/args-pathspec\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.2\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/argv-parser\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.35.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e0de400e: Update monorepo version handling during publish\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [0de400e]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/argv-parser\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.2\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.35.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e3d8708b: Updating publish config\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated dependencies [3d8708b]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/args-pathspec\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.1\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/argv-parser\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.34.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/7dc1a532a9ec92fb08c93202954be73175b07d83\"\u003e\u003ccode\u003e7dc1a53\u003c/code\u003e\u003c/a\u003e Version Packages\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/76f5376bd418cb8baf5ec32757af442d47128e22\"\u003e\u003ccode\u003e76f5376\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://github.com/steveukx/git-js/tree/HEAD/simple-git/issues/1061\"\u003e#1061\u003c/a\u003e from Vinzent03/fix/buffer-import\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/89a2294febed5dfe737c4c735d936bb6018746a8\"\u003e\u003ccode\u003e89a2294\u003c/code\u003e\u003c/a\u003e Environment Parsing (\u003ca href=\"https://github.com/steveukx/git-js/tree/HEAD/simple-git/issues/1156\"\u003e#1156\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/1b91b762f047777ca6686f34ac3f7b8a543a4780\"\u003e\u003ccode\u003e1b91b76\u003c/code\u003e\u003c/a\u003e fix: remove explicit node:buffer import\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/e390685960a3461875dce89d87ab80e3143d79fe\"\u003e\u003ccode\u003ee390685\u003c/code\u003e\u003c/a\u003e Version Packages\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/3c9e4b8309667d0cb4102cda770f92075fc781dd\"\u003e\u003ccode\u003e3c9e4b8\u003c/code\u003e\u003c/a\u003e Pin version of \u003ccode\u003e@​simple-git/args-pathspec\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/94ee21fd5a2a6182fbf0f218a5efca2057b567cd\"\u003e\u003ccode\u003e94ee21f\u003c/code\u003e\u003c/a\u003e Export \u003ccode\u003epathspec\u003c/code\u003e types through \u003ccode\u003esimple-git\u003c/code\u003e for backward compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/6d7cb5174273aa33d131172d3770cb386e795171\"\u003e\u003ccode\u003e6d7cb51\u003c/code\u003e\u003c/a\u003e Version Packages\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/0de400e7b014a48113acf673b3409a95b9c87a15\"\u003e\u003ccode\u003e0de400e\u003c/code\u003e\u003c/a\u003e Switch to semver from workspace revisions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/2264722abcb637042dd4cc50d903d69e4ee14b38\"\u003e\u003ccode\u003e2264722\u003c/code\u003e\u003c/a\u003e Version Packages\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/steveukx/git-js/commits/simple-git@3.36.0/simple-git\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for simple-git since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `tar` from 7.5.2 to 7.5.11\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/bf776f673164215074b62749e0fe80e5834588f4\"\u003e\u003ccode\u003ebf776f6\u003c/code\u003e\u003c/a\u003e 7.5.11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/f48b5fa3b7985ddab96dc0f2125a4ffc9911b6ad\"\u003e\u003ccode\u003ef48b5fa\u003c/code\u003e\u003c/a\u003e prevent escaping symlinks with drive-relative paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/97cff15d3539a37a4095eb3d287147d9d77c2dc3\"\u003e\u003ccode\u003e97cff15\u003c/code\u003e\u003c/a\u003e docs: more security info\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/2b72abc1d47c3570e1ad95c9ab557fc4c2e6e4b1\"\u003e\u003ccode\u003e2b72abc\u003c/code\u003e\u003c/a\u003e 7.5.10\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/7bc755dd85e623c0279e08eb3784909e6d7e4b9f\"\u003e\u003ccode\u003e7bc755d\u003c/code\u003e\u003c/a\u003e parse root off paths before sanitizing .. parts\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/c8cb84629dee649feedde03f2f4ea48f2e44e778\"\u003e\u003ccode\u003ec8cb846\u003c/code\u003e\u003c/a\u003e update deps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/1f0c2c9006b10199cf2686f8ef43e79a1773e1aa\"\u003e\u003ccode\u003e1f0c2c9\u003c/code\u003e\u003c/a\u003e 7.5.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/fbb08518bf290733b68ca4d4135f75becf73fd75\"\u003e\u003ccode\u003efbb0851\u003c/code\u003e\u003c/a\u003e build minified version as default export\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/6b8eba0ef367ac937e703238daa6df94ae6f823f\"\u003e\u003ccode\u003e6b8eba0\u003c/code\u003e\u003c/a\u003e 7.5.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/2cb1120bcefe28d7ecc719b41441ade59c52e384\"\u003e\u003ccode\u003e2cb1120\u003c/code\u003e\u003c/a\u003e fix(unpack): improve UnpackSync symlink error \u0026quot;into\u0026quot; path accuracy\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/node-tar/compare/v7.5.2...v7.5.11\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~isaacs\"\u003eisaacs\u003c/a\u003e, a new releaser for tar since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@modelcontextprotocol/sdk` from 1.23.0 to 1.29.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/releases\"\u003e@​modelcontextprotocol/sdk's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.29.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: treat v1.x as primary branch for npm latest tag (backport \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1577\"\u003e#1577\u003c/a\u003e) by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1749\"\u003emodelcontextprotocol/typescript-sdk#1749\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[v1.x] fix: disallow null (infinite) requested TTL by \u003ca href=\"https://github.com/LucaButBoring\"\u003e\u003ccode\u003e@​LucaButBoring\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1339\"\u003emodelcontextprotocol/typescript-sdk#1339\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[v1.x] fix: add missing size field to ResourceSchema by \u003ca href=\"https://github.com/olaservo\"\u003e\u003ccode\u003e@​olaservo\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1575\"\u003emodelcontextprotocol/typescript-sdk#1575\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd typings exports by \u003ca href=\"https://github.com/tdraier\"\u003e\u003ccode\u003e@​tdraier\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1623\"\u003emodelcontextprotocol/typescript-sdk#1623\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev1.x npm audit fix by \u003ca href=\"https://github.com/KKonstantinov\"\u003e\u003ccode\u003e@​KKonstantinov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1780\"\u003emodelcontextprotocol/typescript-sdk#1780\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev1.x \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1623\"\u003e#1623\u003c/a\u003e follow up -add missing types to package.json by \u003ca href=\"https://github.com/KKonstantinov\"\u003e\u003ccode\u003e@​KKonstantinov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1773\"\u003emodelcontextprotocol/typescript-sdk#1773\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[v1.x backport] Allow servers / clients to advertise extensions in the capability object by \u003ca href=\"https://github.com/localden\"\u003e\u003ccode\u003e@​localden\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1811\"\u003emodelcontextprotocol/typescript-sdk#1811\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(stdio): always set windowsHide on Windows, not just in Electron by \u003ca href=\"https://github.com/jnMetaCode\"\u003e\u003ccode\u003e@​jnMetaCode\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1640\"\u003emodelcontextprotocol/typescript-sdk#1640\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: bump version to 1.29.0 by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1820\"\u003emodelcontextprotocol/typescript-sdk#1820\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tdraier\"\u003e\u003ccode\u003e@​tdraier\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1623\"\u003emodelcontextprotocol/typescript-sdk#1623\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jnMetaCode\"\u003e\u003ccode\u003e@​jnMetaCode\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1640\"\u003emodelcontextprotocol/typescript-sdk#1640\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/v1.28.0...v1.29.0\"\u003ehttps://github.com/modelcontextprotocol/typescript-sdk/compare/v1.28.0...v1.29.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.28.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: use scopes_supported from resource metadata by default (fixes \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/580\"\u003e#580\u003c/a\u003e) by \u003ca href=\"https://github.com/antogyn\"\u003e\u003ccode\u003e@​antogyn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/757\"\u003emodelcontextprotocol/typescript-sdk#757\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[v1.x backport] Default to client_secret_basic when server omits token_endpoint_auth_methods_supported by \u003ca href=\"https://github.com/pcarleton\"\u003e\u003ccode\u003e@​pcarleton\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1611\"\u003emodelcontextprotocol/typescript-sdk#1611\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: reject plain JSON Schema objects passed as inputSchema by \u003ca href=\"https://github.com/tiluckdave\"\u003e\u003ccode\u003e@​tiluckdave\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1596\"\u003emodelcontextprotocol/typescript-sdk#1596\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: clear _timeoutInfo in _onclose() and scope .finally() abort controller cleanup by \u003ca href=\"https://github.com/pcarleton\"\u003e\u003ccode\u003e@​pcarleton\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1462\"\u003emodelcontextprotocol/typescript-sdk#1462\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(server/auth): RFC 8252 loopback port relaxation by \u003ca href=\"https://github.com/poteat\"\u003e\u003ccode\u003e@​poteat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1738\"\u003emodelcontextprotocol/typescript-sdk#1738\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: bump version to 1.28.0 by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1746\"\u003emodelcontextprotocol/typescript-sdk#1746\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/antogyn\"\u003e\u003ccode\u003e@​antogyn\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/757\"\u003emodelcontextprotocol/typescript-sdk#757\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tiluckdave\"\u003e\u003ccode\u003e@​tiluckdave\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1596\"\u003emodelcontextprotocol/typescript-sdk#1596\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/poteat\"\u003e\u003ccode\u003e@​poteat\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1738\"\u003emodelcontextprotocol/typescript-sdk#1738\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/v1.27.1...v1.28.0\"\u003ehttps://github.com/modelcontextprotocol/typescript-sdk/compare/v1.27.1...v1.28.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.27.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: implement auth/pre-registration conformance scenario by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1545\"\u003emodelcontextprotocol/typescript-sdk#1545\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: add governance documentation for SEP-1730 by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1547\"\u003emodelcontextprotocol/typescript-sdk#1547\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: comprehensive feature documentation for SEP-1730 Tier 1 by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1548\"\u003emodelcontextprotocol/typescript-sdk#1548\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: prevent command injection in example URL opening (v1.x backport) by \u003ca href=\"https://github.com/maxisbey\"\u003e\u003ccode\u003e@​maxisbey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1579\"\u003emodelcontextprotocol/typescript-sdk#1579\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: call onerror for silently swallowed transport errors by \u003ca href=\"https://github.com/qing-ant\"\u003e\u003ccode\u003e@​qing-ant\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1580\"\u003emodelcontextprotocol/typescript-sdk#1580\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: bump version to 1.27.1 by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1581\"\u003emodelcontextprotocol/typescript-sdk#1581\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qing-ant\"\u003e\u003ccode\u003e@​qing-ant\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1580\"\u003emodelcontextprotocol/typescript-sdk#1580\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/v1.27.0...v1.27.1\"\u003ehttps://github.com/modelcontextprotocol/typescript-sdk/compare/v1.27.0...v1.27.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.27.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/e12cbd7078db388152f6e839abdbe09ba01f3f32\"\u003e\u003ccode\u003ee12cbd7\u003c/code\u003e\u003c/a\u003e chore: bump version to 1.29.0 (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1820\"\u003e#1820\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/3913fd4443a86536155e3ebef9edd2045c372c1e\"\u003e\u003ccode\u003e3913fd4\u003c/code\u003e\u003c/a\u003e fix(stdio): always set windowsHide on Windows, not just in Electron (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1640\"\u003e#1640\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/5608e78dd0d4ca6cd7dd03278419578f1780365a\"\u003e\u003ccode\u003e5608e78\u003c/code\u003e\u003c/a\u003e [v1.x backport] Allow servers / clients to advertise extensions in the capabi...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/7213816788e634ffb9d09affe50f0295093bfb73\"\u003e\u003ccode\u003e7213816\u003c/code\u003e\u003c/a\u003e v1.x \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1623\"\u003e#1623\u003c/a\u003e follow up -add missing types to package.json (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1773\"\u003e#1773\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/364f38ca2d8895aed7c37b7a0a1031bb7ae4841c\"\u003e\u003ccode\u003e364f38c\u003c/code\u003e\u003c/a\u003e v1.x npm audit fix (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1780\"\u003e#1780\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/c95cc0943b045517e4cc414baf1f168b216c3142\"\u003e\u003ccode\u003ec95cc09\u003c/code\u003e\u003c/a\u003e Add typings exports (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1623\"\u003e#1623\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/ddadaa6cc633fb5db0c094bf031b15b68a357820\"\u003e\u003ccode\u003eddadaa6\u003c/code\u003e\u003c/a\u003e [v1.x] fix: add missing size field to ResourceSchema (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1575\"\u003e#1575\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/2a158513028d9f862c4188b6957e78cd5663f26b\"\u003e\u003ccode\u003e2a15851\u003c/code\u003e\u003c/a\u003e [v1.x] fix: disallow null (infinite) requested TTL (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1339\"\u003e#1339\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/13e30f1d36de8442417fec695983bdb155c00768\"\u003e\u003ccode\u003e13e30f1\u003c/code\u003e\u003c/a\u003e fix: treat v1.x as primary branch for npm latest tag (backport \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1577\"\u003e#1577\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1749\"\u003e#1749\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/a0565695218544fc53e99bf5b544a887d373cefa\"\u003e\u003ccode\u003ea056569\u003c/code\u003e\u003c/a\u003e chore: bump version to 1.28.0 (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1746\"\u003e#1746\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/1.23.0...v1.29.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `diff` from 7.0.0 to 9.0.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kpdecker/jsdiff/blob/master/release-notes.md\"\u003ediff's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e9.0.0\u003c/h2\u003e\n\u003cp\u003e(All changes part of PR \u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/672\"\u003e#672\u003c/a\u003e.)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eES5 support is dropped\u003c/strong\u003e. \u003ccode\u003eparsePatch\u003c/code\u003e now uses \u003ccode\u003eTextDecoder\u003c/code\u003e and \u003ccode\u003eUint8Array\u003c/code\u003e, which are not available in ES5, and TypeScript is now compiled with the \u0026quot;es6\u0026quot; \u003ccode\u003etarget\u003c/code\u003e. From now on, I intend to freely use any features that are deemed \u0026quot;Widely available\u0026quot; by \u003ca href=\"https://web.dev/baseline\"\u003eBaseline\u003c/a\u003e. Users who need ES5 support should stick to version 8.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eC-style quoted strings in filename headers are now properly supported\u003c/strong\u003e.\u003c/p\u003e\n\u003cp\u003eWhen the name of either the old or new file in a patch contains \u0026quot;special characters\u0026quot;, both GNU \u003ccode\u003ediff\u003c/code\u003e and Git quote the filename in the patch's headers and escape special characters using the same escape sequences that are used in string literals in C, including octal escapes for all non-ASCII characters. Previously, jsdiff had very little support for this; \u003ccode\u003eparsePatch\u003c/code\u003e would remove the quotes, and unescape any escaped backslashes, but would not unescape other escape sequences. \u003ccode\u003eformatPatch\u003c/code\u003e, meanwhile, did not quote or escape special characters at all.\u003c/p\u003e\n\u003cp\u003eNow, \u003ccode\u003eparsePatch\u003c/code\u003e parses all the possible escape sequences that GNU diff (or Git) ever output, and \u003ccode\u003eformatPatch\u003c/code\u003e quotes and escapes filenames containing special characters in the same way GNU diff does.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003eformatPatch\u003c/code\u003e now omits file headers when \u003ccode\u003eoldFileName\u003c/code\u003e or \u003ccode\u003enewFileName\u003c/code\u003e in the provided patch object are \u003ccode\u003eundefined\u003c/code\u003e\u003c/strong\u003e, regardless of the \u003ccode\u003eheaderOptions\u003c/code\u003e parameter. (Previously, it would treat the absence of \u003ccode\u003eoldFileName\u003c/code\u003e or \u003ccode\u003enewFileName\u003c/code\u003e as indicating the filename was the word \u0026quot;undefined\u0026quot; and emit headers \u003ccode\u003e--- undefined\u003c/code\u003e / \u003ccode\u003e+++ undefined\u003c/code\u003e.)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003eformatPatch\u003c/code\u003e no longer outputs trailing tab characters at the end of \u003ccode\u003e---\u003c/code\u003e/\u003ccode\u003e+++\u003c/code\u003e headers.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003ePreviously, if \u003ccode\u003eformatPatch\u003c/code\u003e was passed a patch object to serialize that had empty strings for the \u003ccode\u003eoldHeader\u003c/code\u003e or \u003ccode\u003enewHeader\u003c/code\u003e property, it would include a trailing tab character after the filename in the \u003ccode\u003e---\u003c/code\u003e and/or \u003ccode\u003e+++\u003c/code\u003e file header. Now, this scenario is treated the same as when \u003ccode\u003eoldHeader\u003c/code\u003e/\u003ccode\u003enewHeader\u003c/code\u003e is \u003ccode\u003eundefined\u003c/code\u003e - i.e. the trailing tab is omitted.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003eformatPatch\u003c/code\u003e no longer mutates its input\u003c/strong\u003e when serializing a patch containing a hunk where either the old or new content contained zero lines. (Such a hunk occurs only when the hunk has no context lines and represents a pure insertion or pure deletion, which for instance will occur whenever one of the two files being diffed is completely empty.) Previously \u003ccode\u003eformatPatch\u003c/code\u003e would provide the correct output but also mutate the \u003ccode\u003eoldLines\u003c/code\u003e or \u003ccode\u003enewLines\u003c/code\u003e property on the hunk, changing the meaning of the underlying patch.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eGit-style patches are now supported by \u003ccode\u003eparsePatch\u003c/code\u003e, \u003ccode\u003eformatPatch\u003c/code\u003e, and \u003ccode\u003ereversePatch\u003c/code\u003e\u003c/strong\u003e.\u003c/p\u003e\n\u003cp\u003ePatches output by \u003ccode\u003egit diff\u003c/code\u003e can include some features that are unlike those output by GNU \u003ccode\u003ediff\u003c/code\u003e, and therefore not handled by an ordinary unified diff format parser. An ordinary diff simply describes the differences between the \u003cem\u003econtent\u003c/em\u003e of two files, but Git diffs can also indicate, via \u0026quot;extended headers\u0026quot;, the creation or deletion of (potentially empty) files, indicate that a file was renamed, and contain information about file mode changes. Furthermore, when these changes appear in a diff in the absence of a content change (e.g. when an empty file is created, or a file is renamed without content changes), the patch will contain no associated \u003ccode\u003e---\u003c/code\u003e/\u003ccode\u003e+++\u003c/code\u003e file headers nor any hunks.\u003c/p\u003e\n\u003cp\u003ejsdiff previously did not support parsing Git's extended headers, nor hunkless patches. Now \u003ccode\u003eparsePatch\u003c/code\u003e parses some of the extended headers, parses hunkless Git patches, and can determine filenames (e.g. from the extended headers) when parsing a patch that includes no \u003ccode\u003e---\u003c/code\u003e or \u003ccode\u003e+++\u003c/code\u003e file headers. The additional information conveyed by the extended headers we support is recorded on new fields on the result object returned by \u003ccode\u003eparsePatch\u003c/code\u003e. See \u003ccode\u003eisGit\u003c/code\u003e and subsequent properties in the docs in the README.md file.\u003c/p\u003e\n\u003cp\u003e\u003ccode\u003eformatPatch\u003c/code\u003e now outputs extended headers based on these new Git-specific properties, and \u003ccode\u003ereversePatch\u003c/code\u003e respects them as far as possible (with one unavoidable caveat noted in the README.md file).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eUnpaired file headers now cause \u003ccode\u003eparsePatch\u003c/code\u003e to throw\u003c/strong\u003e.\u003c/p\u003e\n\u003cp\u003eIt remains acceptable to have a patch with no file headers whatsoever (e.g. one that begins with a \u003ccode\u003e@@\u003c/code\u003e hunk header on the very first line), but a patch with \u003cem\u003eonly\u003c/em\u003e a \u003ccode\u003e---\u003c/code\u003e header or only a \u003ccode\u003e+++\u003c/code\u003e header is now considered an error.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003eparsePatch\u003c/code\u003e is now more tolerant of \u0026quot;trailing garbage\u0026quot;\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eThat is: after a patch, or between files/indexes in a patch, it is now acceptable to have arbitrary lines of \u0026quot;garbage\u0026quot; (so long as they unambiguously have no syntactic meaning - e.g. trailing garbage that leads with a \u003ccode\u003e+\u003c/code\u003e, \u003ccode\u003e-\u003c/code\u003e, or \u003ccode\u003e \u003c/code\u003e and thus is interpretable as part of a hunk still triggers a throw).\u003c/p\u003e\n\u003cp\u003eThis means we no longer reject patches output by tools that include extra data in \u0026quot;garbage\u0026quot; lines not understood by generic unified diff parsers. (For example, SVN patches can include \u0026quot;Property changes on:\u0026quot; lines that generic unified diff parsers should discard as garbage; jsdiff previously threw errors when encountering them.)\u003c/p\u003e\n\u003cp\u003eThis change brings jsdiff's behaviour more in line with GNU \u003ccode\u003epatch\u003c/code\u003e, which is highly permissive of \u0026quot;garbage\u0026quot;.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eThe \u003ccode\u003eoldFileName\u003c/code\u003e and \u003ccode\u003enewFileName\u003c/code\u003e fields of \u003ccode\u003eStructuredPatch\u003c/code\u003e are now typed as \u003ccode\u003estring | undefined\u003c/code\u003e instead of \u003ccode\u003estring\u003c/code\u003e\u003c/strong\u003e. This type change reflects the (pre-existing) reality that \u003ccode\u003eparsePatch\u003c/code\u003e can produce patches without filenames (e.g. when parsing a patch that simply contains hunks with no file headers).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.0.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/667\"\u003e#667\u003c/a\u003e - \u003cstrong\u003efix another bug in \u003ccode\u003ediffWords\u003c/code\u003e when used with an \u003ccode\u003eIntl.Segmenter\u003c/code\u003e\u003c/strong\u003e. If the text to be diffed included a combining mark after a whitespace character (i.e. roughly speaking, an accented space), \u003ccode\u003ediffWords\u003c/code\u003e would previously crash. Now this case is handled correctly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.0.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/631\"\u003e#631\u003c/a\u003e - \u003cstrong\u003efix support for using an \u003ccode\u003eIntl.Segmenter\u003c/code\u003e with \u003ccode\u003ediffWords\u003c/code\u003e\u003c/strong\u003e. This has been almost completely broken since the feature was added in v6.0.0, since it would outright crash on any text that featured two consecutive newlines between a pair of words (a very common case).\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/635\"\u003e#635\u003c/a\u003e - \u003cstrong\u003esmall tweaks to tokenization behaviour of \u003ccode\u003ediffWords\u003c/code\u003e\u003c/strong\u003e when used \u003cem\u003ewithout\u003c/em\u003e an \u003ccode\u003eIntl.Segmenter\u003c/code\u003e. Specifically, the soft hyphen (U+00AD) is no longer considered to be a word break, and the multiplication and division signs (\u003ccode\u003e×\u003c/code\u003e and \u003ccode\u003e÷\u003c/code\u003e) are now treated as punctuation instead of as letters / word characters.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/ed13aca03aa25735fafc0645d1185e7a1c68fd8c\"\u003e\u003ccode\u003eed13aca\u003c/code\u003e\u003c/a\u003e Update version in package.json and in release notes (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/683\"\u003e#683\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/7a49317b503a932b88fc72ad9c57a481df038e24\"\u003e\u003ccode\u003e7a49317\u003c/code\u003e\u003c/a\u003e Bump dependencies again (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/682\"\u003e#682\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/afe5aecad189c9f5941ad3feb3c94c46b32ecb0a\"\u003e\u003ccode\u003eafe5aec\u003c/code\u003e\u003c/a\u003e Add Git support, and otherwise variously improve \u0026amp; fix parsePatch (and other ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/2e46779d8866ce7da1303a03db33ed038590c6f6\"\u003e\u003ccode\u003e2e46779\u003c/code\u003e\u003c/a\u003e Fix a typo (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/679\"\u003e#679\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/dd2f99497703a1540b2ae406b51c49b74b5fc1a1\"\u003e\u003ccode\u003edd2f994\u003c/code\u003e\u003c/a\u003e 8.0.4 release (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/678\"\u003e#678\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/3cc438434db53c5d1c40412b727ea7650f6f145a\"\u003e\u003ccode\u003e3cc4384\u003c/code\u003e\u003c/a\u003e Update docs on releasing to reflect migration to yarn berry (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/677\"\u003e#677\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/6fc2aa6b7672af08774b50aae00d97b99c5b5715\"\u003e\u003ccode\u003e6fc2aa6\u003c/code\u003e\u003c/a\u003e yarn up '*' \u0026amp;\u0026amp; yarn up -R '**' (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/676\"\u003e#676\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/af7393ac3404565dc8da655c2e7aeeed28c01ff7\"\u003e\u003ccode\u003eaf7393a\u003c/code\u003e\u003c/a\u003e yarn up '*' \u0026amp;\u0026amp; yarn up -R '**' (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/670\"\u003e#670\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/4b5d1800370bf29b61a3378fb8086aeb231d3ef7\"\u003e\u003ccode\u003e4b5d180\u003c/code\u003e\u003c/a\u003e Fix another bug in diffWords's \u0026quot;intlSegmenter\u0026quot; mode (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/667\"\u003e#667\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/10da50c466709e7bd4b192dac96af0af46f8b7bd\"\u003e\u003ccode\u003e10da50c\u003c/code\u003e\u003c/a\u003e yarn up '*' \u0026amp;\u0026amp; yarn up -R '**' (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/666\"\u003e#666\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kpdecker/jsdiff/compare/7.0.0...v9.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `undici` from 7.15.0 to 7.25.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodejs/undici/releases\"\u003eundici's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.25.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.24.8...v7.25.0\"\u003ehttps://github.com/nodejs/undici/compare/v7.24.8...v7.25.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.24.8\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: backport 401 stream-backed body fix to v7.x by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/5006\"\u003enodejs/undici#5006\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.24.7...v7.24.8\"\u003ehttps://github.com/nodejs/undici/compare/v7.24.7...v7.24.8\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.24.7\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: update broken links in file \u0026quot;Dispatcher.md\u0026quot; by \u003ca href=\"https://github.com/samuel871211\"\u003e\u003ccode\u003e@​samuel871211\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4924\"\u003enodejs/undici#4924\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edoc: remove unused parameter \u003ccode\u003eredirectionLimitReached\u003c/code\u003e by \u003ca href=\"https://github.com/samuel871211\"\u003e\u003ccode\u003e@​samuel871211\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4933\"\u003enodejs/undici#4933\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: skip flaky macOS Node 20 cookie fetch cases by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4932\"\u003enodejs/undici#4932\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(types): align Response with DOM fetch types by \u003ca href=\"https://github.com/theamodhshetty\"\u003e\u003ccode\u003e@​theamodhshetty\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4867\"\u003enodejs/undici#4867\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(types): Fix clone method type declaration to be an instance method rather than instance property by \u003ca href=\"https://github.com/mistval\"\u003e\u003ccode\u003e@​mistval\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4925\"\u003enodejs/undici#4925\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: skip IPv6 tests when IPv6 is not available by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4939\"\u003enodejs/undici#4939\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: correctly handle multi-value rawHeaders in fetch by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4938\"\u003enodejs/undici#4938\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eignore AGENTS.md by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4942\"\u003enodejs/undici#4942\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/samuel871211\"\u003e\u003ccode\u003e@​samuel871211\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4924\"\u003enodejs/undici#4924\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mistval\"\u003e\u003ccode\u003e@​mistval\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4925\"\u003enodejs/undici#4925\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.24.6...v7.24.7\"\u003ehttps://github.com/nodejs/undici/compare/v7.24.6...v7.24.7\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.24.6\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(test): client wasm compatible with clang 22 by \u003ca href=\"https://github.com/rozzilla\"\u003e\u003ccode\u003e@​rozzilla\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4909\"\u003enodejs/undici#4909\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(mock): improve error message when intercepts are exhausted by \u003ca href=\"https://github.com/travisbreaks\"\u003e\u003ccode\u003e@​travisbreaks\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4912\"\u003enodejs/undici#4912\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(websocket): support open diagnostics over h2 by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4921\"\u003enodejs/undici#4921\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: assume http/https scheme for scheme-less proxy env vars by \u003ca href=\"https://github.com/travisbreaks\"\u003e\u003ccode\u003e@​travisbreaks\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4914\"\u003enodejs/undici#4914\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(cache): check Authorization on request headers per RFC 9111 §3.5 by \u003ca href=\"https://github.com/metalix2\"\u003e\u003ccode\u003e@​metalix2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4911\"\u003enodejs/undici#4911\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: wrap kConnector call in try/catch to prevent client hang by \u003ca href=\"https://github.com/veeceey\"\u003e\u003ccode\u003e@​veeceey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4834\"\u003enodejs/undici#4834\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: clarify fetch and FormData pairing by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4922\"\u003enodejs/undici#4922\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: support Connection header with connection-specific header names per RFC 7230 by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4775\"\u003enodejs/undici#4775\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: avoid prototype collisions in parseHeaders by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4923\"\u003enodejs/undici#4923\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump typescript from 5.9.3 to 6.0.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4926\"\u003enodejs/undici#4926\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: auto-init WPT submodule by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4930\"\u003enodejs/undici#4930\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rozzilla\"\u003e\u003ccode\u003e@​rozzilla\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4909\"\u003enodejs/undici#4909\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/veeceey\"\u003e\u003ccode\u003e@​veeceey\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4834\"\u003enodejs/undici#4834\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.24.5...v7.24.6\"\u003ehttps://github.com/nodejs/undici/compare/v7.24.5...v7.24.6\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/12d9045923b7caebb1ae6975ef34c29dbcfd95d0\"\u003e\u003ccode\u003e12d9045\u003c/code\u003e\u003c/a\u003e Bumped v7.25.0 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/5025\"\u003e#5025\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/7a6f7febb30a30748a04f38c21e3641c77d21b0e\"\u003e\u003ccode\u003e7a6f7fe\u003c/code\u003e\u003c/a\u003e Bumped v7.24.8 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/5020\"\u003e#5020\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/1f85ae4b27ed6401e7ccc35eb546ad2e5976121f\"\u003e\u003ccode\u003e1f85ae4\u003c/code\u003e\u003c/a\u003e fix: avoid 401 failures for stream-backed request bodies (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4941\"\u003e#4941\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/5006\"\u003e#5006\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/c6610674dfad7c205ddf0f27831133973ad7894e\"\u003e\u003ccode\u003ec661067\u003c/code\u003e\u003c/a\u003e chore: update v7.x maintenance release flow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/84f23e2a19cd0f585579c4257d801e4ec2d65dbd\"\u003e\u003ccode\u003e84f23e2\u003c/code\u003e\u003c/a\u003e Bumped v7.24.7 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4947\"\u003e#4947\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/a770b1033201984b9e8082a9bf955414bff5dc2e\"\u003e\u003ccode\u003ea770b10\u003c/code\u003e\u003c/a\u003e ignore AGENTS.md (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4942\"\u003e#4942\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/6acd19beaf67c1a2d07bcd38f40d0b751a81e7cc\"\u003e\u003ccode\u003e6acd19b\u003c/code\u003e\u003c/a\u003e fix: correctly handle multi-value rawHeaders in fetch (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4938\"\u003e#4938\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/1da1c747c7d6e01b93ab295e0efb86623f3c8e06\"\u003e\u003ccode\u003e1da1c74\u003c/code\u003e\u003c/a\u003e test: skip IPv6 tests when IPv6 is not available (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4939\"\u003e#4939\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/04cb77327f7ada95c2e5b67424cddcb22d7bf882\"\u003e\u003ccode\u003e04cb773\u003c/code\u003e\u003c/a\u003e fix(types): Fix clone method type declaration to be an instance method rather...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/5145a7c47080d1715b2723591def3a75b0c3ba63\"\u003e\u003ccode\u003e5145a7c\u003c/code\u003e\u003c/a\u003e fix(types): align Response with DOM fetch types (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4867\"\u003e#4867\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nodejs/undici/compare/v7.15.0...v7.25.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for undici since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ajv` from 8.17.1 to 8.18.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ajv-validator/ajv/releases\"\u003eajv's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.18.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: allow tree-shaking by adding \u003ccode\u003e\u0026quot;sideEffects\u0026quot;: false\u003c/code\u003e to \u003ccode\u003epackage.json\u003c/code\u003e by \u003ca href=\"https://github.com/josdejong\"\u003e\u003ccode\u003e@​josdejong\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2480\"\u003eajv-validator/ajv#2480\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2482\"\u003e#2482\u003c/a\u003e Infinity and NaN serialise to null by \u003ca href=\"https://github.com/jasoniangreen\"\u003e\u003ccode\u003e@​jasoniangreen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2487\"\u003eajv-validator/ajv#2487\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: small grammatical error in managing-schemas.md by \u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2508\"\u003eajv-validator/ajv#2508\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: typos in schema-language.md by \u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2507\"\u003eajv-validator/ajv#2507\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(pattern): use configured RegExp engine with $data keyword to mitigate ReDoS attacks (CVE-2025-69873) by \u003ca href=\"https://github.com/epoberezkin\"\u003e\u003ccode\u003e@​epoberezkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2586\"\u003eajv-validator/ajv#2586\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/josdejong\"\u003e\u003ccode\u003e@​josdejong\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2480\"\u003eajv-validator/ajv#2480\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2508\"\u003eajv-validator/ajv#2508\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0\"\u003ehttps://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/142ce84b807c4fe66e619c22480a28d0e4bd50fa\"\u003e\u003ccode\u003e142ce84\u003c/code\u003e\u003c/a\u003e 8.18.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/720a23fa453ffae8340e92c9b0fe886c54cfe0d5\"\u003e\u003ccode\u003e720a23f\u003c/code\u003e\u003c/a\u003e fix(pattern): use configured RegExp engine with $data keyword to mitigate ReD...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/82735a15826a30cc51e97a1bbfb59b3d388e4b98\"\u003e\u003ccode\u003e82735a1\u003c/code\u003e\u003c/a\u003e fix: typos in schema-language.md (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2507\"\u003e#2507\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/b17ec32cd97542e90ae27231d8a8bce88b9e53b6\"\u003e\u003ccode\u003eb17ec32\u003c/code\u003e\u003c/a\u003e fix: small grammatical error in managing-schemas.md (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2508\"\u003e#2508\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/69568d08564303e2c32a2de61feb833b41075f96\"\u003e\u003ccode\u003e69568d0\u003c/code\u003e\u003c/a\u003e fix: \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2482\"\u003e#2482\u003c/a\u003e Infinity and NaN serialise to null (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2487\"\u003e#2487\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/f06766f33ed7291f84c19f22a1286a34475fbdaf\"\u003e\u003ccode\u003ef06766f\u003c/code\u003e\u003c/a\u003e feat: allow tree-shaking by adding ``\u0026quot;sideEffects\u0026quot;: false\u003ccode\u003eto\u003c/code\u003epackage.json` ...\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `picomatch` from 4.0.3 to 4.0.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/releases\"\u003epicomatch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.0.4\u003c/h2\u003e\n\u003cp\u003eThis is a security release fixing several security relevant issues.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj\"\u003eCVE-2026-33671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p\"\u003eCVE-2026-33672\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/micromatch/picomatch/compare/4.0.3...4.0.4\"\u003ehttps://github.com/micromatch/picomatch/compare/4.0.3...4.0.4\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/e5474fc1a4d7991870058170407dda8a42be5334\"\u003e\u003ccode\u003ee5474fc\u003c/code\u003e\u003c/a\u003e Publish 4.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/4516eb521f13a46b2fe1a1d2c9ef6b20ddc0e903\"\u003e\u003ccode\u003e4516eb5\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/5eceecd27543b8e056b9307d69e105ea03618a7d\"\u003e\u003ccode\u003e5eceecd\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/0db7dd70651ca7c8265601c0442a996ed32e3238\"\u003e\u003ccode\u003e0db7dd7\u003c/code\u003e\u003c/a\u003e Run benchmark again against latest minimatch version (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/161\"\u003e#161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/95003777eb1c60dec09495a8231fa2ba4054d76a\"\u003e\u003ccode\u003e9500377\u003c/code\u003e\u003c/a\u003e docs: clarify what brace expansion syntax is and isn't supported (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/134\"\u003e#134\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/2661f23eca86c8b4a2b14815b9b2b3b74bd5a171\"\u003e\u003ccode\u003e2661f23\u003c/code\u003e\u003c/a\u003e fix typo in globstars.js test name (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/138\"\u003e#138\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/1798b07e9df59500b9cf567294d44d559032f4c7\"\u003e\u003ccode\u003e1798b07\u003c/code\u003e\u003c/a\u003e docs: fix \u003ccode\u003emakeRe\u003c/code\u003e example (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/143\"\u003e#143\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/9d76bc57a03b7f57cc4ca516c8071daf632bafd8\"\u003e\u003ccode\u003e9d76bc5\u003c/code\u003e\u003c/a\u003e chore: undocument removed options (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/146\"\u003e#146\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/e4d718bbfb47e4f030ab2612b5b04a9297fe272d\"\u003e\u003ccode\u003ee4d718b\u003c/code\u003e\u003c/a\u003e Remove unused time-require (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/160\"\u003e#160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/38dffeb16221cc8eb8981524fb6895dd2aaaba76\"\u003e\u003ccode\u003e38dffeb\u003c/code\u003e\u003c/a\u003e chore(deps): pin dependencies (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/158\"\u003e#158\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/micromatch/picomatch/compare/4.0.3...4.0.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `vite` from 7.2.2 to 7.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/releases\"\u003evite's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.3.2\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.2/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.3.1\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.1/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.3.0\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.0/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.2.7\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.7/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.2.6\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.6/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.2.5\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.5/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eNote: 7.2.5 failed to publish so it is skipped on npm\u003c/em\u003e\u003c/p\u003e\n\u003ch2\u003ev7.2.4\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.4/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.2.3\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.3/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.2/packages/vite/CHANGELOG.md\"\u003evite's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.3.1...v7.3.2\"\u003e7.3.2\u003c/a\u003e (2026-04-06)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eavoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22161\"\u003e#22161\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/09d8c903bde12fee2710314d3b42bc789c686df7\"\u003e09d8c90\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebackport \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22159\"\u003e#22159\u003c/a\u003e, apply server.fs check to env transport (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22162\"\u003e#22162\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/19db0f29c3a3ac4e64cc95c270716c77fd223ad1\"\u003e19db0f2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echeck \u003ccode\u003eserver.fs\u003c/code\u003e after stripping query as well (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22160\"\u003e#22160\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/f8103cc946f137a54e395fe3f5d08e8209231ed6\"\u003ef8103cc\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.3.0...v7.3.1\"\u003e7.3.1\u003c/a\u003e (2026-01-07)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003eignoreOutdatedRequests\u003c/code\u003e option to \u003ccode\u003eoptimizeDeps\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21364\"\u003e#21364\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/9d39d373a7b4e0a93322b70b9dbeb202af06af3e\"\u003e9d39d37\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.2.7...v7.3.0\"\u003e7.3.0\u003c/a\u003e (2025-12-15)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update esbuild from ^0.25.0 to ^0.27.0 (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21183\"\u003e#21183\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/cff26ec0fc13373d7125a5eac6cb01fe63fee4b1\"\u003ecff26ec\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.2.6...v7.2.7\"\u003e7.2.7\u003c/a\u003e (2025-12-08)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eplugin shortcut support (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21211\"\u003e#21211\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/721f16343d9555ae8fc71a2e5354b22e12ff0dc3\"\u003e721f163\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.2.5...v7.2.6\"\u003e7.2.6\u003c/a\u003e (2025-12-01)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.2.4...v7.2.5\"\u003e7.2.5\u003c/a\u003e (2025-12-01)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003econfig:\u003c/strong\u003e handle shebang properly (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21158\"\u003e#21158\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/df5a30d2690a2ebc4824a79becdcef30538dc602\"\u003edf5a30d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update all non-major dependencies (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21146\"\u003e#21146\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/a3cd262f37228967e455617e982b35fccc49ffe9\"\u003ea3cd262\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update all non-major dependencies (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21175\"\u003e#21175\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/72e398a46d8d2f54fbcbeb9ff0dceab346aeb642\"\u003e72e398a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix \u003ccode\u003eexternal: true\u003c/code\u003e merging (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21164\"\u003e#21164\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/5ef557a96c4a1f2b3a3aa25c12df3ee87b4a03f5\"\u003e5ef557a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eshortcuts not rebound after server restart (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21166\"\u003e#21166\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/3765f7baea36234bf3816eeed38776d27bfd3649\"\u003e3765f7b\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance Improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e replace debug with obug (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21137\"\u003e#21137\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/203a5512a42a1031f685993f5d9cbae5f328354f\"\u003e203a551\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eclarify manifest.json \u003ccode\u003eimports\u003c/code\u003e field is JS chunks only (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21136\"\u003e#21136\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/46d3077f2b63771cc50230bc907c48f5773c00fb\"\u003e46d3077\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMiscellaneous Chores\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update rolldown-related dependencies (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21174\"\u003e#21174\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/74559c947483a8ee24da052ac2d9568f7cb3546a\"\u003e74559c9\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.2.3...v7.2.4\"\u003e7.2.4\u003c/a\u003e (2025-11-20)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003erevert \u0026quot;perf(deps): replace debug with obug (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21107\"\u003e#21107\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://github.com/vitejs/vite/commit/2d66b7b14aa6dfd62f3d6a59ee8382ed5ca6fd32\"\u003e2d66b7b\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.2.2...v7.2.3\"\u003e7.2.3\u003c/a\u003e (2025-11-20)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/cc383e07b66d4c5a9768fcb570e0af812cb8d999\"\u003e\u003ccode\u003ecc383e0\u003c/code\u003e\u003c/a\u003e release: v7.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/09d8c903bde12fee2710314d3b42bc789c686df7\"\u003e\u003ccode\u003e09d8c90\u003c/code\u003e\u003c/a\u003e fix: avoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22161\"\u003e#22161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/f8103cc946f137a54e395fe3f5d08e8209231ed6\"\u003e\u003ccode\u003ef8103cc\u003c/code\u003e\u003c/a\u003e fix: check \u003ccode\u003eserver.fs\u003c/code\u003e after stripping query as well (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22160\"\u003e#22160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/19db0f29c3a3ac4e64cc95c270716c77fd223ad1\"\u003e\u003ccode\u003e19db0f2\u003c/code\u003e\u003c/a\u003e fix: backport \u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22159\"\u003e#22159\u003c/a\u003e, apply server.fs check to env transport (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22162\"\u003e#22162\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/95e8923f35d0252c9f6eb2d5e358c084542706f1\"\u003e\u003ccode\u003e95e8923\u003c/code\u003e\u003c/a\u003e release: v7.3.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/9d39d373a7b4e0a93322b70b9dbeb202af06af3e\"\u003e\u003ccode\u003e9d39d37\u003c/code\u003e\u003c/a\u003e feat: add \u003ccode\u003eignoreOutdatedRequests\u003c/code\u003e option to \u003ccode\u003eoptimizeDeps\u003c/code\u003e (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/21364\"\u003e#21364\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/acf7e05eaeb18e98f5e19e2d3e648950726f20d1\"\u003e\u003ccode\u003eacf7e05\u003c/code\u003e\u003c/a\u003e release: v7.3.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/cff26ec0fc13373d7125a5eac6cb01fe63fee4b1\"\u003e\u003ccode\u003ecff26ec\u003c/code\u003e\u003c/a\u003e feat(deps): update esbuild from ^0.25.0 to ^0.27.0 (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/21183\"\u003e#21183\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/317b3b272f9ef6faa647a51ab3b0768fecc1071d\"\u003e\u003ccode\u003e317b3b2\u003c/code\u003e\u003c/a\u003e release: v7.2.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/721f16343d9555ae8fc71a2e5354b22e12ff0dc3\"\u003e\u003ccode\u003e721f163\u003c/code\u003e\u003c/a\u003e fix: plugin shortcut support (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/21211\"\u003e#21211\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vitejs/vite/commits/v7.3.2/packages/vite\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@isaacs/brace-expansion` from 5.0.0 to 5.0.1\n\nUpdates `@opentelemetry/exporter-prometheus` from 0.203.0 to 0.218.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/releases\"\u003e@​opentelemetry/exporter-prometheus's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eexperimental/v0.218.0\u003c/h2\u003e\n\u003ch2\u003e0.218.0\u003c/h2\u003e\n\u003ch3\u003e:rocket: Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat(otlp-transformer): replace protobufjs metrics serialization with custom implementation \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6629\"\u003e#6625\u003c/a\u003e \u003ca href=\"https://github.com/pichlermarc\"\u003e\u003ccode\u003e@​pichlermarc\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(configuration): show all config validation errors, if there are multiple \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6683\"\u003e#6683\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(sdk-node): allow startNodeSDK() without an arg \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6688\"\u003e#6688\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e:house: Internal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003erefactor(sdk-logs): alias \u003ccode\u003eLoggerProviderConfig\u003c/code\u003e to \u003ccode\u003eLoggerProviderOptions\u003c/code\u003e \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6691\"\u003e#6691\u003c/a\u003e \u003ca href=\"https://github.com/david-luna\"\u003e\u003ccode\u003e@​david-luna\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erefactor(sdk-logs): use \u003ccode\u003eLogger.enabled()\u003c/code\u003e within \u003ccode\u003eLogger.emit()\u003c/code\u003e implementation \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6680\"\u003e#6680\u003c/a\u003e \u003ca href=\"https://github.com/david-luna\"\u003e\u003ccode\u003e@​david-luna\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eexperimental/v0.217.0\u003c/h2\u003e\n\u003ch2\u003e0.217.0\u003c/h2\u003e\n\u003ch3\u003e:rocket: Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat(otlp-transformer): replace protobufjs trace serialization with custom implementation \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6625\"\u003e#6625\u003c/a\u003e \u003ca href=\"https://github.com/pichlermarc\"\u003e\u003ccode\u003e@​pichlermarc\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(configuration): auto-generate TypeScript types from OTel declarative config JSON schema (stable v1.0.0) using \u003ccode\u003ejson-schema-to-typescript\u003c/code\u003e and \u003ccode\u003eajv\u003c/code\u003e \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6533\"\u003e#6533\u003c/a\u003e \u003ca href=\"https://github.com/MikeGoldsmith\"\u003e\u003ccode\u003e@​MikeGoldsmith\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(configuration, sdk-node): \u003ccode\u003estartNodeSDK()\u003c/code\u003e code path now uses \u003ccode\u003elog_level\u003c/code\u003e configuration to setup a DiagConsoleLogger \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6668\"\u003e#6668\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eNote that allowed values for \u003ccode\u003elog_level\u003c/code\u003e in a configuration YAML file are \u003cem\u003enot\u003c/em\u003e the same set as for \u003ccode\u003eOTEL_LOG_LEVEL\u003c/code\u003e. Use \u003ccode\u003elog_level: trace\u003c/code\u003e to see \u003cem\u003eall\u003c/em\u003e logs (equivalent of \u003ccode\u003eOTEL_LOG_LEVEL=ALL\u003c/code\u003e). Use \u003ccode\u003elog_level: fatal\u003c/code\u003e to effectively disable the SDK's internal diagnostic logger (equivalent of \u003ccode\u003eOTEL_LOG_LEVEL=NONE\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eIf \u003ccode\u003elog_level\u003c/code\u003e is not specified, a diagnostic console logger at \u0026quot;info\u0026quot; level will be setup.\u003c/li\u003e\n\u003cli\u003eAn invalid YAML config file will now result in a noop OTel SDK.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e:bug: Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix(configuration): do not validate \u003ccode\u003eOTEL_CONFIG_FILE\u003c/code\u003e value before using it for file config \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6643\"\u003e#6643\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(configuration): improve how 'additionalProperties' in JSON schema is translated to TS types \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6650\"\u003e#6650\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(configuration): remove stripMinItems and preprocessNullArrays from validation/parsing \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6657\"\u003e#6657\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(configuration): improve handling of enums in generated types \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6659\"\u003e#6659\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(configuration): improve the technique for removing '| null' on types the JSON Schema \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6662\"\u003e#6662\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(sampler-jaeger-remote): add missing axios dep \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6656\"\u003e#6656\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(exporter-prometheus): handle malformed URLs in Prometheus exporter request handler \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6674\"\u003e#6674\u003c/a\u003e \u003ca href=\"https://github.com/homanp\"\u003e\u003ccode\u003e@​homanp\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eexperimental/v0.216.0\u003c/h2\u003e\n\u003ch2\u003e0.216.0\u003c/h2\u003e\n\u003ch3\u003e:rocket: Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat(sdk-node): wire attribute_keys from declarative configuration to ViewOptions.attributesProcessors \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6427\"\u003e#6427\u003c/a\u003e \u003ca href=\"https://github.com/ravitheja4531-cell\"\u003e\u003ccode\u003e@​ravitheja4531-cell\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(sdk-node): set TracerProvider in startNodeSDK() \u003ca ...\n\n_Description has been truncated_","html_url":"https://github.com/cosmiccareer/terminai/pull/13","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/cosmiccareer%2Fterminai/issues/13","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/13/packages"},{"uuid":"4500243369","node_id":"PR_kwDOQzTyFs7eORM-","number":9,"state":"closed","title":"Bump the npm_and_yarn group across 15 directories with 24 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-22T11:28:11.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-22T05:56:45.000Z","updated_at":"2026-05-22T11:28:13.000Z","time_to_close":19886,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":24,"packages":[{"name":"rollup","old_version":"3.29.5","new_version":"3.30.0","repository_url":"https://github.com/rollup/rollup"},{"name":"undici","old_version":"5.28.4","new_version":"6.24.0","repository_url":"https://github.com/nodejs/undici"},{"name":"electron","old_version":"23.1.2","new_version":"39.8.5","repository_url":"https://github.com/electron/electron"},{"name":"webpack","old_version":"5.82.1","new_version":"5.104.1","repository_url":"https://github.com/webpack/webpack"},{"name":"webpack-dev-server","old_version":"4.15.0","new_version":"5.2.4","repository_url":"https://github.com/webpack/webpack-dev-server"},{"name":"immutable","old_version":"4.0.0-rc.12","new_version":"4.3.8","repository_url":"https://github.com/immutable-js/immutable-js"},{"name":"@tootallnate/once","old_version":"2.0.0","new_version":"2.0.1","repository_url":"https://github.com/TooTallNate/once"},{"name":"fast-xml-parser","old_version":"3.19.0","new_version":"3.21.1","repository_url":"https://github.com/NaturalIntelligence/fast-xml-parser"},{"name":"flatted","old_version":"3.2.7","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"follow-redirects","old_version":"1.15.6","new_version":"1.16.0","repository_url":"https://github.com/follow-redirects/follow-redirects"},{"name":"jws","old_version":"3.2.2","new_version":"3.2.3","repository_url":"https://github.com/brianloveswords/node-jws"},{"name":"lodash","old_version":"4.17.21","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"node-forge","old_version":"1.3.1","new_version":"1.4.0","repository_url":"https://github.com/digitalbazaar/forge"},{"name":"postcss","old_version":"6.0.23","new_version":"8.5.15","repository_url":"https://github.com/postcss/postcss"},{"name":"protocol-buffers-schema","old_version":"3.3.2","new_version":"3.6.1","repository_url":"https://github.com/mafintosh/protocol-buffers-schema"},{"name":"simple-git","old_version":"3.28.0","new_version":"3.36.0","repository_url":"https://github.com/steveukx/git-js"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 16 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [rollup](https://github.com/rollup/rollup) | `3.29.5` | `3.30.0` |\n| [undici](https://github.com/nodejs/undici) | `5.28.4` | `6.24.0` |\n| [electron](https://github.com/electron/electron) | `23.1.2` | `39.8.5` |\n| [webpack](https://github.com/webpack/webpack) | `5.82.1` | `5.104.1` |\n| [webpack-dev-server](https://github.com/webpack/webpack-dev-server) | `4.15.0` | `5.2.4` |\n| [immutable](https://github.com/immutable-js/immutable-js) | `4.0.0-rc.12` | `4.3.8` |\n| [@tootallnate/once](https://github.com/TooTallNate/once) | `2.0.0` | `2.0.1` |\n| [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) | `3.19.0` | `3.21.1` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.2.7` | `3.4.2` |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.6` | `1.16.0` |\n| [jws](https://github.com/brianloveswords/node-jws) | `3.2.2` | `3.2.3` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [node-forge](https://github.com/digitalbazaar/forge) | `1.3.1` | `1.4.0` |\n| [postcss](https://github.com/postcss/postcss) | `6.0.23` | `8.5.15` |\n| [protocol-buffers-schema](https://github.com/mafintosh/protocol-buffers-schema) | `3.3.2` | `3.6.1` |\n| [simple-git](https://github.com/steveukx/git-js/tree/HEAD/simple-git) | `3.28.0` | `3.36.0` |\n\nBumps the npm_and_yarn group with 7 updates in the /compiler/apps/playground directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [ajv](https://github.com/ajv-validator/ajv) | `6.12.6` | `6.15.0` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.1` | `3.4.2` |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.9` | `1.16.0` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [postcss](https://github.com/postcss/postcss) | `8.4.47` | `8.5.10` |\n| [next](https://github.com/vercel/next.js) | `15.5.9` | `15.5.18` |\n\nBumps the npm_and_yarn group with 2 updates in the /fixtures/attribute-behavior directory: [diff](https://github.com/kpdecker/jsdiff) and [lodash](https://github.com/lodash/lodash).\nBumps the npm_and_yarn group with 4 updates in the /fixtures/concurrent/time-slicing directory: [diff](https://github.com/kpdecker/jsdiff), [follow-redirects](https://github.com/follow-redirects/follow-redirects), [lodash](https://github.com/lodash/lodash) and [picomatch](https://github.com/micromatch/picomatch).\nBumps the npm_and_yarn group with 4 updates in the /fixtures/dom directory: [diff](https://github.com/kpdecker/jsdiff), [follow-redirects](https://github.com/follow-redirects/follow-redirects), [lodash](https://github.com/lodash/lodash) and [picomatch](https://github.com/micromatch/picomatch).\nBumps the npm_and_yarn group with 2 updates in the /fixtures/expiration directory: [diff](https://github.com/kpdecker/jsdiff) and [lodash](https://github.com/lodash/lodash).\nBumps the npm_and_yarn group with 1 update in the /fixtures/fiber-debugger directory: [diff](https://github.com/kpdecker/jsdiff).\nBumps the npm_and_yarn group with 6 updates in the /fixtures/flight directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [undici](https://github.com/nodejs/undici) | `5.28.4` | `6.24.0` |\n| [webpack](https://github.com/webpack/webpack) | `5.93.0` | `5.104.1` |\n| [@babel/plugin-transform-modules-systemjs](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs) | `7.18.9` | `7.29.4` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.11` | `4.18.1` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.2.2` | `2.3.2` |\n| [postcss](https://github.com/postcss/postcss) | `8.4.16` | `8.5.10` |\n\nBumps the npm_and_yarn group with 8 updates in the /fixtures/owner-stacks directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [rollup](https://github.com/rollup/rollup) | `2.79.2` | `2.80.0` |\n| [webpack](https://github.com/webpack/webpack) | `5.97.1` | `5.107.1` |\n| [@babel/plugin-transform-modules-systemjs](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs) | `7.25.9` | `7.29.4` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.2` | `3.4.2` |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.9` | `1.16.0` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [node-forge](https://github.com/digitalbazaar/forge) | `1.3.1` | `1.4.0` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n\nBumps the npm_and_yarn group with 3 updates in the /fixtures/ssr directory: [diff](https://github.com/kpdecker/jsdiff), [follow-redirects](https://github.com/follow-redirects/follow-redirects) and [lodash](https://github.com/lodash/lodash).\nBumps the npm_and_yarn group with 8 updates in the /fixtures/view-transition directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [rollup](https://github.com/rollup/rollup) | `2.79.2` | `2.80.0` |\n| [webpack](https://github.com/webpack/webpack) | `5.97.1` | `5.107.1` |\n| [@babel/plugin-transform-modules-systemjs](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs) | `7.25.9` | `7.29.4` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.2` | `3.4.2` |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.9` | `1.16.0` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [node-forge](https://github.com/digitalbazaar/forge) | `1.3.1` | `1.4.0` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n\nBumps the npm_and_yarn group with 1 update in the /packages/react-devtools-extensions directory: [webpack-dev-server](https://github.com/webpack/webpack-dev-server).\nBumps the npm_and_yarn group with 1 update in the /packages/react-devtools-inline directory: [webpack-dev-server](https://github.com/webpack/webpack-dev-server).\nBumps the npm_and_yarn group with 1 update in the /packages/react-devtools-shell directory: [webpack-dev-server](https://github.com/webpack/webpack-dev-server).\nBumps the npm_and_yarn group with 1 update in the /packages/react-devtools-timeline directory: [webpack-dev-server](https://github.com/webpack/webpack-dev-server).\n\nUpdates `minimatch` from 3.0.4 to 3.1.2\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/699c459443a6bd98f5b28197978f76e7f71467ac\"\u003e\u003ccode\u003e699c459\u003c/code\u003e\u003c/a\u003e 3.1.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/2f2b5ff1bb1b6a01f4404f7e475f0a2cba578ab7\"\u003e\u003ccode\u003e2f2b5ff\u003c/code\u003e\u003c/a\u003e fix: trim pattern\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/25d7c0d09c47063c9b0d2ace17ef8e951d90eccc\"\u003e\u003ccode\u003e25d7c0d\u003c/code\u003e\u003c/a\u003e 3.1.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/55dda291dfb595bd11b4edb19b45dd98eda76de0\"\u003e\u003ccode\u003e55dda29\u003c/code\u003e\u003c/a\u003e fix: treat nocase:true as always having magic\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/5e1fb8dd2bb78c0ae22101b9229fac4c76ef039e\"\u003e\u003ccode\u003e5e1fb8d\u003c/code\u003e\u003c/a\u003e 3.1.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/f8145c54f34075069f4a23cb214d871da4cd4006\"\u003e\u003ccode\u003ef8145c5\u003c/code\u003e\u003c/a\u003e Add 'allowWindowsEscape' option\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/570e8b1aef6c9e823a824aa0b9be10db43857cd7\"\u003e\u003ccode\u003e570e8b1\u003c/code\u003e\u003c/a\u003e add publishConfig for v3 publishes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/5b7cd3372be253759fb4d865eb3f38f189a5fcdf\"\u003e\u003ccode\u003e5b7cd33\u003c/code\u003e\u003c/a\u003e 3.0.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/20b4b562830680867feb75f9c635aca08e5c86ff\"\u003e\u003ccode\u003e20b4b56\u003c/code\u003e\u003c/a\u003e [fix] revert all breaking syntax changes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/2ff038852ec03e85e60e0eb333005c680ac8a543\"\u003e\u003ccode\u003e2ff0388\u003c/code\u003e\u003c/a\u003e document, expose, and test 'partial:true' option\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v3.0.4...v3.1.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rollup` from 3.29.5 to 3.30.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rollup/rollup/releases\"\u003erollup's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.30.0\u003c/h2\u003e\n\u003ch2\u003e3.30.0\u003c/h2\u003e\n\u003cp\u003e\u003cem\u003e2026-02-22\u003c/em\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThrow when the generated bundle contains paths that would leave the output directory (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6276\"\u003e#6276\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePull Requests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6276\"\u003e#6276\u003c/a\u003e: Validate bundle stays within output dir (\u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rollup/rollup/blob/v3.30.0/CHANGELOG.md\"\u003erollup's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.30.0\u003c/h2\u003e\n\u003cp\u003e\u003cem\u003e2026-02-22\u003c/em\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThrow when the generated bundle contains paths that would leave the output directory (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6276\"\u003e#6276\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePull Requests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6276\"\u003e#6276\u003c/a\u003e: Validate bundle stays within output dir (\u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/d91d5e11becc2f16d3a493231fb5bf48f74758a9\"\u003e\u003ccode\u003ed91d5e1\u003c/code\u003e\u003c/a\u003e 3.30.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/967740910dc90f3c928c91642f2b80c1ed40d60b\"\u003e\u003ccode\u003e9677409\u003c/code\u003e\u003c/a\u003e Update release script for backports\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/c8cf1f9c48c516285758c1e11f08a54f304fd44e\"\u003e\u003ccode\u003ec8cf1f9\u003c/code\u003e\u003c/a\u003e Validate bundle stays within output dir (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6276\"\u003e#6276\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/rollup/rollup/compare/v3.29.5...v3.30.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `undici` from 5.28.4 to 6.24.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodejs/undici/releases\"\u003eundici's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.24.0\u003c/h2\u003e\n\u003ch1\u003eUndici v6.24.0 Security Release Notes (LTS)\u003c/h1\u003e\n\u003cp\u003eThis release backports fixes for security vulnerabilities affecting the v6 line.\u003c/p\u003e\n\u003ch2\u003eUpgrade guidance\u003c/h2\u003e\n\u003cp\u003eAll users on v6 should upgrade to \u003cstrong\u003ev6.24.0\u003c/strong\u003e or later.\u003c/p\u003e\n\u003ch2\u003eFixed advisories\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-6q6p-2qxm\"\u003eGHSA-2mjp-6q6p-2qxm\u003c/a\u003e / CVE-2026-1525 (Medium)\u003cbr /\u003e\nInconsistent interpretation of HTTP requests (request/response smuggling class issue).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj\"\u003eGHSA-f269-vfmq-vjvj\u003c/a\u003e / CVE-2026-1528 (High)\u003cbr /\u003e\nMalicious WebSocket 64-bit frame length handling could crash the client.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-4992-7rv2-5pvq\"\u003eGHSA-4992-7rv2-5pvq\u003c/a\u003e / CVE-2026-1527 (Medium)\u003cbr /\u003e\nCRLF injection via the \u003ccode\u003eupgrade\u003c/code\u003e option.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8\"\u003eGHSA-v9p9-hfj2-hcw8\u003c/a\u003e / CVE-2026-2229 (High)\u003cbr /\u003e\nUnhandled exception from invalid \u003ccode\u003eserver_max_window_bits\u003c/code\u003e in WebSocket permessage-deflate negotiation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q\"\u003eGHSA-vrm6-8vpv-qv8q\u003c/a\u003e / CVE-2026-1526 (High)\u003cbr /\u003e\nUnbounded memory consumption in WebSocket permessage-deflate decompression.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNot applicable to v6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-phc3-fgpg-7m6h\"\u003eGHSA-phc3-fgpg-7m6h\u003c/a\u003e / CVE-2026-2581 affects \u003ccode\u003e\u0026gt;= 7.17.0 \u0026lt; 7.24.0\u003c/code\u003e only.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAffected and patched ranges (v6)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-1525: affected \u003ccode\u003e\u0026lt; 6.24.0\u003c/code\u003e, patched \u003ccode\u003e6.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1528: affected \u003ccode\u003e\u0026gt;= 6.0.0 \u0026lt; 6.24.0\u003c/code\u003e, patched \u003ccode\u003e6.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1527: affected \u003ccode\u003e\u0026lt; 6.24.0\u003c/code\u003e, patched \u003ccode\u003e6.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-2229: affected \u003ccode\u003e\u0026lt; 6.24.0\u003c/code\u003e, patched \u003ccode\u003e6.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1526: affected \u003ccode\u003e\u0026lt; 6.24.0\u003c/code\u003e, patched \u003ccode\u003e6.24.0\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eReferences\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eGitHub Security Advisories: \u003ca href=\"https://github.com/nodejs/undici/security/advisories\"\u003ehttps://github.com/nodejs/undici/security/advisories\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-1525: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-1525\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-1525\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-1528: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-1528\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-1528\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-1527: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-1527\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-1527\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-2229: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-2229\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-2229\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-1526: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-1526\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-1526\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.23.0\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/8873c947271faf1ebc455bdc6158ecbc022ecfa9\"\u003e\u003ccode\u003e8873c94\u003c/code\u003e\u003c/a\u003e Bumped v6.24.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/411bd01a42e7917009bbf686f7628b99d67bbce9\"\u003e\u003ccode\u003e411bd01\u003c/code\u003e\u003c/a\u003e test(websocket): use node:assert for Node 18 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/844bf59699d778944f78a24ae819c0e8f295766e\"\u003e\u003ccode\u003e844bf59\u003c/code\u003e\u003c/a\u003e test: fix http2 lint regressions in backport\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/a444e4f13e8958b4e1ac42bc0d53ace7fba0a9c1\"\u003e\u003ccode\u003ea444e4f\u003c/code\u003e\u003c/a\u003e test: stabilize h2 and tls-cert-leak under current test runner\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/dc032a1050d5489b8ce9b4c22aafba98a942f87b\"\u003e\u003ccode\u003edc032a1\u003c/code\u003e\u003c/a\u003e fix: h2 CI (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4395\"\u003e#4395\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/4cd3f4b3a2ef910ba728c47ae78294d956410450\"\u003e\u003ccode\u003e4cd3f4b\u003c/code\u003e\u003c/a\u003e test: increase bitness in \u003ccode\u003etest/fixtures/*.pem\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/3659\"\u003e#3659\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/7df6442194b7a54e9ac734335e6e0a56a9bc6666\"\u003e\u003ccode\u003e7df6442\u003c/code\u003e\u003c/a\u003e fix: adapt websocket frame-limit handling for v6 parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/4e0179ae643e6f4380f24cc3683c1b1ca2afb094\"\u003e\u003ccode\u003e4e0179a\u003c/code\u003e\u003c/a\u003e fix: reject duplicate content-length and host headers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/5a97f0893b53ba7d1d5549d3df7e55d9c2673f89\"\u003e\u003ccode\u003e5a97f08\u003c/code\u003e\u003c/a\u003e Fix websocket 64-bit length overflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/e43e898603dd5e0c14a75b08b83257598d664a39\"\u003e\u003ccode\u003ee43e898\u003c/code\u003e\u003c/a\u003e fix: validate upgrade header to prevent CRLF injection\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nodejs/undici/compare/v5.28.4...v6.24.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for undici since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `electron` from 23.1.2 to 39.8.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/electron/electron/releases\"\u003eelectron's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eelectron v39.8.5\u003c/h2\u003e\n\u003ch1\u003eRelease Notes for v39.8.5\u003c/h1\u003e\n\u003ch2\u003eFixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a crash in \u003ccode\u003eclipboard.readImage()\u003c/code\u003e when the clipboard contains malformed image data. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50493\"\u003e#50493\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50491\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50492\"\u003e41\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50494\"\u003e42\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003cli\u003eFixed a crash when calling an offscreen shared texture's \u003ccode\u003erelease()\u003c/code\u003e after the texture object was garbage collected. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50499\"\u003e#50499\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50500\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50501\"\u003e41\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50502\"\u003e42\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eelectron v39.8.4\u003c/h2\u003e\n\u003ch1\u003eRelease Notes for v39.8.4\u003c/h1\u003e\n\u003ch2\u003eFixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where \u003ccode\u003enodeIntegrationInWorker\u003c/code\u003e overrides in \u003ccode\u003esetWindowOpenHandler\u003c/code\u003e were not honored for child windows sharing a renderer process with their opener. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50468\"\u003e#50468\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50163\"\u003e38\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50467\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50134\"\u003e41\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003cli\u003eFixed crash when handling JavaScript dialogs from windows opened with invalid or empty URLs. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50400\"\u003e#50400\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50401\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50399\"\u003e41\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50398\"\u003e42\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003cli\u003eFixed improper focus tracking in BaseWindow on MacOS. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50338\"\u003e#50338\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50337\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50340\"\u003e41\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50339\"\u003e42\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003cli\u003eFixed window freeze when failing to enter/exit fullscreen on macOS. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50341\"\u003e#50341\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50344\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50343\"\u003e41\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50342\"\u003e42\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eOther Changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for using a proxy during yarn install. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50349\"\u003e#50349\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50352\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50350\"\u003e41\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50351\"\u003e42\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003cli\u003eBackported fix for 485935305. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50440\"\u003e#50440\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBackported fix for 489381399. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50443\"\u003e#50443\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBackported fix for chromium:475877320. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50436\"\u003e#50436\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBackported fixes for 484751092, 487117772. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50461\"\u003e#50461\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eelectron v39.8.3\u003c/h2\u003e\n\u003ch1\u003eRelease Notes for v39.8.3\u003c/h1\u003e\n\u003ch2\u003eFixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded additional ASAR support to additional \u003ccode\u003efs\u003c/code\u003e copy methods. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50284\"\u003e#50284\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50287\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50286\"\u003e41\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50285\"\u003e42\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003cli\u003eFixed user resizing of transparent windows on win32 platform. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50300\"\u003e#50300\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50301\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50298\"\u003e41\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50299\"\u003e42\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eelectron v39.8.2\u003c/h2\u003e\n\u003ch1\u003eRelease Notes for v39.8.2\u003c/h1\u003e\n\u003ch2\u003eOther Changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBackported fix for b/491421267. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50230\"\u003e#50230\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eelectron v39.8.1\u003c/h2\u003e\n\u003ch1\u003eRelease Notes for v39.8.1\u003c/h1\u003e\n\u003ch2\u003eFixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded validation to protocol client methods to reject protocol names that do not conform to the RFC 3986 URI scheme grammar. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50156\"\u003e#50156\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50157\"\u003e38\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50158\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50155\"\u003e41\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue on macOS where calling \u003ccode\u003eautoUpdater.quitAndInstall()\u003c/code\u003e could fail if \u003ccode\u003echeckForUpdates()\u003c/code\u003e was called again after an update was already downloaded. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50215\"\u003e#50215\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50216\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50217\"\u003e41\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue where Chrome Devtools menus may not appear in certain embedded windows. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50136\"\u003e#50136\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50138\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50137\"\u003e41\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue where \u003ccode\u003eadditionalData\u003c/code\u003e passed to \u003ccode\u003eapp.requestSingleInstanceLock\u003c/code\u003e on Windows could be truncated or fail to deserialize in the primary instance's \u003ccode\u003esecond-instance\u003c/code\u003e event. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50174\"\u003e#50174\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50177\"\u003e38\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50162\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50154\"\u003e41\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue where \u003ccode\u003escreen.getCursorScreenPoint()\u003c/code\u003e crashed on Wayland when it was called before a \u003ccode\u003eBrowserWindow\u003c/code\u003e had been created. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50106\"\u003e#50106\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50104\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50105\"\u003e41\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/electron/electron/commit/9d2f8cb4da0d35e2daf7e7f60e35313b508cb224\"\u003e\u003ccode\u003e9d2f8cb\u003c/code\u003e\u003c/a\u003e refactor: remove dead named-window lookup from guest-window-manager (\u003ca href=\"https://redirect.github.com/electron/electron/issues/50498\"\u003e#50498\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/electron/electron/commit/11730047394233e70743c52567e17f4c3b2dc9fc\"\u003e\u003ccode\u003e1173004\u003c/code\u003e\u003c/a\u003e fix: crash calling OSR shared texture release() after texture GC'd (\u003ca href=\"https://redirect.github.com/electron/electron/issues/50499\"\u003e#50499\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/electron/electron/commit/be37adefd08f882e3f1fb8403d2d9e92c3009d56\"\u003e\u003ccode\u003ebe37ade\u003c/code\u003e\u003c/a\u003e fix: crash in clipboard.readImage() on malformed image data (\u003ca href=\"https://redirect.github.com/electron/electron/issues/50493\"\u003e#50493\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/electron/electron/commit/7007907df08d02da98f513dcbdb430ab51be59c7\"\u003e\u003ccode\u003e7007907\u003c/code\u003e\u003c/a\u003e chore: cherry-pick 3 changes from chromium (\u003ca href=\"https://redirect.github.com/electron/electron/issues/50461\"\u003e#50461\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/electron/electron/commit/2c8b6ee0c0a7c26871dc0b320982afd8ed29df6c\"\u003e\u003ccode\u003e2c8b6ee\u003c/code\u003e\u003c/a\u003e chore: cherry-pick fbfb27470bf6 from chromium (\u003ca href=\"https://redirect.github.com/electron/electron/issues/50436\"\u003e#50436\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/electron/electron/commit/4c64377ead6b53bc565d7793a2712e49882e5354\"\u003e\u003ccode\u003e4c64377\u003c/code\u003e\u003c/a\u003e chore: cherry-pick 50b057660b4d from chromium (\u003ca href=\"https://redirect.github.com/electron/electron/issues/50440\"\u003e#50440\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/electron/electron/commit/0ef056130cde0c19c81ccfbc2932df6911765849\"\u003e\u003ccode\u003e0ef0561\u003c/code\u003e\u003c/a\u003e fix: read nodeIntegrationInWorker from per-frame WebPreferences (\u003ca href=\"https://redirect.github.com/electron/electron/issues/50122\"\u003e#50122\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/electron/electron/issues/50\"\u003e#50\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/electron/electron/commit/64373df3ca697bc6fe6e3ab1f463ba05beaf64cf\"\u003e\u003ccode\u003e64373df\u003c/code\u003e\u003c/a\u003e chore: cherry-pick 074d472db745 from chromium (\u003ca href=\"https://redirect.github.com/electron/electron/issues/50443\"\u003e#50443\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/electron/electron/commit/13e44072be367f516cfad36f95d183765174f4bf\"\u003e\u003ccode\u003e13e4407\u003c/code\u003e\u003c/a\u003e fix: don't re-parse URL unnecessarily when handling dialogs (\u003ca href=\"https://redirect.github.com/electron/electron/issues/50400\"\u003e#50400\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/electron/electron/commit/16a038502a4ea0c79976be60bcc8f28a49f1ab99\"\u003e\u003ccode\u003e16a0385\u003c/code\u003e\u003c/a\u003e ci: output build cache hit rate as GHA annotation (\u003ca href=\"https://redirect.github.com/electron/electron/issues/50369\"\u003e#50369\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/electron/electron/compare/v23.1.2...v39.8.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `webpack` from 5.82.1 to 5.104.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack/releases\"\u003ewebpack's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.104.1\u003c/h2\u003e\n\u003ch2\u003e5.104.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e2efd21b: Reexports runtime calculation should not accessing \u003cstrong\u003eWEBPACK_IMPORT_KEY\u003c/strong\u003e decl with var.\u003c/li\u003e\n\u003cli\u003ec510070: Fixed a user information bypass vulnerability in the HttpUriPlugin plugin.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.104.0\u003c/h2\u003e\n\u003ch2\u003e5.104.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ed3dd841: Use method shorthand to render module content in \u003ccode\u003e__webpack_modules__\u003c/code\u003e object.\u003c/li\u003e\n\u003cli\u003ed3dd841: Enhance \u003ccode\u003eimport.meta.env\u003c/code\u003e to support object access.\u003c/li\u003e\n\u003cli\u003e4baab4e: Optimize dependency sorting in updateParent: sort each module only once by deferring to finishUpdateParent(), and reduce traversal count in sortWithSourceOrder by caching WeakMap values upfront.\u003c/li\u003e\n\u003cli\u003e04cd530: Handle more at-rules for CSS modules.\u003c/li\u003e\n\u003cli\u003ecafae23: Added options to control the renaming of at-rules and various identifiers in CSS modules.\u003c/li\u003e\n\u003cli\u003ed3dd841: Added \u003ccode\u003ebase64url\u003c/code\u003e, \u003ccode\u003ebase62\u003c/code\u003e, \u003ccode\u003ebase58\u003c/code\u003e, \u003ccode\u003ebase52\u003c/code\u003e, \u003ccode\u003ebase49\u003c/code\u003e, \u003ccode\u003ebase36\u003c/code\u003e, \u003ccode\u003ebase32\u003c/code\u003e and \u003ccode\u003ebase25\u003c/code\u003e digests.\u003c/li\u003e\n\u003cli\u003e5983843: Provide a stable runtime function variable \u003ccode\u003e__webpack_global__\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003ed3dd841: Improved \u003ccode\u003elocalIdentName\u003c/code\u003e hashing for CSS.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e22c48fb: Added module existence check for informative error message in development mode.\u003c/li\u003e\n\u003cli\u003e50689e1: Use the fully qualified class name (or export name) for \u003ccode\u003e[fullhash]\u003c/code\u003e placeholder in CSS modules.\u003c/li\u003e\n\u003cli\u003ed3dd841: Support universal lazy compilation.\u003c/li\u003e\n\u003cli\u003ed3dd841: Fixed module library export definitions when multiple runtimes.\u003c/li\u003e\n\u003cli\u003ed3dd841: Fixed CSS nesting and CSS custom properties parsing.\u003c/li\u003e\n\u003cli\u003ed3dd841: Don't write fragment from URL to filename and apply fragment to module URL.\u003c/li\u003e\n\u003cli\u003eaab1da9: Fixed bugs for \u003ccode\u003ecss/global\u003c/code\u003e type.\u003c/li\u003e\n\u003cli\u003ed3dd841: Compatibility \u003ccode\u003eimport.meta.filename\u003c/code\u003e and \u003ccode\u003eimport.meta.dirname\u003c/code\u003e with \u003ccode\u003eeval\u003c/code\u003e devtools.\u003c/li\u003e\n\u003cli\u003ed3dd841: Handle nested \u003ccode\u003e__webpack_require__\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e728ddb7: The speed of identifier parsing has been improved.\u003c/li\u003e\n\u003cli\u003e0f8b31b: Improve types.\u003c/li\u003e\n\u003cli\u003ed3dd841: Don't corrupt \u003ccode\u003edebugId\u003c/code\u003e injection when \u003ccode\u003ehidden-source-map\u003c/code\u003e is used.\u003c/li\u003e\n\u003cli\u003e2179fdb: Re-validate HttpUriPlugin redirects against allowedUris, restrict to http(s) and add a conservative redirect limit to prevent SSRF and untrusted content inclusion. Redirects failing policy are rejected before caching/lockfile writes.\u003c/li\u003e\n\u003cli\u003ed3dd841: Serialize \u003ccode\u003eHookWebpackError\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003ed3dd841: Added ability to use built-in properties in dotenv and define plugin.\u003c/li\u003e\n\u003cli\u003e3c4319f: Optimizing the regular expression character class by specifying ranges for runtime code.\u003c/li\u003e\n\u003cli\u003ed3dd841: Reduce collision for local indent name in CSS.\u003c/li\u003e\n\u003cli\u003ed3dd841: Remove CSS link tags when CSS imports are removed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.103.0\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003eDotenvPlugin\u003c/code\u003e and top level \u003ccode\u003edotenv\u003c/code\u003e option to enable this plugin\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eWebpackManifestPlugin\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdded support the \u003ccode\u003eignoreList\u003c/code\u003e option in devtool plugins\u003c/li\u003e\n\u003cli\u003eAllow to use custom javascript parse function\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack/blob/main/CHANGELOG.md\"\u003ewebpack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.104.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e2efd21b: Reexports runtime calculation should not accessing \u003cstrong\u003eWEBPACK_IMPORT_KEY\u003c/strong\u003e decl with var.\u003c/li\u003e\n\u003cli\u003ec510070: Fixed a user information bypass vulnerability in the HttpUriPlugin plugin.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.104.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ed3dd841: Use method shorthand to render module content in \u003ccode\u003e__webpack_modules__\u003c/code\u003e object.\u003c/li\u003e\n\u003cli\u003ed3dd841: Enhance \u003ccode\u003eimport.meta.env\u003c/code\u003e to support object access.\u003c/li\u003e\n\u003cli\u003e4baab4e: Optimize dependency sorting in updateParent: sort each module only once by deferring to finishUpdateParent(), and reduce traversal count in sortWithSourceOrder by caching WeakMap values upfront.\u003c/li\u003e\n\u003cli\u003e04cd530: Handle more at-rules for CSS modules.\u003c/li\u003e\n\u003cli\u003ecafae23: Added options to control the renaming of at-rules and various identifiers in CSS modules.\u003c/li\u003e\n\u003cli\u003ed3dd841: Added \u003ccode\u003ebase64url\u003c/code\u003e, \u003ccode\u003ebase62\u003c/code\u003e, \u003ccode\u003ebase58\u003c/code\u003e, \u003ccode\u003ebase52\u003c/code\u003e, \u003ccode\u003ebase49\u003c/code\u003e, \u003ccode\u003ebase36\u003c/code\u003e, \u003ccode\u003ebase32\u003c/code\u003e and \u003ccode\u003ebase25\u003c/code\u003e digests.\u003c/li\u003e\n\u003cli\u003e5983843: Provide a stable runtime function variable \u003ccode\u003e__webpack_global__\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003ed3dd841: Improved \u003ccode\u003elocalIdentName\u003c/code\u003e hashing for CSS.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e22c48fb: Added module existence check for informative error message in development mode.\u003c/li\u003e\n\u003cli\u003e50689e1: Use the fully qualified class name (or export name) for \u003ccode\u003e[fullhash]\u003c/code\u003e placeholder in CSS modules.\u003c/li\u003e\n\u003cli\u003ed3dd841: Support universal lazy compilation.\u003c/li\u003e\n\u003cli\u003ed3dd841: Fixed module library export definitions when multiple runtimes.\u003c/li\u003e\n\u003cli\u003ed3dd841: Fixed CSS nesting and CSS custom properties parsing.\u003c/li\u003e\n\u003cli\u003ed3dd841: Don't write fragment from URL to filename and apply fragment to module URL.\u003c/li\u003e\n\u003cli\u003eaab1da9: Fixed bugs for \u003ccode\u003ecss/global\u003c/code\u003e type.\u003c/li\u003e\n\u003cli\u003ed3dd841: Compatibility \u003ccode\u003eimport.meta.filename\u003c/code\u003e and \u003ccode\u003eimport.meta.dirname\u003c/code\u003e with \u003ccode\u003eeval\u003c/code\u003e devtools.\u003c/li\u003e\n\u003cli\u003ed3dd841: Handle nested \u003ccode\u003e__webpack_require__\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e728ddb7: The speed of identifier parsing has been improved.\u003c/li\u003e\n\u003cli\u003e0f8b31b: Improve types.\u003c/li\u003e\n\u003cli\u003ed3dd841: Don't corrupt \u003ccode\u003edebugId\u003c/code\u003e injection when \u003ccode\u003ehidden-source-map\u003c/code\u003e is used.\u003c/li\u003e\n\u003cli\u003e2179fdb: Re-validate HttpUriPlugin redirects against allowedUris, restrict to http(s) and add a conservative redirect limit to prevent SSRF and untrusted content inclusion. Redirects failing policy are rejected before caching/lockfile writes.\u003c/li\u003e\n\u003cli\u003ed3dd841: Serialize \u003ccode\u003eHookWebpackError\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003ed3dd841: Added ability to use built-in properties in dotenv and define plugin.\u003c/li\u003e\n\u003cli\u003e3c4319f: Optimizing the regular expression character class by specifying ranges for runtime code.\u003c/li\u003e\n\u003cli\u003ed3dd841: Reduce collision for local indent name in CSS.\u003c/li\u003e\n\u003cli\u003ed3dd841: Remove CSS link tags when CSS imports are removed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/24e3c2d2c9f8c6d60810302b2ea70ed86e2863dc\"\u003e\u003ccode\u003e24e3c2d\u003c/code\u003e\u003c/a\u003e chore(release): new release (\u003ca href=\"https://redirect.github.com/webpack/webpack/issues/20253\"\u003e#20253\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/2efd21b0b06baa9b1a7f009b336379dcef24c1a5\"\u003e\u003ccode\u003e2efd21b\u003c/code\u003e\u003c/a\u003e fix(re-exports): reexports runtime calculation should not accessing `__WEBPAC...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/c5100702335a9cdcb75558ccd80def2329bd4abf\"\u003e\u003ccode\u003ec510070\u003c/code\u003e\u003c/a\u003e fix(security): userinfo bypass vulnerability in HttpUriPlugin allowedUris\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/4b0501c69700963bad1285b56f9cfa74704cb963\"\u003e\u003ccode\u003e4b0501c\u003c/code\u003e\u003c/a\u003e ci: fix release (\u003ca href=\"https://redirect.github.com/webpack/webpack/issues/20252\"\u003e#20252\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/0c213cecf2906bc41102c3a4cfdd1ad3522d0171\"\u003e\u003ccode\u003e0c213ce\u003c/code\u003e\u003c/a\u003e ci: use \u003ccode\u003e\\\u0026lt;@\u0026amp;1450591255485743204\u0026gt;\u003c/code\u003e over \u003ccode\u003e@here\u003c/code\u003e for discord notificationw\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/5bf8bc51bcfb49d25b73aae450b246cd8b8b423a\"\u003e\u003ccode\u003e5bf8bc5\u003c/code\u003e\u003c/a\u003e refactor: types for benchmarks and tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/505a5e744fbcf4471ddb534bf1d4aebea9643c1b\"\u003e\u003ccode\u003e505a5e7\u003c/code\u003e\u003c/a\u003e chore(release): new release (\u003ca href=\"https://redirect.github.com/webpack/webpack/issues/20188\"\u003e#20188\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/0c066808d59e4f9406e11bab4ffa2e0feacbd0e2\"\u003e\u003ccode\u003e0c06680\u003c/code\u003e\u003c/a\u003e refactor: update eslint configuration\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/2eb0d6a410513960bd7d65bf15baf15704a612eb\"\u003e\u003ccode\u003e2eb0d6a\u003c/code\u003e\u003c/a\u003e ci: release announcement (\u003ca href=\"https://redirect.github.com/webpack/webpack/issues/20238\"\u003e#20238\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/b2b24590a08755b706d2009ca97a226addf9e83b\"\u003e\u003ccode\u003eb2b2459\u003c/code\u003e\u003c/a\u003e ci: cancel in progress (\u003ca href=\"https://redirect.github.com/webpack/webpack/issues/20239\"\u003e#20239\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/webpack/webpack/compare/v5.82.1...v5.104.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `webpack-dev-server` from 4.15.0 to 5.2.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack-dev-server/releases\"\u003ewebpack-dev-server's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.2.4\u003c/h2\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.3...v5.2.4\"\u003e5.2.4\u003c/a\u003e (2026-05-11)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eset Cross-Origin-Resource-Policy header to prevent source code theft over HTTP\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.2.3\u003c/h2\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.2...v5.2.3\"\u003e5.2.3\u003c/a\u003e (2026-01-12)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003ecause\u003c/code\u003e for \u003ccode\u003eerrorObject\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5518\"\u003e#5518\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/37b033da2c48335178495a1987c469a26ef3de60\"\u003e37b033d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ecompatibility with event target and universal target and lazy compilation  (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/574026c44b9c51f0bbd2f5a2836c54607289a071\"\u003e574026c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eoverlay:\u003c/strong\u003e add ESC key to dismiss overlay (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5598\"\u003e#5598\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/f91baa8831e061e2998849966b8002b40b83fb07\"\u003ef91baa8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eprogress indicator styles (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5557\"\u003e#5557\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/41a53a1accdb0a90785d82cbe8a079794eeed3c8\"\u003e41a53a1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade selfsigned to v5\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.2.2\u003c/h2\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.1...v5.2.2\"\u003e5.2.2\u003c/a\u003e (2025-06-03)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u0026quot;Overlay enabled\u0026quot; false positive (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/18e72ee3e57a6e7598a6c068c0ff7c7bb6a857f1\"\u003e18e72ee\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edo not crush when error is null for runtime errors (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5447\"\u003e#5447\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/309991f947baa0354140b9930a9654ac792e20c4\"\u003e309991f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove unnecessary header \u003ccode\u003eX_TEST\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5451\"\u003e#5451\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/64a6124bf1b4d158bb42a4341dd03121ae3759fa\"\u003e64a6124\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erespect the \u003ccode\u003eallowedHosts\u003c/code\u003e option for cross-origin header check (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5510\"\u003e#5510\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/03d12141bf7be09dfb14e91e5c834ee63bd9a9a2\"\u003e03d1214\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.2.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.0...v6.0.0\"\u003e5.2.1\u003c/a\u003e (2025-03-26)\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ecross-origin requests are not allowed unless allowed by \u003ccode\u003eAccess-Control-Allow-Origin\u003c/code\u003e header\u003c/li\u003e\n\u003cli\u003erequests with an IP addresses in the \u003ccode\u003eOrigin\u003c/code\u003e header are not allowed to connect to WebSocket server unless configured by \u003ccode\u003eallowedHosts\u003c/code\u003e or it different from the \u003ccode\u003eHost\u003c/code\u003e header\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThe above changes may make the dev server not work if you relied on such behavior, but unfortunately they carry security risks, so they were considered as fixes.\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eprevent overlay for errors caught by React error boundaries (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5431\"\u003e#5431\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/8c1abc903ab444d9ce99e567b9a6c603e1ec06be\"\u003e8c1abc9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etake the first network found instead of the last one, this restores the same behavior as 5.0.4 (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5411\"\u003e#5411\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/ffd0b86b790d372f90e17aea92cfd9def83fee96\"\u003effd0b86\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.2.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.1.0...v5.2.0\"\u003e5.2.0\u003c/a\u003e (2024-12-11)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack-dev-server/blob/main/CHANGELOG.md\"\u003ewebpack-dev-server's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.3...v5.2.4\"\u003e5.2.4\u003c/a\u003e (2026-05-11)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eset Cross-Origin-Resource-Policy header to prevent source code theft over HTTP\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.2...v5.2.3\"\u003e5.2.3\u003c/a\u003e (2026-01-12)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003ecause\u003c/code\u003e for \u003ccode\u003eerrorObject\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5518\"\u003e#5518\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/37b033da2c48335178495a1987c469a26ef3de60\"\u003e37b033d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ecompatibility with event target and universal target and lazy compilation  (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/574026c44b9c51f0bbd2f5a2836c54607289a071\"\u003e574026c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eoverlay:\u003c/strong\u003e add ESC key to dismiss overlay (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5598\"\u003e#5598\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/f91baa8831e061e2998849966b8002b40b83fb07\"\u003ef91baa8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eprogress indicator styles (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5557\"\u003e#5557\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/41a53a1accdb0a90785d82cbe8a079794eeed3c8\"\u003e41a53a1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade selfsigned to v5\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.1...v5.2.2\"\u003e5.2.2\u003c/a\u003e (2025-06-03)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u0026quot;Overlay enabled\u0026quot; false positive (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/18e72ee3e57a6e7598a6c068c0ff7c7bb6a857f1\"\u003e18e72ee\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edo not crush when error is null for runtime errors (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5447\"\u003e#5447\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/309991f947baa0354140b9930a9654ac792e20c4\"\u003e309991f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove unnecessary header \u003ccode\u003eX_TEST\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5451\"\u003e#5451\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/64a6124bf1b4d158bb42a4341dd03121ae3759fa\"\u003e64a6124\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erespect the \u003ccode\u003eallowedHosts\u003c/code\u003e option for cross-origin header check (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5510\"\u003e#5510\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/03d12141bf7be09dfb14e91e5c834ee63bd9a9a2\"\u003e03d1214\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.0...v6.0.0\"\u003e5.2.1\u003c/a\u003e (2025-03-26)\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ecross-origin requests are not allowed unless allowed by \u003ccode\u003eAccess-Control-Allow-Origin\u003c/code\u003e header\u003c/li\u003e\n\u003cli\u003erequests with an IP addresses in the \u003ccode\u003eOrigin\u003c/code\u003e header are not allowed to connect to WebSocket server unless configured by \u003ccode\u003eallowedHosts\u003c/code\u003e or it different from the \u003ccode\u003eHost\u003c/code\u003e header\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThe above changes may make the dev server not work if you relied on such behavior, but unfortunately they carry security risks, so they were considered as fixes.\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eprevent overlay for errors caught by React error boundaries (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5431\"\u003e#5431\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/8c1abc903ab444d9ce99e567b9a6c603e1ec06be\"\u003e8c1abc9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etake the first network found instead of the last one, this restores the same behavior as 5.0.4 (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5411\"\u003e#5411\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/ffd0b86b790d372f90e17aea92cfd9def83fee96\"\u003effd0b86\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.1.0...v5.2.0\"\u003e5.2.0\u003c/a\u003e (2024-12-11)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadded \u003ccode\u003egetClientEntry\u003c/code\u003e and \u003ccode\u003egetClientHotEntry\u003c/code\u003e methods to get clients entries (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/dc642a832d45c23c5c7a08fbf29995e0db7e0d95\"\u003edc642a8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/fd401308f1cc026262880e2dab810004d6444282\"\u003e\u003ccode\u003efd40130\u003c/code\u003e\u003c/a\u003e chore(release): 5.2.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/ece4f3617bea31fb6d3833f69a32b6c289959a49\"\u003e\u003ccode\u003eece4f36\u003c/code\u003e\u003c/a\u003e chore: update deps (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5661\"\u003e#5661\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/a2161442a314a06a97e25d1404d08410cb4e9c51\"\u003e\u003ccode\u003ea216144\u003c/code\u003e\u003c/a\u003e ci: fix test (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5658\"\u003e#5658\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/df073c53a8cefb54210b43813fa6ee60364a554e\"\u003e\u003ccode\u003edf073c5\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/b550a702bd4246d1724513b70de0bfbe6604672f\"\u003e\u003ccode\u003eb550a70\u003c/code\u003e\u003c/a\u003e chore(release): 5.2.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/9704dc52e3f696ae1446428c25882745e9b65cbb\"\u003e\u003ccode\u003e9704dc5\u003c/code\u003e\u003c/a\u003e chore: upgrade selfsigned to v5 and remove node-forge dependency (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5618\"\u003e#5618\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/92bf644784741e8ea5adaa4a1dc26f4d462f223d\"\u003e\u003ccode\u003e92bf644\u003c/code\u003e\u003c/a\u003e chore: bump express to update qs (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5621\"\u003e#5621\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/792b2f0bd13a3b93abf701fe3a5cf41ee16722f4\"\u003e\u003ccode\u003e792b2f0\u003c/code\u003e\u003c/a\u003e chore(deps-dev): bump the dependencies group with 4 updates (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5606\"\u003e#5606\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/6d587cab3e023675de2feedf81bcdfcec7d5b774\"\u003e\u003ccode\u003e6d587ca\u003c/code\u003e\u003c/a\u003e chore(deps): bump the dependencies group across 1 directory with 27 updates (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/f91baa8831e061e2998849966b8002b40b83fb07\"\u003e\u003ccode\u003ef91baa8\u003c/code\u003e\u003c/a\u003e fix(overlay): add ESC key to dismiss overlay (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5598\"\u003e#5598\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v4.15.0...v5.2.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `immutable` from 4.0.0-rc.12 to 4.3.8\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/immutable-js/immutable-js/releases\"\u003eimmutable's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.3.8\u003c/h2\u003e\n\u003cp\u003eFix Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in immutable\u003c/p\u003e\n\u003ch2\u003ev4.3.7\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix issue with slice negative of filtered sequence by \u003ca href=\"https://github.com/jdeniau\"\u003e\u003ccode\u003e@​jdeniau\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/2006\"\u003eimmutable-js/immutable-js#2006\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/immutable-js/immutable-js/compare/v4.3.6...v4.3.7\"\u003ehttps://github.com/immutable-js/immutable-js/compare/v4.3.6...v4.3.7\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.3.6\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix Repeat(\u003c!-- raw HTML omitted --\u003e).equals(undefined) incorrectly returning true by \u003ca href=\"https://github.com/butchler\"\u003e\u003ccode\u003e@​butchler\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/1994\"\u003eimmutable-js/immutable-js#1994\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternals\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003echange youtube image by \u003ca href=\"https://github.com/jdeniau\"\u003e\u003ccode\u003e@​jdeniau\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/1973\"\u003eimmutable-js/immutable-js#1973\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade eslint and ignore no-constructor-return rule for actual constructors by \u003ca href=\"https://github.com/jdeniau\"\u003e\u003ccode\u003e@​jdeniau\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/1974\"\u003eimmutable-js/immutable-js#1974\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupgrate documentation website to next 14 by \u003ca href=\"https://github.com/jdeniau\"\u003e\u003ccode\u003e@​jdeniau\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/1975\"\u003eimmutable-js/immutable-js#1975\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003estart migrating to nextjs app router by \u003ca href=\"https://github.com/jdeniau\"\u003e\u003ccode\u003e@​jdeniau\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/1976\"\u003eimmutable-js/immutable-js#1976\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupgrade next sitemap by \u003ca href=\"https://github.com/jdeniau\"\u003e\u003ccode\u003e@​jdeniau\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/1978\"\u003eimmutable-js/immutable-js#1978\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/butchler\"\u003e\u003ccode\u003e@​butchler\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/1994\"\u003eimmutable-js/immutable-js#1994\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/immutable-js/immutable-js/compare/v4.3.5...v4.3.6\"\u003ehttps://github.com/immutable-js/immutable-js/compare/v4.3.5...v4.3.6\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.3.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix Set.fromKeys types with Map constructor in TS 5.0 by \u003ca href=\"https://github.com/jdeniau\"\u003e\u003ccode\u003e@​jdeniau\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/1971\"\u003eimmutable-js/immutable-js#1971\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupgrade to TS 5.1 by \u003ca href=\"https://github.com/jdeniau\"\u003e\u003ccode\u003e@​jdeniau\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/1972\"\u003eimmutable-js/immutable-js#1972\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix dist-stats command by \u003ca href=\"https://github.com/jdeniau\"\u003e\u003ccode\u003e@​jdeniau\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/1964\"\u003eimmutable-js/immutable-js#1964\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix Read the Docs link on readme by \u003ca href=\"https://github.com/joshding\"\u003e\u003ccode\u003e@​joshding\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/1970\"\u003eimmutable-js/immutable-js#1970\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/joshding\"\u003e\u003ccode\u003e@​joshding\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/1970\"\u003eimmutable-js/immutable-js#1970\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/immutable-js/immutable-js/compare/v4.3.4...v4.3.5\"\u003ehttps://github.com/immutable-js/immutable-js/compare/v4.3.4...v4.3.5\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e4.3.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRollback toJS type due to circular reference error by \u003ca href=\"https://github.com/jdeniau\"\u003e\u003ccode\u003e@​jdeniau\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/1958\"\u003eimmutable-js/immutable-js#1958\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/immutable-js/immutable-js/compare/v4.3.3...v4.3.4\"\u003ehttps://github.com/immutable-js/immutable-js/compare/v4.3.3...v4.3.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.3.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[typescript] manage to handle toJS circular reference. \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/1932\"\u003e#1932\u003c/a\u003e by \u003ca href=\"https://github.com/jdeniau\"\u003e\u003ccode\u003e@​jdeniau\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/immutable-js/immutable-js/blob/main/CHANGELOG.md\"\u003eimmutable's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003eAll notable changes to this project will be documented in this file.\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"https://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e,\nand this project adheres to \u003ca href=\"https://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\nDates are formatted as YYYY-MM-DD.\u003c/p\u003e\n\u003ch2\u003eUnreleased\u003c/h2\u003e\n\u003ch2\u003e5.1.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in immutable\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.1.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate some files to TS by \u003ca href=\"https://github.com/jdeniau\"\u003e\u003ccode\u003e@​jdeniau\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/2125\"\u003eimmutable-js/immutable-js#2125\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eIterator.ts\u003c/li\u003e\n\u003cli\u003ePairSorting.ts\u003c/li\u003e\n\u003cli\u003etoJS.ts\u003c/li\u003e\n\u003cli\u003eMath.ts\u003c/li\u003e\n\u003cli\u003eHash.ts\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eExtract CollectionHelperMethods and convert to TS by \u003ca href=\"https://github.com/jdeniau\"\u003e\u003ccode\u003e@​jdeniau\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/2131\"\u003eimmutable-js/immutable-js#2131\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse npm \u003ca href=\"https://docs.npmjs.com/trusted-publishers\"\u003etrusted publishing only\u003c/a\u003e to avoid token stealing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix/a11y issues by \u003ca href=\"https://github.com/lyannel\"\u003e\u003ccode\u003e@​lyannel\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/2136\"\u003eimmutable-js/immutable-js#2136\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDoc add Map.get signature update by \u003ca href=\"https://github.com/borracciaBlu\"\u003e\u003ccode\u003e@​borracciaBlu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/2138\"\u003eimmutable-js/immutable-js#2138\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(doc):minor-issues#2132 by \u003ca href=\"https://github.com/JayMeDotDot\"\u003e\u003ccode\u003e@​JayMeDotDot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/2133\"\u003eimmutable-js/immutable-js#2133\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix algolia search by \u003ca href=\"https://github.com/jdeniau\"\u003e\u003ccode\u003e@​jdeniau\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/2135\"\u003eimmutable-js/immutable-js#2135\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTypo in OrderedMap by \u003ca href=\"https://github.com/jdeniau\"\u003e\u003ccode\u003e@​jdeniau\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/2144\"\u003eimmutable-js/immutable-js#2144\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003echore: Sort all imports and activate eslint import rule by \u003ca href=\"https://github.com/jdeniau\"\u003e\u003ccode\u003e@​jdeniau\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/2119\"\u003eimmutable-js/immutable-js#2119\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.1.3\u003c/h2\u003e\n\u003ch3\u003eTypeScript\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix: allow readonly map entry constructor by \u003ca href=\"https://github.com/septs\"\u003e\u003ccode\u003e@​septs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/2123\"\u003eimmutable-js/immutable-js#2123\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cp\u003eThere has been a huge amount of changes in the documentation, mainly migrate from an autogenerated documentation from .d.ts file, to a proper documentation in markdown.\nThe playground has been included on nearly all method examples.\nWe added a page about browser extensions too: \u003ca href=\"https://immutable-js.com/browser-extension/\"\u003ehttps://immutable-js.com/browser-extension/\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eInternal\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/immutable-js/immutable-js/commit/485cbe0edf3ca7bb4b9c4a80ac55ba937a291da0\"\u003e\u003ccode\u003e485cbe0\u003c/code\u003e\u003c/a\u003e 4.3.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/immutable-js/immutable-js/commit/6ed4eb626906df788b08019061b292b90bc718cb\"\u003e\u003ccode\u003e6ed4eb6\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/immutable-js/immutable-js/commit/94bcd3c79972db4afffd8d1e5aab415880098b05\"\u003e\u003ccode\u003e94bcd3c\u003c/code\u003e\u003c/a\u003e fix new proto key injection\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/immutable-js/immutable-js/commit/faeb58b0cc71ed351dc51f672a95ae21bc859ef5\"\u003e\u003ccode\u003efaeb58b\u003c/code\u003e\u003c/a\u003e fix Prototype Pollution in mergeDeep, toJS, etc.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/immutable-js/immutable-js/commit/37ca4170060827e5f4eaa1969d1b61e5dc5eb11d\"\u003e\u003ccode\u003e37ca417\u003c/code\u003e\u003c/a\u003e release 4.3.7 (\u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/issues/2007\"\u003e#2007\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/immutable-js/immutable-js/commit/23daf26b51ecc2805dcd9ac8534ce523397f9b62\"\u003e\u003ccode\u003e23daf26\u003c/code\u003e\u003c/a\u003e Fix issue with slice negative of filtered sequence (\u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/issues/2006\"\u003e#2006\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/immutable-js/immutable-js/commit/493afba6ec17d9c999dc5a15ac80c71c6bdba1c3\"\u003e\u003ccode\u003e493afba\u003c/code\u003e\u003c/a\u003e release 4.3.6 (\u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/issues/1997\"\u003e#1997\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/immutable-js/immutable-js/commit/be3cb9a7ae9a29f82c9d0c595f5f3cb957d7006c\"\u003e\u003ccode\u003ebe3cb9a\u003c/code\u003e\u003c/a\u003e Fix Repeat(\u0026lt;value\u0026gt;).equals(undefined) incorrectly returning true (\u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/issues/1994\"\u003e#1994\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/immutable-js/immutable-js/commit/d7664bf9d3539da8ea095f2ed08bbe1cd0d46071\"\u003e\u003ccode\u003ed7664bf\u003c/code\u003e\u003c/a\u003e generate sitemap in path that will be deployed\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/immutable-js/immutable-js/commit/f8327b1db0bb131df8a830cf14642f6ad07ca466\"\u003e\u003ccode\u003ef8327b1\u003c/code\u003e\u003c/a\u003e upgrade next sitemap (\u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/issues/1978\"\u003e#1978\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/immutable-js/immutable-js/compare/v4.0.0-rc.12...v4.3.8\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for immutable since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@tootallnate/once` from 2.0.0 to 2.0.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/TooTallNate/once/releases\"\u003e@​tootallnate/once's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.0.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ea1e5e2d: Fix promise hang when AbortSignal is aborted\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/TooTallNate/once/blob/v2.0.1/CHANGELOG.md\"\u003e@​tootallnate/once's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.0.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ea1e5e2d: Fix promise hang when AbortSignal is aborted\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TooTallNate/once/commit/bcbb21d387e5fb2d0bf8ec2fd8d0ac97d4553241\"\u003e\u003ccode\u003ebcbb21d\u003c/code\u003e\u003c/a\u003e ci: fix OIDC publishing — Node 24, npm latest, provenance\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TooTallNate/once/commit/dc24387be8e3405f1e7c911caf76c87b72a0e145\"\u003e\u003ccode\u003edc24387\u003c/code\u003e\u003c/a\u003e Version Packages (2.x) (\u003ca href=\"https://redirect.github.com/TooTallNate/once/issues/12\"\u003e#12\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TooTallNate/once/commit/b8a6f80afcfd2482b4bdb1e29d784340a05e0ce3\"\u003e\u003ccode\u003eb8a6f80\u003c/code\u003e\u003c/a\u003e CI: test all Node versions on Linux only\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TooTallNate/once/commit/dabcc0fb6202663cd83994f0a21ea1c710395327\"\u003e\u003ccode\u003edabcc0f\u003c/code\u003e\u003c/a\u003e ci: drop EOL Node.js 14.x/16.x, add 22.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TooTallNate/once/commit/b464efcf4238d92590245b4d211d2fc05a94d28a\"\u003e\u003ccode\u003eb464efc\u003c/code\u003e\u003c/a\u003e Update CI: modern Node versions, fix macOS ARM64 compat\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TooTallNate/once/commit/a1e5e2d784bcd1c65e49fac1524c6c94fe81f871\"\u003e\u003ccode\u003ea1e5e2d\u003c/code\u003e\u003c/a\u003e Fix promise hang when AbortSignal is aborted\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/TooTallNate/once/compare/2.0.0...v2.0.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for \u003ccode\u003e@​tootallnate/once\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fast-xml-parser` from 3.19.0 to 3.21.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md\"\u003efast-xml-parser's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e3.21.1 / 2021-10-31\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCorrectly format JSON elements with a text prop but no attribute props ( By \u003ca href=\"https://github.com/haddadnj\"\u003ehaddadnj\u003c/a\u003e )\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e3.21.0 / 2021-10-25\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003efeat: added option \u003ccode\u003erootNodeName\u003c/code\u003e to set tag name for array input when converting js object to XML.\u003c/li\u003e\n\u003cli\u003efeat: added option \u003ccode\u003ealwaysCreateTextNode\u003c/code\u003e to force text node creation (by: \u003cem\u003e\u003ca href=\"https://github.com/massimo-ua\"\u003e\u003ccode\u003e@​massimo-ua\u003c/code\u003e\u003c/a\u003e\u003c/em\u003e)\u003c/li\u003e\n\u003cli\u003e⚠️ feat: Better error location for unclosed tags. (by \u003cem\u003e\u003ca href=\"https://github.com/Gei0r\"\u003e\u003ccode\u003e@​Gei0r\u003c/code\u003e\u003c/a\u003e\u003c/em\u003e)\n\u003cul\u003e\n\u003cli\u003eSome error messages would be changed when validating XML. Eg\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e{ InvalidXml: \u0026quot;Invalid '[    \\\u0026quot;rootNode\\\u0026quot;]' found.\u0026quot; }\u003c/code\u003e → \u003ccode\u003e{InvalidTag: \u0026quot;Unclosed tag 'rootNode'.\u0026quot;}\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e{ InvalidTag: \u0026quot;Closing tag 'rootNode' is expected inplace of 'rootnode'.\u0026quot; }\u003c/code\u003e → \u003ccode\u003e{ InvalidTag: \u0026quot;Expected closing tag 'rootNode' (opened in line 1) instead of closing tag 'rootnode'.\u0026quot;}\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e⚠️ feat: Column in error response when validating XML\u003c/li\u003e\n\u003c/ul\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003e{\n  \u0026quot;code\u0026quot;: \u0026quot;InvalidAttr\u0026quot;,\n  \u0026quot;msg\u0026quot;:  \u0026quot;Attribute 'abc' is repeated.\u0026quot;,\n  \u0026quot;line\u0026quot;: 1,\n  \u0026quot;col\u0026quot;: 22\n}\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003e3.20.1 / 2021-09-25\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eupdate strnum package\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e3.20.0 / 2021-09-10\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUse strnum npm package to parse string to number\n\u003cul\u003e\n\u003cli\u003ebreaking change: long number will be parsed to scientific notation.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/dccf7febf2e73043d1aa8cb7e061134939d58f66\"\u003e\u003ccode\u003edccf7fe\u003c/code\u003e\u003c/a\u003e fix: JSON format for tags with text but no attribute\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/3eb1def561016cec9c1d249b4b4c2e25821900ee\"\u003e\u003ccode\u003e3eb1def\u003c/code\u003e\u003c/a\u003e Correctly format JSON elements with a text prop but no attribute props (\u003ca href=\"https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/387\"\u003e#387\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/a61686982a4d1332ee93a4b810b1cd5b13a4a804\"\u003e\u003ccode\u003ea616869\u003c/code\u003e\u003c/a\u003e fix: make \u003ccode\u003enyc\u003c/code\u003e a devDep (\u003ca href=\"https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/386\"\u003e#386\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/75c20fed6bc8338e388871d6e1aad7274f1f6f61\"\u003e\u003ccode\u003e75c20fe\u003c/code\u003e\u003c/a\u003e Create Docs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/2c4c5e5b7057457736dfaef02e286ea707045696\"\u003e\u003ccode\u003e2c4c5e5\u003c/code\u003e\u003c/a\u003e fix github build for coverage path\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/75947c4c6bd837384b9b25a816387cdb51426227\"\u003e\u003ccode\u003e75947c4\u003c/code\u003e\u003c/a\u003e update checklist\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/c05b37cf86c95deb3b8dd1ed1acedd9cdd424af8\"\u003e\u003ccode\u003ec05b37c\u003c/code\u003e\u003c/a\u003e update browser bundles\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/01727d00021ef865670a3edda1326f388af71543\"\u003e\u003ccode\u003e01727d0\u003c/code\u003e\u003c/a\u003e update dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/71616d6e8fe4b793deda25ed70117c7e8bda9847\"\u003e\u003ccode\u003e71616d6\u003c/code\u003e\u003c/a\u003e update package detail\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/a85b3778db8d095987b7dd17bcabd1cb21b986ab\"\u003e\u003ccode\u003ea85b377\u003c/code\u003e\u003c/a\u003e (feat) option set tag name for input js obj when converts to XML\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/compare/3.19.0...v3.21.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `flatted` from 3.2.7 to 3.4.2\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/3bf09091c3562e17a0647bc06710dd6097079cf7\"\u003e\u003ccode\u003e3bf0909\u003c/code\u003e\u003c/a\u003e 3.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/885ddcc33cf9657caf38c57c7be45ae1c5272802\"\u003e\u003ccode\u003e885ddcc\u003c/code\u003e\u003c/a\u003e fix CWE-1321\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commi...\n\n_Description has been truncated_","html_url":"https://github.com/1042422227/react/pull/9","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/1042422227%2Freact/issues/9","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/9/packages"},{"uuid":"4500126251","node_id":"PR_kwDOE6qmMc7eN5Be","number":15,"state":"closed","title":"Bump the npm_and_yarn group across 9 directories with 19 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-24T23:51:29.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-22T05:34:14.000Z","updated_at":"2026-05-24T23:51:31.000Z","time_to_close":238635,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":19,"packages":[{"name":"browserstack-local","old_version":"1.4.0","new_version":"1.5.9","repository_url":"https://github.com/browserstack/browserstack-local-nodejs"},{"name":"express","old_version":"4.17.0","new_version":"4.22.0","repository_url":"https://github.com/expressjs/express"},{"name":"minimatch","old_version":"3.0.4","new_version":"3.1.4","repository_url":"https://github.com/isaacs/minimatch"},{"name":"pnpm","old_version":"5.14.3","new_version":"10.28.2","repository_url":"https://github.com/pnpm/pnpm"},{"name":"tar","old_version":"4.4.10","new_version":"7.5.11","repository_url":"https://github.com/isaacs/node-tar"},{"name":"devalue","old_version":"2.0.1","new_version":"5.8.1","repository_url":"https://github.com/sveltejs/devalue"},{"name":"@babel/plugin-transform-modules-systemjs","old_version":"7.12.1","new_version":"7.29.4","repository_url":"https://github.com/babel/babel"},{"name":"bn.js","old_version":"4.11.9","new_version":"5.2.3","repository_url":"https://github.com/indutny/bn.js"},{"name":"follow-redirects","old_version":"1.9.0","new_version":"1.16.0","repository_url":"https://github.com/follow-redirects/follow-redirects"},{"name":"handlebars","old_version":"4.5.3","new_version":"4.7.9","repository_url":"https://github.com/handlebars-lang/handlebars.js"},{"name":"js-yaml","old_version":"3.13.1","new_version":"3.14.2","repository_url":"https://github.com/nodeca/js-yaml"},{"name":"jws","old_version":"3.2.2","new_version":"3.2.3","repository_url":"https://github.com/brianloveswords/node-jws"},{"name":"picomatch","old_version":"2.2.2","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"rollup","old_version":"2.35.1","new_version":"2.80.0","repository_url":"https://github.com/rollup/rollup"},{"name":"tar-fs","old_version":"2.0.0","new_version":"2.1.4","repository_url":"https://github.com/mafintosh/tar-fs"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 15 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [browserstack-local](https://github.com/browserstack/browserstack-local-nodejs) | `1.4.0` | `1.5.9` |\n| [express](https://github.com/expressjs/express) | `4.17.0` | `4.22.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.4` |\n| [pnpm](https://github.com/pnpm/pnpm/tree/HEAD/pnpm) | `5.14.3` | `10.28.2` |\n| [tar](https://github.com/isaacs/node-tar) | `4.4.10` | `7.5.11` |\n| [devalue](https://github.com/sveltejs/devalue) | `2.0.1` | `5.8.1` |\n| [@babel/plugin-transform-modules-systemjs](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs) | `7.12.1` | `7.29.4` |\n| [bn.js](https://github.com/indutny/bn.js) | `4.11.9` | `5.2.3` |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.9.0` | `1.16.0` |\n| [handlebars](https://github.com/handlebars-lang/handlebars.js) | `4.5.3` | `4.7.9` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.13.1` | `3.14.2` |\n| [jws](https://github.com/brianloveswords/node-jws) | `3.2.2` | `3.2.3` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.2.2` | `2.3.2` |\n| [rollup](https://github.com/rollup/rollup) | `2.35.1` | `2.80.0` |\n| [tar-fs](https://github.com/mafintosh/tar-fs) | `2.0.0` | `2.1.4` |\n\nBumps the npm_and_yarn group with 1 update in the /examples/api-routes-rate-limit directory: [next](https://github.com/vercel/next.js).\nBumps the npm_and_yarn group with 1 update in the /examples/using-preact directory: [next](https://github.com/vercel/next.js).\nBumps the npm_and_yarn group with 1 update in the /examples/with-firebase-authentication directory: [js-cookie](https://github.com/js-cookie/js-cookie).\nBumps the npm_and_yarn group with 1 update in the /examples/with-mongodb-mongoose directory: [mongoose](https://github.com/Automattic/mongoose).\nBumps the npm_and_yarn group with 1 update in the /examples/with-next-translate directory: [next](https://github.com/vercel/next.js).\nBumps the npm_and_yarn group with 1 update in the /examples/with-paste-typescript directory: [next](https://github.com/vercel/next.js).\nBumps the npm_and_yarn group with 1 update in the /examples/with-storybook-styled-jsx-scss directory: [next](https://github.com/vercel/next.js).\nBumps the npm_and_yarn group with 1 update in the /examples/with-three-js directory: [next](https://github.com/vercel/next.js).\n\nUpdates `browserstack-local` from 1.4.0 to 1.5.9\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/browserstack/browserstack-local-nodejs/releases\"\u003ebrowserstack-local's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eChanged local binary paths to support LocalBinary 7.3. Fixed folder argument.\u003c/h2\u003e\n\u003cp\u003eChanged local binary paths to support LocalBinary 7.3.\nFixed folder argument when building browserstack local arguments.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserstack/browserstack-local-nodejs/commit/f11c8ea6af74397e113bee17a170d2a62c8bce08\"\u003e\u003ccode\u003ef11c8ea\u003c/code\u003e\u003c/a\u003e 1.5.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserstack/browserstack-local-nodejs/commit/8c461a517ef8b274e28ae008d15ccc738ce8db83\"\u003e\u003ccode\u003e8c461a5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/browserstack/browserstack-local-nodejs/issues/169\"\u003e#169\u003c/a\u003e from browserstack/LOC-6480\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserstack/browserstack-local-nodejs/commit/ee24820b591123c5ebde347639da4b2f54841e5a\"\u003e\u003ccode\u003eee24820\u003c/code\u003e\u003c/a\u003e use writeFileSync instead of echo to clear the logfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserstack/browserstack-local-nodejs/commit/440aa806810347033b641a09cc24704f115e7448\"\u003e\u003ccode\u003e440aa80\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/browserstack/browserstack-local-nodejs/issues/163\"\u003e#163\u003c/a\u003e from browserstack/release_1.5.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserstack/browserstack-local-nodejs/commit/125b8f1d3b946d23c686d38e60e365d2200992b6\"\u003e\u003ccode\u003e125b8f1\u003c/code\u003e\u003c/a\u003e 1.5.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserstack/browserstack-local-nodejs/commit/3eeca3f1e505032c7cacc691684432c1348006d0\"\u003e\u003ccode\u003e3eeca3f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/browserstack/browserstack-local-nodejs/issues/162\"\u003e#162\u003c/a\u003e from browserstack/download_source_from_specified_host\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserstack/browserstack-local-nodejs/commit/17a583ae8ccddce15d48150b5bb134614913e0bf\"\u003e\u003ccode\u003e17a583a\u003c/code\u003e\u003c/a\u003e refactor into utility methods\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserstack/browserstack-local-nodejs/commit/4c0de9ded45228b163573a8a1293576bbfc2afc3\"\u003e\u003ccode\u003e4c0de9d\u003c/code\u003e\u003c/a\u003e Request download source from specified host\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserstack/browserstack-local-nodejs/commit/3b190ed2033a0ddaa1580d1289ef6fbc72f09842\"\u003e\u003ccode\u003e3b190ed\u003c/code\u003e\u003c/a\u003e 1.5.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserstack/browserstack-local-nodejs/commit/56d7b62e8a1e5b2a4eb121b3ebad0eb1e9ce976f\"\u003e\u003ccode\u003e56d7b62\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/browserstack/browserstack-local-nodejs/issues/161\"\u003e#161\u003c/a\u003e from browserstack/Change_Binary_Download_Distribution\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/browserstack/browserstack-local-nodejs/compare/v1.4.0...v1.5.9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~browserstack-admin\"\u003ebrowserstack-admin\u003c/a\u003e, a new releaser for browserstack-local since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `express` from 4.17.0 to 4.22.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/expressjs/express/releases\"\u003eexpress's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.22.0\u003c/h2\u003e\n\u003ch2\u003eImportant: Security\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity fix for \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2024-51999\"\u003eCVE-2024-51999\u003c/a\u003e (\u003ca href=\"https://github.com/expressjs/express/security/advisories/GHSA-pj86-cfqh-vqx6\"\u003eGHSA-pj86-cfqh-vqx6\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRefactor: improve readability by \u003ca href=\"https://github.com/sazk07\"\u003e\u003ccode\u003e@​sazk07\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6190\"\u003eexpressjs/express#6190\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add support for Node.js@23.0 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6080\"\u003eexpressjs/express#6080\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMethod functions with no path should error by \u003ca href=\"https://github.com/wesleytodd\"\u003e\u003ccode\u003e@​wesleytodd\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/5957\"\u003eexpressjs/express#5957\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: updated github actions ci workflow by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6323\"\u003eexpressjs/express#6323\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: reorder \u003ccode\u003enpm i\u003c/code\u003e steps to fix ci for older node versions by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6336\"\u003eexpressjs/express#6336\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBackport: ci: add node.js 24 to test matrix by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6506\"\u003eexpressjs/express#6506\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(4.x): wider range for query test skip by \u003ca href=\"https://github.com/jonchurch\"\u003e\u003ccode\u003e@​jonchurch\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6513\"\u003eexpressjs/express#6513\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003euse tilde notation for certain dependencies by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6905\"\u003eexpressjs/express#6905\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeps: qs@6.14.0 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6909\"\u003eexpressjs/express#6909\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeps: use tilde notation for \u003ccode\u003eqs\u003c/code\u003e by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6919\"\u003eexpressjs/express#6919\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelease: 4.22.0 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6921\"\u003eexpressjs/express#6921\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/expressjs/express/compare/4.21.2...4.22.0\"\u003ehttps://github.com/expressjs/express/compare/4.21.2...4.22.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e4.21.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd funding field (v4) by \u003ca href=\"https://github.com/bjohansebas\"\u003e\u003ccode\u003e@​bjohansebas\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6065\"\u003eexpressjs/express#6065\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeps: path-to-regexp@0.1.11 by \u003ca href=\"https://github.com/blakeembrey\"\u003e\u003ccode\u003e@​blakeembrey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/5956\"\u003eexpressjs/express#5956\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeps: bump path-to-regexp@0.1.12 by \u003ca href=\"https://github.com/jonchurch\"\u003e\u003ccode\u003e@​jonchurch\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6209\"\u003eexpressjs/express#6209\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelease: 4.21.2 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6094\"\u003eexpressjs/express#6094\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/expressjs/express/compare/4.21.1...4.21.2\"\u003ehttps://github.com/expressjs/express/compare/4.21.1...4.21.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e4.21.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBackport a fix for CVE-2024-47764 to the 4.x branch by \u003ca href=\"https://github.com/joshbuker\"\u003e\u003ccode\u003e@​joshbuker\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6029\"\u003eexpressjs/express#6029\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelease: 4.21.1 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6031\"\u003eexpressjs/express#6031\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/expressjs/express/compare/4.21.0...4.21.1\"\u003ehttps://github.com/expressjs/express/compare/4.21.0...4.21.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e4.21.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate \u003ccode\u003e\u0026quot;back\u0026quot;\u003c/code\u003e magic string in redirects by \u003ca href=\"https://github.com/blakeembrey\"\u003e\u003ccode\u003e@​blakeembrey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/5935\"\u003eexpressjs/express#5935\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efinalhandler@1.3.1 by \u003ca href=\"https://github.com/wesleytodd\"\u003e\u003ccode\u003e@​wesleytodd\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/5954\"\u003eexpressjs/express#5954\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(deps): serve-static@1.16.2 by \u003ca href=\"https://github.com/wesleytodd\"\u003e\u003ccode\u003e@​wesleytodd\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/5951\"\u003eexpressjs/express#5951\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgraded dependency qs to 6.13.0 to match qs in body-parser by \u003ca href=\"https://github.com/agadzinski93\"\u003e\u003ccode\u003e@​agadzinski93\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/5946\"\u003eexpressjs/express#5946\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agadzinski93\"\u003e\u003ccode\u003e@​agadzinski93\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/5946\"\u003eexpressjs/express#5946\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/expressjs/express/blob/4.22.0/History.md\"\u003eexpress's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e4.22.0 / 2025-12-01\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity fix for \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2024-51999\"\u003eCVE-2024-51999\u003c/a\u003e (\u003ca href=\"https://github.com/expressjs/express/security/advisories/GHSA-pj86-cfqh-vqx6\"\u003eGHSA-pj86-cfqh-vqx6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edeps: use tilde notation for dependencies\u003c/li\u003e\n\u003cli\u003edeps: qs@6.14.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e4.21.2 / 2024-11-06\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003edeps: path-to-regexp@0.1.12\n\u003cul\u003e\n\u003cli\u003eFix backtracking protection\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003edeps: path-to-regexp@0.1.11\n\u003cul\u003e\n\u003cli\u003eThrows an error on invalid path values\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e4.21.1 / 2024-10-08\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eBackported a fix for \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2024-47764\"\u003eCVE-2024-47764\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e4.21.0 / 2024-09-11\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate \u003ccode\u003eres.location(\u0026quot;back\u0026quot;)\u003c/code\u003e and \u003ccode\u003eres.redirect(\u0026quot;back\u0026quot;)\u003c/code\u003e magic string\u003c/li\u003e\n\u003cli\u003edeps: serve-static@1.16.2\n\u003cul\u003e\n\u003cli\u003eincludes send@0.19.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003edeps: finalhandler@1.3.1\u003c/li\u003e\n\u003cli\u003edeps: qs@6.13.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e4.20.0 / 2024-09-10\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003edeps: serve-static@0.16.0\n\u003cul\u003e\n\u003cli\u003eRemove link renderization in html while redirecting\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003edeps: send@0.19.0\n\u003cul\u003e\n\u003cli\u003eRemove link renderization in html while redirecting\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003edeps: body-parser@0.6.0\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003edepth\u003c/code\u003e option to customize the depth level in the parser\u003c/li\u003e\n\u003cli\u003eIMPORTANT: The default \u003ccode\u003edepth\u003c/code\u003e level for parsing URL-encoded data is now \u003ccode\u003e32\u003c/code\u003e (previously was \u003ccode\u003eInfinity\u003c/code\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eRemove link renderization in html while using \u003ccode\u003eres.redirect\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003edeps: path-to-regexp@0.1.10\n\u003cul\u003e\n\u003cli\u003eAdds support for named matching groups in the routes using a regex\u003c/li\u003e\n\u003cli\u003eAdds backtracking protection to parameters without regexes defined\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003edeps: encodeurl@~2.0.0\n\u003cul\u003e\n\u003cli\u003eRemoves encoding of \u003ccode\u003e\\\u003c/code\u003e, \u003ccode\u003e|\u003c/code\u003e, and \u003ccode\u003e^\u003c/code\u003e to align better with URL spec\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eDeprecate passing \u003ccode\u003eoptions.maxAge\u003c/code\u003e and \u003ccode\u003eoptions.expires\u003c/code\u003e to \u003ccode\u003eres.clearCookie\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003eWill be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e4.19.2 / 2024-03-25\u003c/h1\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/49744abd1120484fe64d7bde1cd3197c32523b6e\"\u003e\u003ccode\u003e49744ab\u003c/code\u003e\u003c/a\u003e 4.22.0 (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6921\"\u003e#6921\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/6e97452f600a3b01719fbc5517d833c7646b0bb7\"\u003e\u003ccode\u003e6e97452\u003c/code\u003e\u003c/a\u003e sec: security patch for CVE-2024-51999\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/6a23d34d652b9e69a4486d2a2a0dea54b9685fa5\"\u003e\u003ccode\u003e6a23d34\u003c/code\u003e\u003c/a\u003e deps: use tilde notation for \u003ccode\u003eqs\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6919\"\u003e#6919\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/8c12cdf93b89a4628b59179e3cc0722fc517d6b3\"\u003e\u003ccode\u003e8c12cdf\u003c/code\u003e\u003c/a\u003e deps: qs@6.14.0 (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6909\"\u003e#6909\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/7fea74fcf02764580f38f2a7f1932dfa54cddd90\"\u003e\u003ccode\u003e7fea74f\u003c/code\u003e\u003c/a\u003e deps: use tilde notation for certain dependencies (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6905\"\u003e#6905\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/dac7a0475a99e9dfc57b3b8e6d5bdf52813f1944\"\u003e\u003ccode\u003edac7a04\u003c/code\u003e\u003c/a\u003e chore: wider range for query test skip (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6513\"\u003e#6513\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/997919b48879bbd53171c3b4e5dd1b04ad139241\"\u003e\u003ccode\u003e997919b\u003c/code\u003e\u003c/a\u003e ci: add node.js 24 to test matrix (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6506\"\u003e#6506\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/36fb59c6c7d9dfca0b08dfeafb5b6e4a249234a1\"\u003e\u003ccode\u003e36fb59c\u003c/code\u003e\u003c/a\u003e fix(ci): reorder \u003ccode\u003enpm i\u003c/code\u003e steps to fix ci for older node versions (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6336\"\u003e#6336\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/3a5edfaff06f1a2c7079b08d0635108b371eddfd\"\u003e\u003ccode\u003e3a5edfa\u003c/code\u003e\u003c/a\u003e fix(ci): updated github actions ci workflow (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6323\"\u003e#6323\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/52d978119a7af27667cce5d99ac0739dc269d818\"\u003e\u003ccode\u003e52d9781\u003c/code\u003e\u003c/a\u003e fix(test): add test for method routes without paths \u003ca href=\"https://redirect.github.com/expressjs/express/issues/5955\"\u003e#5955\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/expressjs/express/compare/4.17.0...4.22.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~ulisesgascon\"\u003eulisesgascon\u003c/a\u003e, a new releaser for express since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 3.0.4 to 3.1.4\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a2e084af579731af66c221214e3ca8222c9bf23\"\u003e\u003ccode\u003e1a2e084\u003c/code\u003e\u003c/a\u003e 3.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/ae24656237c3d58067442f790ce17eff84463a47\"\u003e\u003ccode\u003eae24656\u003c/code\u003e\u003c/a\u003e update lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/b1003749228b2a79e1f237963a0d559ef7a0941e\"\u003e\u003ccode\u003eb100374\u003c/code\u003e\u003c/a\u003e limit recursion for **, improve perf considerably\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/26ffeaa091b9f660833e23f42e07165b33e85c13\"\u003e\u003ccode\u003e26ffeaa\u003c/code\u003e\u003c/a\u003e lockfile update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/9eca892a4e5dbb20534f9f30483b85cdeee6c2eb\"\u003e\u003ccode\u003e9eca892\u003c/code\u003e\u003c/a\u003e lock node version to 14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/00c323b188b704e5d4bc534ecec2268cfa70a32a\"\u003e\u003ccode\u003e00c323b\u003c/code\u003e\u003c/a\u003e 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/30486b2048929264f44d18822891cfffa02af78b\"\u003e\u003ccode\u003e30486b2\u003c/code\u003e\u003c/a\u003e update CI matrix and actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/9c31b2d4e0af72a6c2d2d62c5dbc2247da669802\"\u003e\u003ccode\u003e9c31b2d\u003c/code\u003e\u003c/a\u003e update test expectations for coalesced consecutive stars\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/46fe687857cf02f6cf45469cc593b97e11b10c96\"\u003e\u003ccode\u003e46fe687\u003c/code\u003e\u003c/a\u003e coalesce consecutive non-globstar * characters\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/5a9ccbda64befc5d94b965534dbea2853c92aebd\"\u003e\u003ccode\u003e5a9ccbd\u003c/code\u003e\u003c/a\u003e [meta] update publishConfig.tag to legacy-v3\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v3.0.4...v3.1.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pnpm` from 5.14.3 to 10.28.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pnpm/pnpm/releases\"\u003epnpm's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003epnpm 10.28.2\u003c/h2\u003e\n\u003ch2\u003ePatch Changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eSecurity fix: prevent path traversal in \u003ccode\u003edirectories.bin\u003c/code\u003e field.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eWhen pnpm installs a \u003ccode\u003efile:\u003c/code\u003e or \u003ccode\u003egit:\u003c/code\u003e dependency, it now validates that symlinks point within the package directory. Symlinks to paths outside the package root are skipped to prevent local data from being leaked into \u003ccode\u003enode_modules\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003eThis fixes a security issue where a malicious package could create symlinks to sensitive files (e.g., \u003ccode\u003e/etc/passwd\u003c/code\u003e, \u003ccode\u003e~/.ssh/id_rsa\u003c/code\u003e) and have their contents copied when the package is installed.\u003c/p\u003e\n\u003cp\u003eNote: This only affects \u003ccode\u003efile:\u003c/code\u003e and \u003ccode\u003egit:\u003c/code\u003e dependencies. Registry packages (npm) have symlinks stripped during publish and are not affected.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed optional dependencies to request full metadata from the registry to get the \u003ccode\u003elibc\u003c/code\u003e field, which is required for proper platform compatibility checks \u003ca href=\"https://redirect.github.com/pnpm/pnpm/issues/9950\"\u003e#9950\u003c/a\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ePlatinum Sponsors\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eGold Sponsors\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pnpm/pnpm/blob/v10.28.2/pnpm/CHANGELOG.md\"\u003epnpm's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e10.28.2\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eSecurity fix: prevent path traversal in \u003ccode\u003edirectories.bin\u003c/code\u003e field.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eWhen pnpm installs a \u003ccode\u003efile:\u003c/code\u003e or \u003ccode\u003egit:\u003c/code\u003e dependency, it now validates that symlinks point within the package directory. Symlinks to paths outside the package root are skipped to prevent local data from being leaked into \u003ccode\u003enode_modules\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003eThis fixes a security issue where a malicious package could create symlinks to sensitive files (e.g., \u003ccode\u003e/etc/passwd\u003c/code\u003e, \u003ccode\u003e~/.ssh/id_rsa\u003c/code\u003e) and have their contents copied when the package is installed.\u003c/p\u003e\n\u003cp\u003eNote: This only affects \u003ccode\u003efile:\u003c/code\u003e and \u003ccode\u003egit:\u003c/code\u003e dependencies. Registry packages (npm) have symlinks stripped during publish and are not affected.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed optional dependencies to request full metadata from the registry to get the \u003ccode\u003elibc\u003c/code\u003e field, which is required for proper platform compatibility checks \u003ca href=\"https://redirect.github.com/pnpm/pnpm/issues/9950\"\u003e#9950\u003c/a\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e10.28.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFixed installation of config dependencies from private registries.\u003c/p\u003e\n\u003cp\u003eAdded support for object type in \u003ccode\u003econfigDependencies\u003c/code\u003e when the tarball URL returned from package metadata differs from the computed URL \u003ca href=\"https://redirect.github.com/pnpm/pnpm/pull/10431\"\u003e#10431\u003c/a\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix path traversal vulnerability in binary fetcher ZIP extraction\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eValidate ZIP entry paths before extraction to prevent writing files outside target directory\u003c/li\u003e\n\u003cli\u003eValidate BinaryResolution.prefix (basename) to prevent directory escape via crafted prefix\u003c/li\u003e\n\u003cli\u003eBoth attack vectors now throw \u003ccode\u003eERR_PNPM_PATH_TRAVERSAL\u003c/code\u003e error\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSupport plain \u003ccode\u003ehttp://\u003c/code\u003e and \u003ccode\u003ehttps://\u003c/code\u003e URLs ending with \u003ccode\u003e.git\u003c/code\u003e as git repository dependencies.\u003c/p\u003e\n\u003cp\u003ePreviously, URLs like \u003ccode\u003ehttps://gitea.example.org/user/repo.git#commit\u003c/code\u003e were not recognized as git repositories because they lacked the \u003ccode\u003egit+\u003c/code\u003e prefix (e.g., \u003ccode\u003egit+https://\u003c/code\u003e). This caused issues when installing dependencies from self-hosted git servers like Gitea or Forgejo that don't provide tarball downloads.\u003c/p\u003e\n\u003cp\u003eChanges:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe git resolver now runs before the tarball resolver, ensuring git URLs are handled by the correct resolver\u003c/li\u003e\n\u003cli\u003eThe git resolver now recognizes plain \u003ccode\u003ehttp://\u003c/code\u003e and \u003ccode\u003ehttps://\u003c/code\u003e URLs ending in \u003ccode\u003e.git\u003c/code\u003e as git repositories\u003c/li\u003e\n\u003cli\u003eRemoved the \u003ccode\u003eisRepository\u003c/code\u003e check from the tarball resolver since it's no longer needed with the new resolver order\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFixes \u003ca href=\"https://github.com/pnpm/pnpm/tree/HEAD/pnpm/issues/10468\"\u003e#10468\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003epnpm run -r\u003c/code\u003e and \u003ccode\u003epnpm run --filter\u003c/code\u003e now fail with a non-zero exit code when no packages have the specified script. Previously, this only failed when all packages were selected. Use \u003ccode\u003e--if-present\u003c/code\u003e to suppress this error \u003ca href=\"https://redirect.github.com/pnpm/pnpm/issues/6844\"\u003e#6844\u003c/a\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a path traversal vulnerability in tarball extraction on Windows. The path normalization was only checking for \u003ccode\u003e./\u003c/code\u003e but not \u003ccode\u003e.\\\u003c/code\u003e. Since backslashes are directory separators on Windows, malicious packages could use paths like \u003ccode\u003efoo\\..\\..\\.npmrc\u003c/code\u003e to write files outside the package directory.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eWhen running \u0026quot;pnpm exec\u0026quot; from a subdirectory of a project, don't change the current working directory to the root of the project \u003ca href=\"https://redirect.github.com/pnpm/pnpm/issues/5759\"\u003e#5759\u003c/a\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a path traversal vulnerability in pnpm's bin linking. Bin names starting with \u003ccode\u003e@\u003c/code\u003e bypassed validation, and after scope normalization, path traversal sequences like \u003ccode\u003e../../\u003c/code\u003e remained intact.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRevert Try to avoid making network calls with preferOffline \u003ca href=\"https://redirect.github.com/pnpm/pnpm/pull/10334\"\u003e#10334\u003c/a\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003e--save-peer\u003c/code\u003e to write valid semver ranges to \u003ccode\u003epeerDependencies\u003c/code\u003e for protocol-based installs (e.g. \u003ccode\u003ejsr:\u003c/code\u003e) by deriving from resolved versions when available and falling back to \u003ccode\u003e*\u003c/code\u003e if none is available \u003ca href=\"https://redirect.github.com/pnpm/pnpm/issues/10417\"\u003e#10417\u003c/a\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDo not exclude the root workspace project, when it is explicitly selected via a filter \u003ca href=\"https://redirect.github.com/pnpm/pnpm/pull/10465\"\u003e#10465\u003c/a\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e10.28.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pnpm/pnpm/commit/89a2c4ec38735945ccc7a208221e696fae655e3f\"\u003e\u003ccode\u003e89a2c4e\u003c/code\u003e\u003c/a\u003e chore(release): 10.28.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pnpm/pnpm/commit/a484cea3f2564a80ce8c3171d433f3d8c3e714ef\"\u003e\u003ccode\u003ea484cea\u003c/code\u003e\u003c/a\u003e fix(npm-resolver): request full metadata for optional dependencies (\u003ca href=\"https://github.com/pnpm/pnpm/tree/HEAD/pnpm/issues/10455\"\u003e#10455\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pnpm/pnpm/commit/c90837083c28949364627d02a47238f17eea25db\"\u003e\u003ccode\u003ec908370\u003c/code\u003e\u003c/a\u003e test: fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pnpm/pnpm/commit/0b5a56aaec74a51d796adc1828c399ad6319c5be\"\u003e\u003ccode\u003e0b5a56a\u003c/code\u003e\u003c/a\u003e chore(release): 10.28.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pnpm/pnpm/commit/916b26b63ce92e3357698aef311c2deaa8a077c8\"\u003e\u003ccode\u003e916b26b\u003c/code\u003e\u003c/a\u003e fix: prevent implicit root exclusion when user filters are provided (\u003ca href=\"https://github.com/pnpm/pnpm/tree/HEAD/pnpm/issues/10465\"\u003e#10465\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pnpm/pnpm/commit/9cbba288fc49a428615db5a5d3ad8a5ef973cc71\"\u003e\u003ccode\u003e9cbba28\u003c/code\u003e\u003c/a\u003e fix(exec): preserve user execution cwd (\u003ca href=\"https://github.com/pnpm/pnpm/tree/HEAD/pnpm/issues/10445\"\u003e#10445\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pnpm/pnpm/commit/91a241e692de524a974460f69c35a309769d3045\"\u003e\u003ccode\u003e91a241e\u003c/code\u003e\u003c/a\u003e chore(release): 10.28.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pnpm/pnpm/commit/a9784fb3df170e16d9627a262cce0255cf3e41ed\"\u003e\u003ccode\u003ea9784fb\u003c/code\u003e\u003c/a\u003e revert: \u0026quot;chore: upgrade qs to 6.14.1 (\u003ca href=\"https://github.com/pnpm/pnpm/tree/HEAD/pnpm/issues/10389\"\u003e#10389\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pnpm/pnpm/commit/787ed46577c0e477f47587d2d968e8350be55f8b\"\u003e\u003ccode\u003e787ed46\u003c/code\u003e\u003c/a\u003e chore: upgrade qs to 6.14.1 (\u003ca href=\"https://github.com/pnpm/pnpm/tree/HEAD/pnpm/issues/10389\"\u003e#10389\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pnpm/pnpm/commit/6bdba72ad31e4d6b79821405e09c6bdcc93894ee\"\u003e\u003ccode\u003e6bdba72\u003c/code\u003e\u003c/a\u003e chore(release): 10.27.0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pnpm/pnpm/commits/v10.28.2/pnpm\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for pnpm since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `tar` from 4.4.10 to 7.5.11\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/isaacs/node-tar/releases\"\u003etar's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.1.13\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/npm/node-tar/compare/v6.1.12...v6.1.13\"\u003e6.1.13\u003c/a\u003e (2022-12-07)\u003c/h2\u003e\n\u003ch3\u003eDependencies\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-tar/commit/cc4e0ddfe523a0bce383846a67442c637a65d486\"\u003e\u003ccode\u003ecc4e0dd\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-tar/pull/343\"\u003e#343\u003c/a\u003e bump minipass from 3.3.6 to 4.0.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.1.12\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/npm/node-tar/compare/v6.1.11...v6.1.12\"\u003e6.1.12\u003c/a\u003e (2022-10-31)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-tar/commit/57493ee66ece50d62114e02914282fc37be3a91a\"\u003e\u003ccode\u003e57493ee\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-tar/pull/332\"\u003e#332\u003c/a\u003e ensuring close event is emited after stream has ended (\u003ca href=\"https://github.com/webark\"\u003e\u003ccode\u003e@​webark\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-tar/commit/b003c64f624332e24e19b30dc011069bb6708680\"\u003e\u003ccode\u003eb003c64\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-tar/pull/314\"\u003e#314\u003c/a\u003e replace deprecated String.prototype.substr() (\u003ca href=\"https://redirect.github.com/isaacs/node-tar/issues/314\"\u003e#314\u003c/a\u003e) (\u003ca href=\"https://github.com/CommanderRoot\"\u003e\u003ccode\u003e@​CommanderRoot\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/lukekarrys\"\u003e\u003ccode\u003e@​lukekarrys\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-tar/commit/f12992932f171ea248b27fad95e7d489a56d31ed\"\u003e\u003ccode\u003ef129929\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-tar/pull/313\"\u003e#313\u003c/a\u003e remove dead link to benchmarks (\u003ca href=\"https://redirect.github.com/isaacs/node-tar/issues/313\"\u003e#313\u003c/a\u003e) (\u003ca href=\"https://github.com/yetzt\"\u003e\u003ccode\u003e@​yetzt\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-tar/commit/c1faa9f44001dfb0bc7638b2850eb6058bd56a4a\"\u003e\u003ccode\u003ec1faa9f\u003c/code\u003e\u003c/a\u003e add examples/explanation of using tar.t (\u003ca href=\"https://github.com/isaacs\"\u003e\u003ccode\u003e@​isaacs\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md\"\u003etar's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003e7.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003ezstd\u003c/code\u003e compression support.\u003c/li\u003e\n\u003cli\u003eConsistent TOCTOU behavior in sync t.list\u003c/li\u003e\n\u003cli\u003eOnly read from ustar block if not specified in Pax\u003c/li\u003e\n\u003cli\u003eFix sync tar.list when file size reduces while reading\u003c/li\u003e\n\u003cli\u003eSanitize absolute linkpaths properly\u003c/li\u003e\n\u003cli\u003ePrevent writing hardlink entries to the archive ahead of their\nfile target\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate \u003ccode\u003eonentry\u003c/code\u003e in favor of \u003ccode\u003eonReadEntry\u003c/code\u003e for clarity.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eonWriteEntry\u003c/code\u003e option\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDRY the command definitions into a single \u003ccode\u003emakeCommand\u003c/code\u003e method,\nand update the type signatures to more appropriately infer the\nreturn type from the options and arguments provided.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate minipass to v7.1.0\u003c/li\u003e\n\u003cli\u003eUpdate the type definitions of \u003ccode\u003ewrite()\u003c/code\u003e and \u003ccode\u003eend()\u003c/code\u003e methods on\n\u003ccode\u003eUnpack\u003c/code\u003e and \u003ccode\u003eParser\u003c/code\u003e classes to be compatible with the\nNodeJS.WritableStream type in the latest versions of\n\u003ccode\u003e@types/node\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for node \u0026lt;18\u003c/li\u003e\n\u003cli\u003eRewrite in TypeScript, provide ESM and CommonJS hybrid\ninterface\u003c/li\u003e\n\u003cli\u003eAdd tree-shake friendly exports, like \u003ccode\u003eimport('tar/create')\u003c/code\u003e\nand \u003ccode\u003eimport('tar/read-entry')\u003c/code\u003e to get individual functions or\nclasses.\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003echmod\u003c/code\u003e option that defaults to false, and deprecate\n\u003ccode\u003enoChmod\u003c/code\u003e. That is, reverse the default option regarding\nexplicitly setting file system modes to match tar entry\nsettings.\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eprocessUmask\u003c/code\u003e option to avoid having to call\n\u003ccode\u003eprocess.umask()\u003c/code\u003e when \u003ccode\u003echmod: true\u003c/code\u003e (or \u003ccode\u003enoChmod: false\u003c/code\u003e) is\nset.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/bf776f673164215074b62749e0fe80e5834588f4\"\u003e\u003ccode\u003ebf776f6\u003c/code\u003e\u003c/a\u003e 7.5.11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/f48b5fa3b7985ddab96dc0f2125a4ffc9911b6ad\"\u003e\u003ccode\u003ef48b5fa\u003c/code\u003e\u003c/a\u003e prevent escaping symlinks with drive-relative paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/97cff15d3539a37a4095eb3d287147d9d77c2dc3\"\u003e\u003ccode\u003e97cff15\u003c/code\u003e\u003c/a\u003e docs: more security info\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/2b72abc1d47c3570e1ad95c9ab557fc4c2e6e4b1\"\u003e\u003ccode\u003e2b72abc\u003c/code\u003e\u003c/a\u003e 7.5.10\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/7bc755dd85e623c0279e08eb3784909e6d7e4b9f\"\u003e\u003ccode\u003e7bc755d\u003c/code\u003e\u003c/a\u003e parse root off paths before sanitizing .. parts\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/c8cb84629dee649feedde03f2f4ea48f2e44e778\"\u003e\u003ccode\u003ec8cb846\u003c/code\u003e\u003c/a\u003e update deps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/1f0c2c9006b10199cf2686f8ef43e79a1773e1aa\"\u003e\u003ccode\u003e1f0c2c9\u003c/code\u003e\u003c/a\u003e 7.5.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/fbb08518bf290733b68ca4d4135f75becf73fd75\"\u003e\u003ccode\u003efbb0851\u003c/code\u003e\u003c/a\u003e build minified version as default export\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/6b8eba0ef367ac937e703238daa6df94ae6f823f\"\u003e\u003ccode\u003e6b8eba0\u003c/code\u003e\u003c/a\u003e 7.5.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/2cb1120bcefe28d7ecc719b41441ade59c52e384\"\u003e\u003ccode\u003e2cb1120\u003c/code\u003e\u003c/a\u003e fix(unpack): improve UnpackSync symlink error \u0026quot;into\u0026quot; path accuracy\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/node-tar/compare/v4.4.10...v7.5.11\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~isaacs\"\u003eisaacs\u003c/a\u003e, a new releaser for tar since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `devalue` from 2.0.1 to 5.8.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sveltejs/devalue/releases\"\u003edevalue's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.8.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e206ca67: fix: force sparse arrays to allocate sparsely\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.8.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ec5115b0: feat: add \u003ccode\u003estringifyAsync\u003c/code\u003e for async serialization\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.7.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e8becc7c: fix: handle regexes consistently in uneval's value and reference formats\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.7.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edf2e284: feat: use native alternatives to encode/decode base64\u003c/li\u003e\n\u003cli\u003e498656e: feat: add \u003ccode\u003eDataView\u003c/code\u003e support\u003c/li\u003e\n\u003cli\u003ea210130: feat: whitelist \u003ccode\u003eFloat16Array\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003edf2e284: feat: simplify TypedArray slices\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e5590634: fix: get \u003ccode\u003euneval\u003c/code\u003e type handling up to parity with \u003ccode\u003estringify\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e57f73fc: fix: correctly support boxed bigints and sentinel values\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.6.4\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e87c1f3c: fix: reject \u003ccode\u003e__proto__\u003c/code\u003e keys in malformed \u003ccode\u003eObject\u003c/code\u003e wrapper payloads\u003c/p\u003e\n\u003cp\u003eThis validates the \u003ccode\u003e\u0026quot;Object\u0026quot;\u003c/code\u003e parse path and throws when the wrapped value has an own \u003ccode\u003e__proto__\u003c/code\u003e key.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e40f1db1: fix: ensure sparse array indices are integers\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e87c1f3c: fix: disallow \u003ccode\u003e__proto__\u003c/code\u003e keys in null-prototype object parsing\u003c/p\u003e\n\u003cp\u003eThis disallows \u003ccode\u003e__proto__\u003c/code\u003e keys in the \u003ccode\u003e\u0026quot;null\u0026quot;\u003c/code\u003e parse path so null-prototype object hydration cannot carry that key through parse/unflatten.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.6.3\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e0f04d4d: fix: Properly handle \u003ccode\u003e__proto__\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e819f1ac: fix: better encoding for sparse arrays\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.6.2\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sveltejs/devalue/blob/main/CHANGELOG.md\"\u003edevalue's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.8.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e206ca67: fix: force sparse arrays to allocate sparsely\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.8.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ec5115b0: feat: add \u003ccode\u003estringifyAsync\u003c/code\u003e for async serialization\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.7.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e8becc7c: fix: handle regexes consistently in uneval's value and reference formats\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.7.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edf2e284: feat: use native alternatives to encode/decode base64\u003c/li\u003e\n\u003cli\u003e498656e: feat: add \u003ccode\u003eDataView\u003c/code\u003e support\u003c/li\u003e\n\u003cli\u003ea210130: feat: whitelist \u003ccode\u003eFloat16Array\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003edf2e284: feat: simplify TypedArray slices\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e5590634: fix: get \u003ccode\u003euneval\u003c/code\u003e type handling up to parity with \u003ccode\u003estringify\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e57f73fc: fix: correctly support boxed bigints and sentinel values\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.6.4\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e87c1f3c: fix: reject \u003ccode\u003e__proto__\u003c/code\u003e keys in malformed \u003ccode\u003eObject\u003c/code\u003e wrapper payloads\u003c/p\u003e\n\u003cp\u003eThis validates the \u003ccode\u003e\u0026quot;Object\u0026quot;\u003c/code\u003e parse path and throws when the wrapped value has an own \u003ccode\u003e__proto__\u003c/code\u003e key.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e40f1db1: fix: ensure sparse array indices are integers\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e87c1f3c: fix: disallow \u003ccode\u003e__proto__\u003c/code\u003e keys in null-prototype object parsing\u003c/p\u003e\n\u003cp\u003eThis disallows \u003ccode\u003e__proto__\u003c/code\u003e keys in the \u003ccode\u003e\u0026quot;null\u0026quot;\u003c/code\u003e parse path so null-prototype object hydration cannot carry that key through parse/unflatten.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.6.3\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e0f04d4d: fix: Properly handle \u003ccode\u003e__proto__\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e819f1ac: fix: better encoding for sparse arrays\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.6.2\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/devalue/commit/796ea83a76eb7e0f2af376f9c2c875f1d057f50f\"\u003e\u003ccode\u003e796ea83\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://redirect.github.com/sveltejs/devalue/issues/152\"\u003e#152\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/devalue/commit/206ca6712fbc380a4571c59de9ab04b91110792d\"\u003e\u003ccode\u003e206ca67\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/devalue/commit/14933f78ff6b712829162628682b0a1993e75d19\"\u003e\u003ccode\u003e14933f7\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://redirect.github.com/sveltejs/devalue/issues/151\"\u003e#151\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/devalue/commit/c5115b0074ec298fb4077f6cee5616cefbd13902\"\u003e\u003ccode\u003ec5115b0\u003c/code\u003e\u003c/a\u003e feat: \u003ccode\u003estringifyAsync\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/sveltejs/devalue/issues/150\"\u003e#150\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/devalue/commit/67dad450b5db18ea9aa3059d334d8b0ee6704d9e\"\u003e\u003ccode\u003e67dad45\u003c/code\u003e\u003c/a\u003e docs: update README to reflect serialization stability non-goal (\u003ca href=\"https://redirect.github.com/sveltejs/devalue/issues/147\"\u003e#147\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/devalue/commit/6eb920a7db6fe388f24f640d0e4e874a57f148fb\"\u003e\u003ccode\u003e6eb920a\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://redirect.github.com/sveltejs/devalue/issues/146\"\u003e#146\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/devalue/commit/8becc7c436f0d4f85e2e5b32cb49dcfdf4fdec42\"\u003e\u003ccode\u003e8becc7c\u003c/code\u003e\u003c/a\u003e fix: handle regexes consistently in uneval's value and reference formats (\u003ca href=\"https://redirect.github.com/sveltejs/devalue/issues/145\"\u003e#145\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/devalue/commit/2eee2e435ea0ea3d495dc7a266486df95a4eb6ed\"\u003e\u003ccode\u003e2eee2e4\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://redirect.github.com/sveltejs/devalue/issues/144\"\u003e#144\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/devalue/commit/498656e75d36dfc63a386240722bdeac63337b25\"\u003e\u003ccode\u003e498656e\u003c/code\u003e\u003c/a\u003e DataView support (\u003ca href=\"https://redirect.github.com/sveltejs/devalue/issues/143\"\u003e#143\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/devalue/commit/5590634db53ed555d3ce2e2024924b30352a6afc\"\u003e\u003ccode\u003e5590634\u003c/code\u003e\u003c/a\u003e Improve platform types support (\u003ca href=\"https://redirect.github.com/sveltejs/devalue/issues/142\"\u003e#142\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sveltejs/devalue/compare/v2.0.1...v5.8.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for devalue since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@babel/plugin-transform-modules-systemjs` from 7.12.1 to 7.29.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/babel/babel/releases\"\u003e@​babel/plugin-transform-modules-systemjs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.29.4 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-plugin-transform-modules-systemjs\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17974\"\u003e#17974\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 1\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.3 (2026-04-30)\u003c/h2\u003e\n\u003ch4\u003e:eyeglasses: Spec Compliance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17923\"\u003e#17923\u003c/a\u003e Support flow extends bound (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helper-create-class-features-plugin\u003c/code\u003e, \u003ccode\u003ebabel-plugin-proposal-decorators\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17931\"\u003e#17931\u003c/a\u003e fix(decorators): replace super within all removed static elements (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-register\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17915\"\u003e#17915\u003c/a\u003e Fix thread synchronization issues in \u003ccode\u003e@babel/register\u003c/code\u003e (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-compat-data\u003c/code\u003e, \u003ccode\u003ebabel-plugin-bugfix-safari-rest-destructuring-rhs-array\u003c/code\u003e, \u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17788\"\u003e#17788\u003c/a\u003e Add bugfix plugin for Safari array rest destructuring bug (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:nail_care: Polish\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17782\"\u003e#17782\u003c/a\u003e Improve trailing comma comment handling (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:memo: Documentation\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17847\"\u003e#17847\u003c/a\u003e Replace npmjs.com links with npmx.dev (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:running_woman: Performance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helper-import-to-platform-api\u003c/code\u003e, \u003ccode\u003ebabel-plugin-proposal-import-wasm-source\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-json-modules\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17818\"\u003e#17818\u003c/a\u003e Load async Wasm and JSON imports in parallel (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 4\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eBabel Bot (\u003ca href=\"https://github.com/babel-bot\"\u003e\u003ccode\u003e@​babel-bot\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNicolò Ribaudo (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.2 (2026-03-16)\u003c/h2\u003e\n\u003ch4\u003e:eyeglasses: Spec Compliance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17840\"\u003e#17840\u003c/a\u003e [7.x backport] async x =\u0026gt; {} must be in leading pos (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helpers\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-async-generator-functions\u003c/code\u003e, \u003ccode\u003ebabel-preset-env\u003c/code\u003e, \u003ccode\u003ebabel-runtime-corejs3\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17805\"\u003e#17805\u003c/a\u003e [7.x backport] fix: Properly handle await in finally (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-preset-env\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/a458f66074b97d54773db8159af673d23b26079b\"\u003e\u003ccode\u003ea458f66\u003c/code\u003e\u003c/a\u003e v7.29.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/32ebd5aaf2526ddd176fd6a3d1e3dc594abdc8d9\"\u003e\u003ccode\u003e32ebd5a\u003c/code\u003e\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17974\"\u003e#17974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/aa8394e454337d118ac3d40bfa3ee1a3cb3f3ed2\"\u003e\u003ccode\u003eaa8394e\u003c/code\u003e\u003c/a\u003e v7.29.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/0053db620c05acf0036f593b5aaf4e372daa79d0\"\u003e\u003ccode\u003e0053db6\u003c/code\u003e\u003c/a\u003e Update polyfill packages (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17727\"\u003e#17727\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/61647ae2397c82c3c71f077b5ab109106a5cac0f\"\u003e\u003ccode\u003e61647ae\u003c/code\u003e\u003c/a\u003e v7.28.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/a177d551adba99773f4ff00ea9bf46550def6132\"\u003e\u003ccode\u003ea177d55\u003c/code\u003e\u003c/a\u003e [Babel 8] Use \u003ccode\u003et.traverseFast\u003c/code\u003e to replace some \u003ccode\u003epath.traverse\u003c/code\u003e (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17518\"\u003e#17518\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/eebd3a06021c13d335b5b0bd79734df3abbea678\"\u003e\u003ccode\u003eeebd3a0\u003c/code\u003e\u003c/a\u003e v7.27.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/317e332e650bc04907bc787ab79f930288a3e71e\"\u003e\u003ccode\u003e317e332\u003c/code\u003e\u003c/a\u003e Enforce node protocol import (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17207\"\u003e#17207\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/fdc0fb59e119ee0b38bced63867a344a5b4bc2f3\"\u003e\u003ccode\u003efdc0fb5\u003c/code\u003e\u003c/a\u003e [Babel 8] Bump nodejs requirements to \u003ccode\u003e^20.19.0 || \u0026gt;= 22.12.0\u003c/code\u003e (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17204\"\u003e#17204\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/cd24cc07ef6558b7f6510f9177f6393c91b0549f\"\u003e\u003ccode\u003ecd24cc0\u003c/code\u003e\u003c/a\u003e chore: Update TS 5.7 (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17053\"\u003e#17053\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/babel/babel/commits/v7.29.4/packages/babel-plugin-transform-modules-systemjs\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for \u003ccode\u003e@​babel/plugin-transform-modules-systemjs\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `bn.js` from 4.11.9 to 5.2.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/indutny/bn.js/releases\"\u003ebn.js's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: serious issue in \u003ccode\u003e.toString(16)\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/295\"\u003e#295\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: Buffer not using global in browser (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/260\"\u003e#260\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix: LE constructor for HEX (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/265\"\u003e#265\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.1.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for defined but not implemented Symbol.for (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/252\"\u003e#252\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.1.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix BN v5/v4 interoperability issue (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/249\"\u003e#249\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.1.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eTemporary workaround for BN#_move (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/236\"\u003e#236\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd eslintrc instead config in package.json (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/237\"\u003e#237\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.1.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBenchmark for BigInt (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/226\"\u003e#226\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd documentation for max/min (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/232\"\u003e#232\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate BN#inspect for Symbols (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/225\"\u003e#225\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove performance of toArrayLike (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/222\"\u003e#222\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etemporary disable jumboMulTo in BN#mulTo (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/221\"\u003e#221\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eoptimize toBitArray function (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/212\"\u003e#212\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix iaddn sign issue (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/216\"\u003e#216\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003etravis: update node versions (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/205\"\u003e#205\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRefactor buffer constructor (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/200\"\u003e#200\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003elib: fix for negative numbers: imuln, modrn, idivn (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/185\"\u003e#185\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebn: fix Red#imod (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/178\"\u003e#178\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echeck unexpected high bits for invalid characters (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/173\"\u003e#173\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edocument support very large integers (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/158\"\u003e#158\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eonly define toBuffer if Buffer is defined (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/172\"\u003e#172\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003elib: better validation of string input (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/151\"\u003e#151\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etests: reject decimal input in constructor (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/91\"\u003e#91\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebn: make .strip() an internal method (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/105\"\u003e#105\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003elib: deprecate \u003ccode\u003e.modn()\u003c/code\u003e introduce \u003ccode\u003e.modrn()\u003c/code\u003e  (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/112\"\u003e#112\u003c/a\u003e \u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/129\"\u003e#129\u003c/a\u003e \u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/130\"\u003e#130\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebn: don't accept invalid characters (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/141\"\u003e#141\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003epackage: use \u003ccode\u003efiles\u003c/code\u003e insteadof \u003ccode\u003e.npmignore\u003c/code\u003e  (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/152\"\u003e#152\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebn: improve allocation speed for buffers (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/167\"\u003e#167\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etoJSON to default to interoperable hex (length % 2) (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/164\"\u003e#164\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/indutny/bn.js/blob/master/CHANGELOG.md\"\u003ebn.js's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.2.3 / 2026-02-19\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: imaskn state (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/317\"\u003e#317\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.2 / 2025-04-25\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: imuln/muln with zero (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/313\"\u003e#313\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.1 / 2022-02-23\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: serious issue in \u003ccode\u003e.toString(16)\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/295\"\u003e#295\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.0 / 2021-02-23\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: Buffer not using global in browser (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/260\"\u003e#260\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix LE constructor for HEX (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/265\"\u003e#265\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.1.3 / 2020-08-14\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for defined but not implemented Symbol.for (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/252\"\u003e#252\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.1.2 / 2020-05-20\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix BN v5/v4 interoperability issue (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/249\"\u003e#249\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.1.1 / 2019-12-24\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eTemporary workaround for BN#_move (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/236\"\u003e#236\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd eslintrc instead config in package.json (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/237\"\u003e#237\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.1.0 / 2019-12-23\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBenchmark for BigInt (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/226\"\u003e#226\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd documentation for max/min (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/232\"\u003e#232\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate BN#inspect for Symbols (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/225\"\u003e#225\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove performance of toArrayLike (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/222\"\u003e#222\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etemporary disable jumboMulTo in BN#mulTo (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/221\"\u003e#221\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eoptimize toBitArray function (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/212\"\u003e#212\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix iaddn sign issue (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/216\"\u003e#216\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.0.0 / 2019-07-04\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/ea6c072a951493ca99e5cd5f8da3851b90116271\"\u003e\u003ccode\u003eea6c072\u003c/code\u003e\u003c/a\u003e 5.2.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/33df26b5771e824f303a79ec6407409376baa64b\"\u003e\u003ccode\u003e33df26b\u003c/code\u003e\u003c/a\u003e fix imaskn state (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/317\"\u003e#317\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/6db7c3818569423b94ebcf2bdff90fcfb9c47f6d\"\u003e\u003ccode\u003e6db7c38\u003c/code\u003e\u003c/a\u003e 5.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/c7e1a532566c83fd0297ff7669c227b824928bf4\"\u003e\u003ccode\u003ec7e1a53\u003c/code\u003e\u003c/a\u003e Fix imuln/muln with zero (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/313\"\u003e#313\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/4cc0bfa5195d54876a6b807827e582522c813019\"\u003e\u003ccode\u003e4cc0bfa\u003c/code\u003e\u003c/a\u003e docs: mention the max plain JS number argument value (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/307\"\u003e#307\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/5df40f81ea8afb835b909bb7c21e0833cdeb6a30\"\u003e\u003ccode\u003e5df40f8\u003c/code\u003e\u003c/a\u003e Document \u003ccode\u003elength\u003c/code\u003e unit in \u003ccode\u003etoBuffer(...)\u003c/code\u003e input (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/299\"\u003e#299\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/7078ea85082f2d14e6b315debec76b472b1d55fa\"\u003e\u003ccode\u003e7078ea8\u003c/code\u003e\u003c/a\u003e 5.2.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/042ab62e70418c15f189b45460709a51faf303cc\"\u003e\u003ccode\u003e042ab62\u003c/code\u003e\u003c/a\u003e Fix serious issue in \u003ccode\u003e.toString(16)\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/295\"\u003e#295\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/db57519421f0c47c9f68c05fa6fc12273dcca2c2\"\u003e\u003ccode\u003edb57519\u003c/code\u003e\u003c/a\u003e Fix a few typos in readme (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/285\"\u003e#285\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/4187ca213e91b41acf72be046072f2dc1f06d0de\"\u003e\u003ccode\u003e4187ca2\u003c/code\u003e\u003c/a\u003e readme: add Scout APM to new Sponsors section\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/indutny/bn.js/compare/v4.11.9...v5.2.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `follow-redirects` from 1.9.0 to 1.16.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/0c23a223067201c368035e82954c11eb2578a33b\"\u003e\u003ccode\u003e0c23a22\u003c/code\u003e\u003c/a\u003e Release version 1.16.0 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/844c4d302ac963d29bdb5dc1754ec7df3d70d7f9\"\u003e\u003ccode\u003e844c4d3\u003c/code\u003e\u003c/a\u003e Add sensitiveHeaders option.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5e8b8d024e2c76f804a284258e585ecb49a575be\"\u003e\u003ccode\u003e5e8b8d0\u003c/code\u003e\u003c/a\u003e ci: add Node.js 24.x to the CI matrix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7953e2255aa0b93602eed3804f3bc5e6923a03af\"\u003e\u003ccode\u003e7953e22\u003c/code\u003e\u003c/a\u003e ci: upgrade GitHub Actions to use setup-node@v6 and checkout@v6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/86dc1f86e4b56bcd642c78384d51f10f123aea75\"\u003e\u003ccode\u003e86dc1f8\u003c/code\u003e\u003c/a\u003e Sanitizing input.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/21ef28a544c5e57f4c34b8476d75f2144609a1eb\"\u003e\u003ccode\u003e21ef28a\u003c/code\u003e\u003c/a\u003e Release version 1.15.11 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7c88135da3bd0681a7e156ee66b16b2f6f98b480\"\u003e\u003ccode\u003e7c88135\u003c/code\u003e\u003c/a\u003e Roll back tree shaking.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/6e389ba094beec211a8847788a146917a16c1bdb\"\u003e\u003ccode\u003e6e389ba\u003c/code\u003e\u003c/a\u003e Release version 1.15.10 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5bc496e0229abda823221e0c6267926a3f93f262\"\u003e\u003ccode\u003e5bc496e\u003c/code\u003e\u003c/a\u003e Shake me up before you go-go.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/694d6b47a42bc8377e5ef1480394de451e16bd5b\"\u003e\u003ccode\u003e694d6b4\u003c/code\u003e\u003c/a\u003e Bump minimist from 1.2.5 to 1.2.8\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/follow-redirects/follow-redirects/compare/v1.9.0...v1.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `handlebars` from 4.5.3 to 4.7.9\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/handlebars-lang/handlebars.js/releases\"\u003ehandlebars's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.7.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: enable shell mode for spawn to resolve Windows EINVAL issue - e0137c2\u003c/li\u003e\n\u003cli\u003efix type \u0026quot;RuntimeOptions\u0026quot; also accepting string partials - eab1d14\u003c/li\u003e\n\u003cli\u003efeat(types): set \u003ccode\u003ehash\u003c/code\u003e to be a \u003ccode\u003eRecord\u0026lt;string, any\u0026gt;\u003c/code\u003e - de4414d\u003c/li\u003e\n\u003cli\u003efix non-contiguous program indices - 4512766\u003c/li\u003e\n\u003cli\u003erefactor: rename i to startPartIndex - e497a35\u003c/li\u003e\n\u003cli\u003esecurity: fix security issues - 68d8df5\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2w6w-674q-4c4q\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2w6w-674q-4c4q\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-3mfm-83xf-c92r\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-3mfm-83xf-c92r\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xhpv-hc6g-r9c6\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xhpv-hc6g-r9c6\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xjpj-3mr7-gcpf\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xjpj-3mr7-gcpf\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-9cx6-37pm-9jff\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-9cx6-37pm-9jff\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2qvq-rjwj-gvw9\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2qvq-rjwj-gvw9\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-7rx3-28cr-v5wh\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-7rx3-28cr-v5wh\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-442j-39wm-28r2\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-442j-39wm-28r2\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.8...v4.7.9\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.7.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMake library compatible with workers (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1894\"\u003e#1894\u003c/a\u003e) - 3d3796c\u003c/li\u003e\n\u003cli\u003eDon't rely on Node.js global object (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1776\"\u003e#1776\u003c/a\u003e) - 2954e7e\u003c/li\u003e\n\u003cli\u003eFix compiling of each block params in strict mode (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1855\"\u003e#1855\u003c/a\u003e) - 30dbf04\u003c/li\u003e\n\u003cli\u003eFix rollup warning when importing Handlebars as ESM - 03d387b\u003c/li\u003e\n\u003cli\u003eFix bundler issue with webpack 5 (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1862\"\u003e#1862\u003c/a\u003e) - c6c6bbb\u003c/li\u003e\n\u003cli\u003eUse https instead of git for mustache submodule - 88ac068\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.7...v4.7.8\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/handlebars-lang/handlebars.js/blob/v4.7.9/release-notes.md\"\u003ehandlebars's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.7.9 - March 26th, 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: enable shell mode for spawn to resolve Windows EINVAL issue - e0137c2\u003c/li\u003e\n\u003cli\u003efix type \u0026quot;RuntimeOptions\u0026quot; also accepting string partials - eab1d14\u003c/li\u003e\n\u003cli\u003efeat(types): set \u003ccode\u003ehash\u003c/code\u003e to be a \u003ccode\u003eRecord\u0026lt;string, any\u0026gt;\u003c/code\u003e - de4414d\u003c/li\u003e\n\u003cli\u003efix non-contiguous program indices - 4512766\u003c/li\u003e\n\u003cli\u003erefactor: rename i to startPartIndex - e497a35\u003c/li\u003e\n\u003cli\u003esecurity: fix security issues - 68d8df5\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.8...v4.7.9\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.7.8 - July 27th, 2023\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMake library compatible with workers (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1894\"\u003e#1894\u003c/a\u003e) - 3d3796c\u003c/li\u003e\n\u003cli\u003eDon't rely on Node.js global object (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1776\"\u003e#1776\u003c/a\u003e) - 2954e7e\u003c/li\u003e\n\u003cli\u003eFix compiling of each block params in strict mode (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1855\"\u003e#1855\u003c/a\u003e) - 30dbf04\u003c/li\u003e\n\u003cli\u003eFix rollup warning when importing Handlebars as ESM - 03d387b\u003c/li\u003e\n\u003cli\u003eFix bundler issue with webpack 5 (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1862\"\u003e#1862\u003c/a\u003e) - c6c6bbb\u003c/li\u003e\n\u003cli\u003eUse https instead of git for mustache submodule - 88ac068\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.7...v4.7.8\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.7.7 - February 15th, 2021\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix weird error in integration tests - eb860c0\u003c/li\u003e\n\u003cli\u003efix: check prototype property access in strict-mode (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1736\"\u003e#1736\u003c/a\u003e) - b6d3de7\u003c/li\u003e\n\u003cli\u003efix: escape property names in compat mode (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1736\"\u003e#1736\u003c/a\u003e) - f058970\u003c/li\u003e\n\u003cli\u003erefactor: In spec tests, use expectTemplate over equals and shouldThrow (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1683\"\u003e#1683\u003c/a\u003e) - 77825f8\u003c/li\u003e\n\u003cli\u003echore: start testing on Node.js 12 and 13 - 3789a30\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e(POSSIBLY) BREAKING CHANGES:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ethe changes from version \u003ca href=\"https://github.com/handlebars-lang/handlebars.js/blob/master/release-notes.md#v460---january-8th-2020\"\u003e4.6.0\u003c/a\u003e now also apply\nin when using the compile-option \u0026quot;strict: true\u0026quot;. Access to prototype properties is forbidden completely by default, specific properties or methods\ncan be allowed via runtime-options. See \u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1633\"\u003e#1633\u003c/a\u003e for details. If you are using Handlebars as documented, you should not be accessing prototype properties\nfrom your template anyway, so the changes should not be a problem for you. Only the use of undocumented features can break your build.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThat is why we only bump the patch version despite mentioning breaking changes.\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/wycats/handlebars.js/compare/v4.7.6...v4.7.7\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.7.6 - April 3rd, 2020\u003c/h2\u003e\n\u003cp\u003eChore/Housekeeping:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/wycats/handlebars.js/issues/1672\"\u003e#1672\u003c/a\u003e - Switch cmd parser to latest minimist (\u003ca href=\"https://api.github.com/users/dougwilson\"\u003e\u003ccode\u003e@​dougwilson\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eCompatibility notes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRestored Node.js compatibility\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/detail...\n\n_Description has been truncated_","html_url":"https://github.com/Surfndez/next.js/pull/15","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Surfndez%2Fnext.js/issues/15","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/15/packages"},{"uuid":"4488195628","node_id":"PR_kwDOSjJwAs7dnUlA","number":2,"state":"closed","title":"chore(deps): bump the npm_and_yarn group across 1 directory with 5 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-20T16:34:10.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-20T16:26:51.000Z","updated_at":"2026-05-20T16:34:20.000Z","time_to_close":439,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"npm_and_yarn","update_count":5,"packages":[{"name":"next","old_version":"16.1.0-canary.19","new_version":"16.2.6","repository_url":"https://github.com/vercel/next.js"},{"name":"postcss","old_version":"8.5.6","new_version":"8.5.10","repository_url":"https://github.com/postcss/postcss"},{"name":"jws","old_version":"3.2.2","new_version":"3.2.3","repository_url":"https://github.com/brianloveswords/node-jws"},{"name":"path-to-regexp","old_version":"0.1.7","new_version":"8.4.2","repository_url":"https://github.com/pillarjs/path-to-regexp"},{"name":"picomatch","old_version":"4.0.3","new_version":"4.0.4","repository_url":"https://github.com/micromatch/picomatch"}],"path":null,"ecosystem":"npm"},"body":"[//]: # (dependabot-start)\n⚠️  **Dependabot is rebasing this PR** ⚠️ \n\nRebasing might not happen immediately, so don't worry if this takes some time.\n\nNote: if you make any changes to this PR yourself, they will take precedence over the rebase.\n\n---\n\n[//]: # (dependabot-end)\n\nBumps the npm_and_yarn group with 5 updates in the /site directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [next](https://github.com/vercel/next.js) | `16.1.0-canary.19` | `16.2.6` |\n| [postcss](https://github.com/postcss/postcss) | `8.5.6` | `8.5.10` |\n| [jws](https://github.com/brianloveswords/node-jws) | `3.2.2` | `3.2.3` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `0.1.7` | `8.4.2` |\n| [picomatch](https://github.com/micromatch/picomatch) | `4.0.3` | `4.0.4` |\n\n\nUpdates `next` from 16.1.0-canary.19 to 16.2.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vercel/next.js/releases\"\u003enext's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev16.2.6\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nThis release contains security fixes and backported bug fixes. It does \u003cstrong\u003enot\u003c/strong\u003e include all pending features/changes on canary.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eSecurity Fixes\u003c/h3\u003e\n\u003cp\u003eThe following advisories have been addressed:\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eHigh:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-8h8q-6873-q5fj\"\u003eGHSA-8h8q-6873-q5fj: Denial of Service with Server Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-267c-6grr-h53f\"\u003eGHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-26hh-7cqf-hhc6\"\u003eGHSA-26hh-7cqf-hhc6: Middleware / Proxy bypass in App Router applications via segment-prefetch routes - \u003cstrong\u003eIncomplete Fix Follow-Up\u003c/strong\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-mg66-mrh9-m8jx\"\u003eGHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-492v-c6pp-mqqv\"\u003eGHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-c4j6-fc7j-m34r\"\u003eGHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-36qx-fr4f-26g5\"\u003eGHSA-36qx-fr4f-26g5: Middleware / Proxy bypass in Pages Router applications using i18n\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eModerate:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-ffhc-5mcf-pf4q\"\u003eGHSA-ffhc-5mcf-pf4q: Cross-site scripting in App Router applications using CSP nonces\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-gx5p-jg67-6x7h\"\u003eGHSA-gx5p-jg67-6x7h: Cross-site scripting in beforeInteractive scripts with untrusted input\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-h64f-5h5j-jqjh\"\u003eGHSA-h64f-5h5j-jqjh: Denial of Service in the Image Optimization API\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-wfc6-r584-vfw7\"\u003eGHSA-wfc6-r584-vfw7: Cache poisoning in React Server Component responses\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eLow:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-vfv6-92ff-j949\"\u003eGHSA-vfv6-92ff-j949: Cache poisoning via collisions in React Server Component cache-busting\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-3g8h-86w9-wvmq\"\u003eGHSA-3g8h-86w9-wvmq: Middleware / Proxy redirects can be cache-poisoned\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCore Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix: preserve HTTP access fallbacks during prerender recovery (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92231\"\u003e#92231\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix fallback route params case in app-page handler (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/91737\"\u003e#91737\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix invalid HTML response for route-level RSC requests in deployment adapter (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/91541\"\u003e#91541\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePatch setHeader for direct route handlers (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93101\"\u003e#93101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eInclude deployment id in \u003ccode\u003ecacheHandlers\u003c/code\u003e keys (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93453\"\u003e#93453\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix double-encoding of URL pathname parts in client param parsing (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93491\"\u003e#93491\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev16.2.5\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nThis release contains security fixes and backported bug fixes. It does \u003cstrong\u003enot\u003c/strong\u003e include all pending features/changes on canary.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eSecurity Fixes\u003c/h3\u003e\n\u003cp\u003eThe following advisories have been addressed:\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eHigh:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-8h8q-6873-q5fj\"\u003eGHSA-8h8q-6873-q5fj: Denial of Service with Server Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-267c-6grr-h53f\"\u003eGHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-mg66-mrh9-m8jx\"\u003eGHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-492v-c6pp-mqqv\"\u003eGHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-c4j6-fc7j-m34r\"\u003eGHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/ee6e79b1792a4d401ddf2480f40a83549fe8e722\"\u003e\u003ccode\u003eee6e79b\u003c/code\u003e\u003c/a\u003e v16.2.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/afa053d9eb9c2a68c7eba43e84fe6bed8babcd45\"\u003e\u003ccode\u003eafa053d\u003c/code\u003e\u003c/a\u003e Turbopack: Match proxy matchers with webpack implementation (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93594\"\u003e#93594\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/97a154e5bbee0cb1ac3fb8aa4db66ac36e796e3d\"\u003e\u003ccode\u003e97a154e\u003c/code\u003e\u003c/a\u003e Turbopack: Fix middleware matcher suffix (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93590\"\u003e#93590\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/83899bc89103d4df1479e065c7c1e09d4698a7b6\"\u003e\u003ccode\u003e83899bc\u003c/code\u003e\u003c/a\u003e [backport] Disable build caches for production/staging/force-preview deploys ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/7b222b90954d607fc28a34e9b360a9b1636bc206\"\u003e\u003ccode\u003e7b222b9\u003c/code\u003e\u003c/a\u003e [backport][test] Pin package manager to patch versions (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93595\"\u003e#93595\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/a8dc24f1fe23d4a22d24fac734837f7c824138f7\"\u003e\u003ccode\u003ea8dc24f\u003c/code\u003e\u003c/a\u003e [backport] Turbopack: more strict vergen setup (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93587\"\u003e#93587\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/766148f9cd48c0e218acafcd0f15defc14871bf4\"\u003e\u003ccode\u003e766148f\u003c/code\u003e\u003c/a\u003e v16.2.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/0dd94836a8b43209fcfefa448c141683c22c1a27\"\u003e\u003ccode\u003e0dd9483\u003c/code\u003e\u003c/a\u003e fix: add explicit checks for RSC header (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/83\"\u003e#83\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/98\"\u003e#98\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/d166096c399c4fc4e09cd2d1bf26dca6579a855d\"\u003e\u003ccode\u003ed166096\u003c/code\u003e\u003c/a\u003e fix proxy matching for segment prefetch URLs (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/89\"\u003e#89\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/96\"\u003e#96\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/9d50c0b7190f59c470308578e12882788819f14c\"\u003e\u003ccode\u003e9d50c0b\u003c/code\u003e\u003c/a\u003e Strip next-resume header from incoming requests (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92\"\u003e#92\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vercel/next.js/compare/v16.1.0-canary.19...v16.2.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for next since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `postcss` from 8.5.6 to 8.5.10\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/releases\"\u003epostcss's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcessor#version\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map annotation cleaning performance (by CodeAnt AI).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/blob/main/CHANGELOG.md\"\u003epostcss's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcessor#version\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map annotation cleaning performance (by CodeAnt AI).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/33b9790263dc1562a46ce45d9532bd63e95b7986\"\u003e\u003ccode\u003e33b9790\u003c/code\u003e\u003c/a\u003e Release 8.5.10 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/536c79e4b01e58a3a56b09c3c0cf2323f4b9a28b\"\u003e\u003ccode\u003e536c79e\u003c/code\u003e\u003c/a\u003e Escape \u0026lt;/style\u0026gt; in CSS output (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2074\"\u003e#2074\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/afa96b2a139ce625c4d27973313479c7c85f39d4\"\u003e\u003ccode\u003eafa96b2\u003c/code\u003e\u003c/a\u003e Update dependencies (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2073\"\u003e#2073\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/effe88bb87cabdc1876e02adbdd30f392f19f40d\"\u003e\u003ccode\u003eeffe88b\u003c/code\u003e\u003c/a\u003e Typo (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2072\"\u003e#2072\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/3ee79a2c4a11e41d52db50b444eebe38299495ad\"\u003e\u003ccode\u003e3ee79a2\u003c/code\u003e\u003c/a\u003e Thread model (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2071\"\u003e#2071\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/2e0683daca4dc2919211b03774f6b2d137136c01\"\u003e\u003ccode\u003e2e0683d\u003c/code\u003e\u003c/a\u003e Create incident response docs (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/fe88ac29c06b7b218be32994cdc6ca1525bdf2c9\"\u003e\u003ccode\u003efe88ac2\u003c/code\u003e\u003c/a\u003e Release 8.5.9 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/c551632496b87ab3f1965bfda5dc386b6c71963e\"\u003e\u003ccode\u003ec551632\u003c/code\u003e\u003c/a\u003e Avoid RegExp when we can use simple JS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/89a6b744060eb8dee743351c785a9fbe37d4525a\"\u003e\u003ccode\u003e89a6b74\u003c/code\u003e\u003c/a\u003e Move SECURITY.txt for docs folder to keep GitHub page cleaner\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/6ceb8a46af9f9de821faee98f861bdf84617347b\"\u003e\u003ccode\u003e6ceb8a4\u003c/code\u003e\u003c/a\u003e Create SECURITY.md\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/postcss/postcss/compare/8.5.6...8.5.10\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jws` from 3.2.2 to 3.2.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/brianloveswords/node-jws/releases\"\u003ejws's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.2.3\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix advisory GHSA-869p-cjfg-cm3x: createSign and createVerify now require\nthat a non empty secret is provided (via opts.secret, opts.privateKey or opts.key)\nwhen using HMAC algorithms.\u003c/li\u003e\n\u003cli\u003eUpgrading JWA version to 1.4.2, addressing a compatibility issue for Node \u0026gt;= 25.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/auth0/node-jws/blob/master/CHANGELOG.md\"\u003ejws's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[3.2.3]\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix advisory GHSA-869p-cjfg-cm3x: createSign and createVerify now require\nthat a non empty secret is provided (via opts.secret, opts.privateKey or opts.key)\nwhen using HMAC algorithms.\u003c/li\u003e\n\u003cli\u003eUpgrading JWA version to 1.4.2, adressing a compatibility issue for Node \u0026gt;= 25.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.0.0]\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eBREAKING\u003c/strong\u003e: \u003ccode\u003ejwt.verify\u003c/code\u003e now requires an \u003ccode\u003ealgorithm\u003c/code\u003e parameter, and\n\u003ccode\u003ejws.createVerify\u003c/code\u003e requires an \u003ccode\u003ealgorithm\u003c/code\u003e option. The \u003ccode\u003e\u0026quot;alg\u0026quot;\u003c/code\u003e field\nsignature headers is ignored. This mitigates a critical security flaw\nin the library which would allow an attacker to generate signatures with\narbitrary contents that would be accepted by \u003ccode\u003ejwt.verify\u003c/code\u003e. See\n\u003ca href=\"https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/\"\u003ehttps://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/\u003c/a\u003e\nfor details.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/brianloveswords/node-jws/compare/v1.0.1...v2.0.0\"\u003e2.0.0\u003c/a\u003e - 2015-01-30\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eBREAKING\u003c/strong\u003e: Default payload encoding changed from \u003ccode\u003ebinary\u003c/code\u003e to\n\u003ccode\u003eutf8\u003c/code\u003e. \u003ccode\u003eutf8\u003c/code\u003e is a is a more sensible default than \u003ccode\u003ebinary\u003c/code\u003e because\nmany payloads, as far as I can tell, will contain user-facing\nstrings that could be in any language. (\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/brianloveswords/node-jws/commit/6b6de48\"\u003e6b6de48\u003c/a\u003e\u003c!-- raw HTML omitted --\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCode reorganization, thanks \u003ca href=\"https://github.com/fearphage\"\u003e\u003ccode\u003e@​fearphage\u003c/code\u003e\u003c/a\u003e! (\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/brianloveswords/node-jws/commit/7880050\"\u003e7880050\u003c/a\u003e\u003c!-- raw HTML omitted --\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eOption in all relevant methods for \u003ccode\u003eencoding\u003c/code\u003e. For those few users\nthat might be depending on a \u003ccode\u003ebinary\u003c/code\u003e encoding of the messages, this\nis for them. (\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/brianloveswords/node-jws/commit/6b6de48\"\u003e6b6de48\u003c/a\u003e\u003c!-- raw HTML omitted --\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/auth0/node-jws/commit/4f6e73f24df42f07d632dec6431ade8eda8d11a6\"\u003e\u003ccode\u003e4f6e73f\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/auth0/node-jws/commit/bd0fea57f35a97b6749a632b19ae5100d6d35729\"\u003e\u003ccode\u003ebd0fea5\u003c/code\u003e\u003c/a\u003e version 3.2.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/auth0/node-jws/commit/7c3b4b411004c206af8901fa3f8e644127bbf8d9\"\u003e\u003ccode\u003e7c3b4b4\u003c/code\u003e\u003c/a\u003e Enhance tests for HMAC streaming sign and verify\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/auth0/node-jws/commit/a9b8ed999de8f8fff486ac9167514577a0fae323\"\u003e\u003ccode\u003ea9b8ed9\u003c/code\u003e\u003c/a\u003e Improve secretOrKey initialization in VerifyStream\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/auth0/node-jws/commit/6707fde62cbae465a7f11e52760fb994dbc0e0dc\"\u003e\u003ccode\u003e6707fde\u003c/code\u003e\u003c/a\u003e Improve secret handling in SignStream\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/brianloveswords/node-jws/compare/v3.2.2...v3.2.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~julien.wollscheid\"\u003ejulien.wollscheid\u003c/a\u003e, a new releaser for jws since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `path-to-regexp` from 0.1.7 to 8.4.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pillarjs/path-to-regexp/releases\"\u003epath-to-regexp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.4.2\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFixed\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eError on trailing backslash (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/434\"\u003e#434\u003c/a\u003e)  9a78879\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003ePerformance\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMinimize array allocations (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/437\"\u003e#437\u003c/a\u003e)  937c02d\u003c/li\u003e\n\u003cli\u003eImprove compile performance (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/436\"\u003e#436\u003c/a\u003e)  57247e6\n\u003cul\u003e\n\u003cli\u003eShould improve compilation performance by ~25%\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eRemove internal tokenization during parse (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/435\"\u003e#435\u003c/a\u003e)  5844988\n\u003cul\u003e\n\u003cli\u003eShould improve parse performance by ~20%\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBundle size\u003c/strong\u003e to 1.93 kB, from 1.97 kB.\u003c/p\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/compare/v8.4.1...v8.4.2\"\u003ehttps://github.com/pillarjs/path-to-regexp/compare/v8.4.1...v8.4.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.4.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFixed\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRemove trie deduplication (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/431\"\u003e#431\u003c/a\u003e)  6bc8e84\n\u003cul\u003e\n\u003cli\u003eUsing a trie required non-greedy matching, which regressed wildcards in non-ending mode by matching them up until the first match. For example:\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e/*foo\u003c/code\u003e with \u003ccode\u003e/a/b\u003c/code\u003e = \u003ccode\u003e/a\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e/*foo.html\u003c/code\u003ewith \u003ccode\u003e/a/b.html/c.html\u003c/code\u003e = \u003ccode\u003e/a/b.html\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eAllow backtrack handling to match itself (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/427\"\u003e#427\u003c/a\u003e)  5bcd30b\n\u003cul\u003e\n\u003cli\u003eWhen backtracking was introduced, it rejected matching things like \u003ccode\u003e/:\u0026quot;a\u0026quot;_:\u0026quot;b\u0026quot;\u003c/code\u003e against \u003ccode\u003e/foo__\u003c/code\u003e. This makes intuitive sense because the second parameter is not going to backtrack on \u003ccode\u003e_\u003c/code\u003e anymore, but it's somewhat unexpected since there's no reason it shouldn't match the second \u003ccode\u003e_\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/compare/v8.4.0...v8.4.1\"\u003ehttps://github.com/pillarjs/path-to-regexp/compare/v8.4.0...v8.4.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.4.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eImportant\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-4926\"\u003eCVE-2026-4926\u003c/a\u003e (\u003ca href=\"https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-j3q9-mxjg-w52f\"\u003eGHSA-j3q9-mxjg-w52f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-4923\"\u003eCVE-2026-4923\u003c/a\u003e (\u003ca href=\"https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-27v5-c462-wpq7\"\u003eGHSA-27v5-c462-wpq7\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFixed\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRestricts wildcard backtracking when using more than 1 in a path (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/pull/421\"\u003epillarjs/path-to-regexp#421\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eChanged\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDedupes regex prefixes (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/pull/422\"\u003epillarjs/path-to-regexp#422\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eThis will result in shorter regular expressions for some cases using optional groups\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eRejects large optional route combinations (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/pull/424\"\u003epillarjs/path-to-regexp#424\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eWhen using groups such as \u003ccode\u003e/users{/delete}\u003c/code\u003e it will restrict the number of generated combinations to \u0026lt; 256, equivalent to 8 top-level optional groups and unlikely to occur in a real world application, but avoids exploding the regex size for applications that accept user created routes\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pillarjs/path-to-regexp/blob/master/History.md\"\u003epath-to-regexp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eMoved to \u003ca href=\"https://github.com/pillarjs/path-to-regexp/releases\"\u003eGitHub Releases\u003c/a\u003e\u003c/h1\u003e\n\u003ch2\u003e3.0.0 / 2019-01-13\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAlways use prefix character as delimiter token, allowing any character to be a delimiter (e.g. \u003ccode\u003e/:att1-:att2-:att3-:att4-:att5\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003eRemove \u003ccode\u003epartial\u003c/code\u003e support, prefer escaping the prefix delimiter explicitly (e.g. \u003ccode\u003e\\\\/(apple-)?icon-:res(\\\\d+).png\u003c/code\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.4.0 / 2018-08-26\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSupport \u003ccode\u003estart\u003c/code\u003e option to disable anchoring from beginning of the string\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.3.0 / 2018-08-20\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUse \u003ccode\u003edelimiter\u003c/code\u003e when processing repeated matching groups (e.g. \u003ccode\u003efoo/bar\u003c/code\u003e has no prefix, but has a delimiter)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.1 / 2018-04-24\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAllow empty string with \u003ccode\u003eend: false\u003c/code\u003e to match both relative and absolute paths\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.0 / 2018-03-06\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePass \u003ccode\u003etoken\u003c/code\u003e as second argument to \u003ccode\u003eencode\u003c/code\u003e option (e.g. \u003ccode\u003eencode(value, token)\u003c/code\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.1.0 / 2017-10-20\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHandle non-ending paths where the final character is a delimiter\n\u003cul\u003e\n\u003cli\u003eE.g. \u003ccode\u003e/foo/\u003c/code\u003e before required either \u003ccode\u003e/foo/\u003c/code\u003e or \u003ccode\u003e/foo//\u003c/code\u003e to match in non-ending mode\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.0.0 / 2017-08-23\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNew option! Ability to set \u003ccode\u003eendsWith\u003c/code\u003e to match paths like \u003ccode\u003e/test?query=string\u003c/code\u003e up to the query string\u003c/li\u003e\n\u003cli\u003eNew option! Set \u003ccode\u003edelimiters\u003c/code\u003e for specific characters to be treated as parameter prefixes (e.g. \u003ccode\u003e/:test\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003eRemove \u003ccode\u003eisarray\u003c/code\u003e dependency\u003c/li\u003e\n\u003cli\u003eExplicitly handle trailing delimiters instead of trimming them (e.g. \u003ccode\u003e/test/\u003c/code\u003e is now treated as \u003ccode\u003e/test/\u003c/code\u003e instead of \u003ccode\u003e/test\u003c/code\u003e when matching)\u003c/li\u003e\n\u003cli\u003eRemove overloaded \u003ccode\u003ekeys\u003c/code\u003e argument that accepted \u003ccode\u003eoptions\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eRemove \u003ccode\u003ekeys\u003c/code\u003e list attached to the \u003ccode\u003eRegExp\u003c/code\u003e output\u003c/li\u003e\n\u003cli\u003eRemove asterisk functionality (it's a real pain to properly encode)\u003c/li\u003e\n\u003cli\u003eChange \u003ccode\u003etokensToFunction\u003c/code\u003e (e.g. \u003ccode\u003ecompile\u003c/code\u003e) to accept an \u003ccode\u003eencode\u003c/code\u003e function for pretty encoding (e.g. pass your own implementation)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.7.0 / 2016-11-08\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAllow a \u003ccode\u003edelimiter\u003c/code\u003e option to be passed in with \u003ccode\u003etokensToRegExp\u003c/code\u003e which will be used for \u0026quot;non-ending\u0026quot; token match situations\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.6.0 / 2016-10-03\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePopulate \u003ccode\u003eRegExp.keys\u003c/code\u003e when using the \u003ccode\u003etokensToRegExp\u003c/code\u003e method (making it consistent with the main export)\u003c/li\u003e\n\u003cli\u003eAllow a \u003ccode\u003edelimiter\u003c/code\u003e option to be passed in with \u003ccode\u003eparse\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eUpdated TypeScript definition with \u003ccode\u003eKeys\u003c/code\u003e and \u003ccode\u003eOptions\u003c/code\u003e updated\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.5.3 / 2016-06-15\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/cbf30259e6d34d6135f9e7dbaa3371e7188f9936\"\u003e\u003ccode\u003ecbf3025\u003c/code\u003e\u003c/a\u003e 8.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/937c02df571aef02832610100859efab21995320\"\u003e\u003ccode\u003e937c02d\u003c/code\u003e\u003c/a\u003e Minimize array allocations (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/437\"\u003e#437\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/57247e63fd061aa17b9f75c87712c680b223ee04\"\u003e\u003ccode\u003e57247e6\u003c/code\u003e\u003c/a\u003e Improve compile performance (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/436\"\u003e#436\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/58449883539022c9ac36ea3e9abb0fc7b9d84223\"\u003e\u003ccode\u003e5844988\u003c/code\u003e\u003c/a\u003e Remove internal tokenization during parse (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/435\"\u003e#435\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/9a788793e7eeb0ccf9c53c1cb54d297b5badfcc3\"\u003e\u003ccode\u003e9a78879\u003c/code\u003e\u003c/a\u003e Error on trailing backslash (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/434\"\u003e#434\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/7f058760ae0867fdd75e5ed07d7096f782c1f752\"\u003e\u003ccode\u003e7f05876\u003c/code\u003e\u003c/a\u003e 8.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/6bc8e84677caa52de6db7b2b17a6729ec155b070\"\u003e\u003ccode\u003e6bc8e84\u003c/code\u003e\u003c/a\u003e Remove trie deduplication (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/431\"\u003e#431\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/5bcd30b790fecfd4798521af28a57214996c4139\"\u003e\u003ccode\u003e5bcd30b\u003c/code\u003e\u003c/a\u003e Allow backtrack handling to match itself (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/427\"\u003e#427\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/9f9c6c501f6d015db3df224d2479475d59cac0a5\"\u003e\u003ccode\u003e9f9c6c5\u003c/code\u003e\u003c/a\u003e Add parsing to benchmarks (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/418\"\u003e#418\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/9fd31e0cde4f35b5f15f1676eabe3484618038ad\"\u003e\u003ccode\u003e9fd31e0\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003etrailing: false\u003c/code\u003e tests (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/428\"\u003e#428\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pillarjs/path-to-regexp/compare/v0.1.7...v8.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `picomatch` from 4.0.3 to 4.0.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/releases\"\u003epicomatch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.0.4\u003c/h2\u003e\n\u003cp\u003eThis is a security release fixing several security relevant issues.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj\"\u003eCVE-2026-33671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p\"\u003eCVE-2026-33672\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/micromatch/picomatch/compare/4.0.3...4.0.4\"\u003ehttps://github.com/micromatch/picomatch/compare/4.0.3...4.0.4\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/e5474fc1a4d7991870058170407dda8a42be5334\"\u003e\u003ccode\u003ee5474fc\u003c/code\u003e\u003c/a\u003e Publish 4.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/4516eb521f13a46b2fe1a1d2c9ef6b20ddc0e903\"\u003e\u003ccode\u003e4516eb5\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/5eceecd27543b8e056b9307d69e105ea03618a7d\"\u003e\u003ccode\u003e5eceecd\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/0db7dd70651ca7c8265601c0442a996ed32e3238\"\u003e\u003ccode\u003e0db7dd7\u003c/code\u003e\u003c/a\u003e Run benchmark again against latest minimatch version (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/161\"\u003e#161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/95003777eb1c60dec09495a8231fa2ba4054d76a\"\u003e\u003ccode\u003e9500377\u003c/code\u003e\u003c/a\u003e docs: clarify what brace expansion syntax is and isn't supported (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/134\"\u003e#134\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/2661f23eca86c8b4a2b14815b9b2b3b74bd5a171\"\u003e\u003ccode\u003e2661f23\u003c/code\u003e\u003c/a\u003e fix typo in globstars.js test name (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/138\"\u003e#138\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/1798b07e9df59500b9cf567294d44d559032f4c7\"\u003e\u003ccode\u003e1798b07\u003c/code\u003e\u003c/a\u003e docs: fix \u003ccode\u003emakeRe\u003c/code\u003e example (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/143\"\u003e#143\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/9d76bc57a03b7f57cc4ca516c8071daf632bafd8\"\u003e\u003ccode\u003e9d76bc5\u003c/code\u003e\u003c/a\u003e chore: undocument removed options (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/146\"\u003e#146\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/e4d718bbfb47e4f030ab2612b5b04a9297fe272d\"\u003e\u003ccode\u003ee4d718b\u003c/code\u003e\u003c/a\u003e Remove unused time-require (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/160\"\u003e#160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/38dffeb16221cc8eb8981524fb6895dd2aaaba76\"\u003e\u003ccode\u003e38dffeb\u003c/code\u003e\u003c/a\u003e chore(deps): pin dependencies (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/158\"\u003e#158\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/micromatch/picomatch/compare/4.0.3...4.0.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/DeterminateSystems/async-stripe/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/DeterminateSystems/async-stripe/pull/2","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/DeterminateSystems%2Fasync-stripe/issues/2","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2/packages"},{"uuid":"4486547991","node_id":"PR_kwDODpAV6c7dh803","number":1,"state":"closed","title":"Bump the npm_and_yarn group across 1 directory with 10 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-25T05:29:07.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-20T12:48:12.000Z","updated_at":"2026-05-25T05:29:09.000Z","time_to_close":405655,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":10,"packages":[{"name":"next","old_version":"9.2.1","new_version":"15.5.18","repository_url":"https://github.com/vercel/next.js"},{"name":"ajv","old_version":"6.10.2","new_version":"6.15.0","repository_url":"https://github.com/ajv-validator/ajv"},{"name":"brace-expansion","old_version":"1.1.11","new_version":"1.1.14","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"js-yaml","old_version":"3.13.1","new_version":"3.14.2","repository_url":"https://github.com/nodeca/js-yaml"},{"name":"jws","old_version":"3.2.2","new_version":"3.2.3","repository_url":"https://github.com/brianloveswords/node-jws"},{"name":"minimatch","old_version":"3.0.4","new_version":"3.1.5","repository_url":"https://github.com/isaacs/minimatch"},{"name":"protobufjs","old_version":"6.8.8","new_version":"6.11.6","repository_url":"https://github.com/protobufjs/protobuf.js"},{"name":"yaml","old_version":"1.7.2","new_version":"1.10.3","repository_url":"https://github.com/eemeli/yaml"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 8 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [next](https://github.com/vercel/next.js) | `9.2.1` | `15.5.18` |\n| [ajv](https://github.com/ajv-validator/ajv) | `6.10.2` | `6.15.0` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.14` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.13.1` | `3.14.2` |\n| [jws](https://github.com/brianloveswords/node-jws) | `3.2.2` | `3.2.3` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.5` |\n| [protobufjs](https://github.com/protobufjs/protobuf.js) | `6.8.8` | `6.11.6` |\n| [yaml](https://github.com/eemeli/yaml) | `1.7.2` | `1.10.3` |\n\n\nUpdates `next` from 9.2.1 to 15.5.18\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vercel/next.js/releases\"\u003enext's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev15.5.18\u003c/h2\u003e\n\u003cp\u003eThis release contains security fixes for the following advisories:\u003c/p\u003e\n\u003cp\u003eHigh:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-8h8q-6873-q5fj\"\u003eGHSA-8h8q-6873-q5fj: Denial of Service with Server Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-267c-6grr-h53f\"\u003eGHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-26hh-7cqf-hhc6\"\u003eGHSA-26hh-7cqf-hhc6: Middleware / Proxy bypass in App Router applications via segment-prefetch routes - Incomplete Fix Follow-Up\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-mg66-mrh9-m8jx\"\u003eGHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-492v-c6pp-mqqv\"\u003eGHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-c4j6-fc7j-m34r\"\u003eGHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-36qx-fr4f-26g5\"\u003eGHSA-36qx-fr4f-26g5: Middleware / Proxy bypass in Pages Router applications using i18n\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eModerate:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-ffhc-5mcf-pf4q\"\u003eGHSA-ffhc-5mcf-pf4q: Cross-site scripting in App Router applications using CSP nonces\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-gx5p-jg67-6x7h\"\u003eGHSA-gx5p-jg67-6x7h: Cross-site scripting in beforeInteractive scripts with untrusted input\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-h64f-5h5j-jqjh\"\u003eGHSA-h64f-5h5j-jqjh: Denial of Service in the Image Optimization API\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-wfc6-r584-vfw7\"\u003eGHSA-wfc6-r584-vfw7: Cache poisoning in React Server Component responses\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eLow:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-vfv6-92ff-j949\"\u003eGHSA-vfv6-92ff-j949: Cache poisoning via collisions in React Server Component cache-busting\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-3g8h-86w9-wvmq\"\u003eGHSA-3g8h-86w9-wvmq: Middleware / Proxy redirects can be cache-poisoned\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev15.5.16\u003c/h2\u003e\n\u003cp\u003eThis release contains security fixes for the following advisories:\u003c/p\u003e\n\u003cp\u003eHigh:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-8h8q-6873-q5fj\"\u003eGHSA-8h8q-6873-q5fj: Denial of Service with Server Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-267c-6grr-h53f\"\u003eGHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-mg66-mrh9-m8jx\"\u003eGHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-492v-c6pp-mqqv\"\u003eGHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-c4j6-fc7j-m34r\"\u003eGHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-36qx-fr4f-26g5\"\u003eGHSA-36qx-fr4f-26g5: Middleware / Proxy bypass in Pages Router applications using i18n\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eModerate:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-ffhc-5mcf-pf4q\"\u003eGHSA-ffhc-5mcf-pf4q: Cross-site scripting in App Router applications using CSP nonces\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-gx5p-jg67-6x7h\"\u003eGHSA-gx5p-jg67-6x7h: Cross-site scripting in beforeInteractive scripts with untrusted input\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-h64f-5h5j-jqjh\"\u003eGHSA-h64f-5h5j-jqjh: Denial of Service in the Image Optimization API\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-wfc6-r584-vfw7\"\u003eGHSA-wfc6-r584-vfw7: Cache poisoning in React Server Component responses\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eLow:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-vfv6-92ff-j949\"\u003eGHSA-vfv6-92ff-j949: Cache poisoning via collisions in React Server Component cache-busting\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-3g8h-86w9-wvmq\"\u003eGHSA-3g8h-86w9-wvmq: Middleware / Proxy redirects can be cache-poisoned\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev15.5.15\u003c/h2\u003e\n\u003cp\u003ePlease refer the following changelogs for more information about this security release:\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://vercel.com/changelog/summary-of-cve-2026-23869\"\u003ehttps://vercel.com/changelog/summary-of-cve-2026-23869\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev15.5.14\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/9ff92cebcaa6ba4e7463b6fd037a8510ba9b81ec\"\u003e\u003ccode\u003e9ff92ce\u003c/code\u003e\u003c/a\u003e v15.5.18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/00ebe23562bd7eb32dd78730984bfadb47138bcf\"\u003e\u003ccode\u003e00ebe23\u003c/code\u003e\u003c/a\u003e [backport] Disable build caches for production/staging/force-preview deploys ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/62c97ab0b5825e2cbc15f6b682d8286a8dd6a038\"\u003e\u003ccode\u003e62c97ab\u003c/code\u003e\u003c/a\u003e v15.5.17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/423623ae38c106273085b66946ee5bf9aab77f2c\"\u003e\u003ccode\u003e423623a\u003c/code\u003e\u003c/a\u003e Turbopack: Match proxy matchers with webpack implementation (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93594\"\u003e#93594\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/fa787399b38d9aa702118f9bd23a8315b9f0ecc6\"\u003e\u003ccode\u003efa78739\u003c/code\u003e\u003c/a\u003e Turbopack: Fix middleware matcher suffix (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93590\"\u003e#93590\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/36e62c6eb7813e42d409eb487f93b829f4ad77e8\"\u003e\u003ccode\u003e36e62c6\u003c/code\u003e\u003c/a\u003e [backport] Turbopack: more strict vergen setup (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93588\"\u003e#93588\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/36589b5db512b7704cdadd873cbe49b6dbcc9261\"\u003e\u003ccode\u003e36589b5\u003c/code\u003e\u003c/a\u003e [backport][test] Pin package manager to patch versions (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93596\"\u003e#93596\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/ad6fd4e50e5aba20b60d283c42b89273a3167ccd\"\u003e\u003ccode\u003ead6fd4e\u003c/code\u003e\u003c/a\u003e v15.5.16\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/79d7dff1448483f0c8f187f98887b31019f6e494\"\u003e\u003ccode\u003e79d7dff\u003c/code\u003e\u003c/a\u003e Ignore malformed CSP nonce headers (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/c4f69086cc8dcbd81b1dbc321c98ea874d90d6f8\"\u003e\u003ccode\u003ec4f6908\u003c/code\u003e\u003c/a\u003e router-server: guard upgrade proxy against absolute-url SSRF (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/77\"\u003e#77\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vercel/next.js/compare/v9.2.1...v15.5.18\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for next since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ajv` from 6.10.2 to 6.15.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ajv-validator/ajv/releases\"\u003eajv's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.12.6\u003c/h2\u003e\n\u003cp\u003eFix performance issue of \u0026quot;url\u0026quot; format.\u003c/p\u003e\n\u003ch2\u003ev6.12.5\u003c/h2\u003e\n\u003cp\u003eFix uri scheme validation (\u003ca href=\"https://github.com/ChALkeR\"\u003e\u003ccode\u003e@​ChALkeR\u003c/code\u003e\u003c/a\u003e).\nFix boolean schemas with strictKeywords option (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/1270\"\u003e#1270\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003ev6.12.4\u003c/h2\u003e\n\u003cp\u003eFix: coercion of one-item arrays to scalar that should fail validation (\u003ca href=\"https://runkit.com/esp/5f3672ba2f6642001ae27411\"\u003efailing example\u003c/a\u003e).\u003c/p\u003e\n\u003ch2\u003ev6.12.3\u003c/h2\u003e\n\u003cp\u003ePass schema object to processCode function\nOption for strictNumbers (\u003ca href=\"https://github.com/issacgerges\"\u003e\u003ccode\u003e@​issacgerges\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/1128\"\u003e#1128\u003c/a\u003e)\nFixed vulnerability related to untrusted schemas (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CVE-2020-15366\"\u003eCVE-2020-15366\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003ev6.12.2\u003c/h2\u003e\n\u003cp\u003eRemoved post-install script\u003c/p\u003e\n\u003ch2\u003ev6.12.1\u003c/h2\u003e\n\u003cp\u003eDocs and dependency updates\u003c/p\u003e\n\u003ch2\u003ev6.12.0\u003c/h2\u003e\n\u003cp\u003eImproved hostname validation (\u003ca href=\"https://github.com/sambauers\"\u003e\u003ccode\u003e@​sambauers\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/1143\"\u003e#1143\u003c/a\u003e)\nOption \u003ccode\u003ekeywords\u003c/code\u003e to add custom keywords (\u003ca href=\"https://github.com/franciscomorais\"\u003e\u003ccode\u003e@​franciscomorais\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/1137\"\u003e#1137\u003c/a\u003e)\nTypes fixes (\u003ca href=\"https://github.com/boenrobot\"\u003e\u003ccode\u003e@​boenrobot\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/MattiAstedrone\"\u003e\u003ccode\u003e@​MattiAstedrone\u003c/code\u003e\u003c/a\u003e)\nDocs:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/epoberezkin/ajv#error-logging\"\u003eerror logging\u003c/a\u003e example (\u003ca href=\"https://github.com/RadiationSickness\"\u003e\u003ccode\u003e@​RadiationSickness\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTypeScript usage notes (\u003ca href=\"https://github.com/thetric\"\u003e\u003ccode\u003e@​thetric\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.11.0\u003c/h2\u003e\n\u003cp\u003eTime formats support two digit and colon-less variants of timezone offset (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/1061\"\u003e#1061\u003c/a\u003e , \u003ca href=\"https://github.com/cjpillsbury\"\u003e\u003ccode\u003e@​cjpillsbury\u003c/code\u003e\u003c/a\u003e)\nDocs: RegExp related security considerations\nTests: Disabled failing typescript test\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/184bc32745d9d33b2322949b9f3cb5f7609bf5ec\"\u003e\u003ccode\u003e184bc32\u003c/code\u003e\u003c/a\u003e 6.15.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/fea46afd1a76b12ff89493f6dc1bc46730c6d379\"\u003e\u003ccode\u003efea46af\u003c/code\u003e\u003c/a\u003e test/fix prototype pollution via $data ref with format keyword (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2606\"\u003e#2606\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/e3af0a723b4b7ad86eff43be355c706d31e0e915\"\u003e\u003ccode\u003ee3af0a7\u003c/code\u003e\u003c/a\u003e 6.14.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/b552ed66191eb338498df3196065c777e3bb71f2\"\u003e\u003ccode\u003eb552ed6\u003c/code\u003e\u003c/a\u003e add regExp option to address $data exploit via a regular expression (CVE-2025...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/72f228665859eed5e2be3a66f8c4a7aff6b34dcf\"\u003e\u003ccode\u003e72f2286\u003c/code\u003e\u003c/a\u003e docs: update v7 info\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/231e52b3bca62559202b95e5fb5cee02145b226a\"\u003e\u003ccode\u003e231e52b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/1320\"\u003e#1320\u003c/a\u003e from philsturgeon/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/d3475fc20416c33fe030c8aa3b09fa411f325bbd\"\u003e\u003ccode\u003ed3475fc\u003c/code\u003e\u003c/a\u003e Add spectral, an AJV util from a sponsor\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/413afe01f518ea74d1740a7cb211df787c585544\"\u003e\u003ccode\u003e413afe0\u003c/code\u003e\u003c/a\u003e docs: v7.0.0-beta.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/11e997bda2f3eecb445c1e5a07d96ef7e81c5f5d\"\u003e\u003ccode\u003e11e997b\u003c/code\u003e\u003c/a\u003e update readme for v7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/fe591439f34e24030f69df9eb8d91e6d037a3af7\"\u003e\u003ccode\u003efe59143\u003c/code\u003e\u003c/a\u003e 6.12.6\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v6.10.2...v6.15.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `brace-expansion` from 1.1.11 to 1.1.14\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/juliangruber/brace-expansion/releases\"\u003ebrace-expansion's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.1.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003epkg: publish on tag 1.x  c460dbd\u003c/li\u003e\n\u003cli\u003efmt  ccb8ac6\u003c/li\u003e\n\u003cli\u003eFix potential ReDoS Vulnerability or Inefficient Regular Expression (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/65\"\u003e#65\u003c/a\u003e)  c3c73c8\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v1.1.11...v1.1.12\"\u003ehttps://github.com/juliangruber/brace-expansion/compare/v1.1.11...v1.1.12\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/10c05fcf3699b1a29ef5e611c011af3d3c97e6e3\"\u003e\u003ccode\u003e10c05fc\u003c/code\u003e\u003c/a\u003e 1.1.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/1afa1b22ead12f6a7a02f25bf0f7d64c2439b007\"\u003e\u003ccode\u003e1afa1b2\u003c/code\u003e\u003c/a\u003e Add opt-in { max } mitigation to v1 legacy line (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/2fbb6a2aa0f984bb2fb5f60252ca6cba3e1368ec\"\u003e\u003ccode\u003e2fbb6a2\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/0d7652e3093d3273151729812f9b0b79a17ecba6\"\u003e\u003ccode\u003e0d7652e\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/6c353caf23beb9644f858eb3fe38d43a68b82898\"\u003e\u003ccode\u003e6c353ca\u003c/code\u003e\u003c/a\u003e 1.1.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2\"\u003e\u003ccode\u003e7fd684f\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-f886-m6hf-6m8v (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/95\"\u003e#95\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/44f33b47c5c6a965d507421af43e86cf5971d711\"\u003e\u003ccode\u003e44f33b4\u003c/code\u003e\u003c/a\u003e 1.1.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/c460dbd68e428d147b2080622d8ce126c7a08570\"\u003e\u003ccode\u003ec460dbd\u003c/code\u003e\u003c/a\u003e pkg: publish on tag 1.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/ccb8ac6d4292b7661b677fe048ba6690c877f51f\"\u003e\u003ccode\u003eccb8ac6\u003c/code\u003e\u003c/a\u003e fmt\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/c3c73c8b088defc70851843be88ccc3af08e7217\"\u003e\u003ccode\u003ec3c73c8\u003c/code\u003e\u003c/a\u003e Fix potential ReDoS Vulnerability or Inefficient Regular Expression (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/65\"\u003e#65\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/1.1.11...v1.1.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `js-yaml` from 3.13.1 to 3.14.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md\"\u003ejs-yaml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[3.14.2] - 2025-11-15\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackported v4.1.1 fix to v3\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.1.1] - 2025-11-12\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix prototype pollution issue in yaml merge (\u0026lt;\u0026lt;) operator.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.1.0] - 2021-04-15\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eTypes are now exported as \u003ccode\u003eyaml.types.XXX\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eEvery type now has \u003ccode\u003eoptions\u003c/code\u003e property with original arguments kept as they were\n(see \u003ccode\u003eyaml.types.int.options\u003c/code\u003e as an example).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eSchema.extend()\u003c/code\u003e now keeps old type order in case of conflicts\n(e.g. Schema.extend([ a, b, c ]).extend([ b, a, d ]) is now ordered as \u003ccode\u003eabcd\u003c/code\u003e instead of \u003ccode\u003ecbad\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.0.0] - 2021-01-03\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCheck \u003ca href=\"https://github.com/nodeca/js-yaml/blob/master/migrate_v3_to_v4.md\"\u003emigration guide\u003c/a\u003e to see details for all breaking changes.\u003c/li\u003e\n\u003cli\u003eBreaking: \u0026quot;unsafe\u0026quot; tags \u003ccode\u003e!!js/function\u003c/code\u003e, \u003ccode\u003e!!js/regexp\u003c/code\u003e, \u003ccode\u003e!!js/undefined\u003c/code\u003e are\nmoved to \u003ca href=\"https://github.com/nodeca/js-yaml-js-types\"\u003ejs-yaml-js-types\u003c/a\u003e package.\u003c/li\u003e\n\u003cli\u003eBreaking: removed \u003ccode\u003esafe*\u003c/code\u003e functions. Use \u003ccode\u003eload\u003c/code\u003e, \u003ccode\u003eloadAll\u003c/code\u003e, \u003ccode\u003edump\u003c/code\u003e\ninstead which are all now safe by default.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eyaml.DEFAULT_SAFE_SCHEMA\u003c/code\u003e and \u003ccode\u003eyaml.DEFAULT_FULL_SCHEMA\u003c/code\u003e are removed, use\n\u003ccode\u003eyaml.DEFAULT_SCHEMA\u003c/code\u003e instead.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eyaml.Schema.create(schema, tags)\u003c/code\u003e is removed, use \u003ccode\u003eschema.extend(tags)\u003c/code\u003e instead.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e!!binary\u003c/code\u003e now always mapped to \u003ccode\u003eUint8Array\u003c/code\u003e on load.\u003c/li\u003e\n\u003cli\u003eReduced nesting of \u003ccode\u003e/lib\u003c/code\u003e folder.\u003c/li\u003e\n\u003cli\u003eParse numbers according to YAML 1.2 instead of YAML 1.1 (\u003ccode\u003e01234\u003c/code\u003e is now decimal,\n\u003ccode\u003e0o1234\u003c/code\u003e is octal, \u003ccode\u003e1:23\u003c/code\u003e is parsed as string instead of base60).\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edump()\u003c/code\u003e no longer quotes \u003ccode\u003e:\u003c/code\u003e, \u003ccode\u003e[\u003c/code\u003e, \u003ccode\u003e]\u003c/code\u003e, \u003ccode\u003e(\u003c/code\u003e, \u003ccode\u003e)\u003c/code\u003e except when necessary, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/470\"\u003e#470\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/557\"\u003e#557\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eLine and column in exceptions are now formatted as \u003ccode\u003e(X:Y)\u003c/code\u003e instead of\n\u003ccode\u003eat line X, column Y\u003c/code\u003e (also present in compact format), \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/332\"\u003e#332\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eCode snippet created in exceptions now contains multiple lines with line numbers.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edump()\u003c/code\u003e now serializes \u003ccode\u003eundefined\u003c/code\u003e as \u003ccode\u003enull\u003c/code\u003e in collections and removes keys with\n\u003ccode\u003eundefined\u003c/code\u003e in mappings, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/571\"\u003e#571\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edump()\u003c/code\u003e with \u003ccode\u003eskipInvalid=true\u003c/code\u003e now serializes invalid items in collections as null.\u003c/li\u003e\n\u003cli\u003eCustom tags starting with \u003ccode\u003e!\u003c/code\u003e are now dumped as \u003ccode\u003e!tag\u003c/code\u003e instead of \u003ccode\u003e!\u0026lt;!tag\u0026gt;\u003c/code\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/576\"\u003e#576\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eCustom tags starting with \u003ccode\u003etag:yaml.org,2002:\u003c/code\u003e are now shorthanded using \u003ccode\u003e!!\u003c/code\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/258\"\u003e#258\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003e.mjs\u003c/code\u003e (es modules) support.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003equotingType\u003c/code\u003e and \u003ccode\u003eforceQuotes\u003c/code\u003e options for dumper to configure\nstring literal style, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/290\"\u003e#290\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/529\"\u003e#529\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003estyles: { '!!null': 'empty' }\u003c/code\u003e option for dumper\n(serializes \u003ccode\u003e{ foo: null }\u003c/code\u003e as \u0026quot;\u003ccode\u003efoo: \u003c/code\u003e\u0026quot;), \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/570\"\u003e#570\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/9963d366dfbde0c69722452bcd40b41e7e4160a0\"\u003e\u003ccode\u003e9963d36\u003c/code\u003e\u003c/a\u003e 3.14.2 released\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/10d3c8e70a6888543f5cdb656bb39f73e0ea77c1\"\u003e\u003ccode\u003e10d3c8e\u003c/code\u003e\u003c/a\u003e dist rebuild\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/5278870a17454fe8621dbd8c445c412529525266\"\u003e\u003ccode\u003e5278870\u003c/code\u003e\u003c/a\u003e fix prototype pollution in merge (\u0026lt;\u0026lt;) (\u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/731\"\u003e#731\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/37caaad57dc37d350d9a4577a5da53f482bb2983\"\u003e\u003ccode\u003e37caaad\u003c/code\u003e\u003c/a\u003e 3.14.1 released\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/094c0f7a79e6ff9e2b4d50b22686d2586894b58f\"\u003e\u003ccode\u003e094c0f7\u003c/code\u003e\u003c/a\u003e dist rebuild\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/9586ebe23298427d26b3479979bd6499bf3a14c2\"\u003e\u003ccode\u003e9586ebe\u003c/code\u003e\u003c/a\u003e Avoid calling hasOwnProperty of user-controlled objects\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/34e5072f43fd36b08aaaad433da73c10d47c41e5\"\u003e\u003ccode\u003e34e5072\u003c/code\u003e\u003c/a\u003e 3.14.0 released\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/7b25c83a6dc77097c2bf14bf714e168f60ee199b\"\u003e\u003ccode\u003e7b25c83\u003c/code\u003e\u003c/a\u003e Browser files rebuild\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/6f7347396867b8dcfc042722c2aae810dfe4caae\"\u003e\u003ccode\u003e6f73473\u003c/code\u003e\u003c/a\u003e Dev deps bump\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/0c293491d903cddcd41b41c165bc45eeb9a8d720\"\u003e\u003ccode\u003e0c29349\u003c/code\u003e\u003c/a\u003e Travis-CI: drop old nodejs versions\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nodeca/js-yaml/compare/3.13.1...3.14.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jws` from 3.2.2 to 3.2.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/brianloveswords/node-jws/releases\"\u003ejws's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.2.3\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix advisory GHSA-869p-cjfg-cm3x: createSign and createVerify now require\nthat a non empty secret is provided (via opts.secret, opts.privateKey or opts.key)\nwhen using HMAC algorithms.\u003c/li\u003e\n\u003cli\u003eUpgrading JWA version to 1.4.2, addressing a compatibility issue for Node \u0026gt;= 25.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/auth0/node-jws/blob/master/CHANGELOG.md\"\u003ejws's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[3.2.3]\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix advisory GHSA-869p-cjfg-cm3x: createSign and createVerify now require\nthat a non empty secret is provided (via opts.secret, opts.privateKey or opts.key)\nwhen using HMAC algorithms.\u003c/li\u003e\n\u003cli\u003eUpgrading JWA version to 1.4.2, adressing a compatibility issue for Node \u0026gt;= 25.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.0.0]\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eBREAKING\u003c/strong\u003e: \u003ccode\u003ejwt.verify\u003c/code\u003e now requires an \u003ccode\u003ealgorithm\u003c/code\u003e parameter, and\n\u003ccode\u003ejws.createVerify\u003c/code\u003e requires an \u003ccode\u003ealgorithm\u003c/code\u003e option. The \u003ccode\u003e\u0026quot;alg\u0026quot;\u003c/code\u003e field\nsignature headers is ignored. This mitigates a critical security flaw\nin the library which would allow an attacker to generate signatures with\narbitrary contents that would be accepted by \u003ccode\u003ejwt.verify\u003c/code\u003e. See\n\u003ca href=\"https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/\"\u003ehttps://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/\u003c/a\u003e\nfor details.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/brianloveswords/node-jws/compare/v1.0.1...v2.0.0\"\u003e2.0.0\u003c/a\u003e - 2015-01-30\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eBREAKING\u003c/strong\u003e: Default payload encoding changed from \u003ccode\u003ebinary\u003c/code\u003e to\n\u003ccode\u003eutf8\u003c/code\u003e. \u003ccode\u003eutf8\u003c/code\u003e is a is a more sensible default than \u003ccode\u003ebinary\u003c/code\u003e because\nmany payloads, as far as I can tell, will contain user-facing\nstrings that could be in any language. (\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/brianloveswords/node-jws/commit/6b6de48\"\u003e6b6de48\u003c/a\u003e\u003c!-- raw HTML omitted --\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCode reorganization, thanks \u003ca href=\"https://github.com/fearphage\"\u003e\u003ccode\u003e@​fearphage\u003c/code\u003e\u003c/a\u003e! (\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/brianloveswords/node-jws/commit/7880050\"\u003e7880050\u003c/a\u003e\u003c!-- raw HTML omitted --\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eOption in all relevant methods for \u003ccode\u003eencoding\u003c/code\u003e. For those few users\nthat might be depending on a \u003ccode\u003ebinary\u003c/code\u003e encoding of the messages, this\nis for them. (\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/brianloveswords/node-jws/commit/6b6de48\"\u003e6b6de48\u003c/a\u003e\u003c!-- raw HTML omitted --\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/auth0/node-jws/commit/4f6e73f24df42f07d632dec6431ade8eda8d11a6\"\u003e\u003ccode\u003e4f6e73f\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/auth0/node-jws/commit/bd0fea57f35a97b6749a632b19ae5100d6d35729\"\u003e\u003ccode\u003ebd0fea5\u003c/code\u003e\u003c/a\u003e version 3.2.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/auth0/node-jws/commit/7c3b4b411004c206af8901fa3f8e644127bbf8d9\"\u003e\u003ccode\u003e7c3b4b4\u003c/code\u003e\u003c/a\u003e Enhance tests for HMAC streaming sign and verify\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/auth0/node-jws/commit/a9b8ed999de8f8fff486ac9167514577a0fae323\"\u003e\u003ccode\u003ea9b8ed9\u003c/code\u003e\u003c/a\u003e Improve secretOrKey initialization in VerifyStream\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/auth0/node-jws/commit/6707fde62cbae465a7f11e52760fb994dbc0e0dc\"\u003e\u003ccode\u003e6707fde\u003c/code\u003e\u003c/a\u003e Improve secret handling in SignStream\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/brianloveswords/node-jws/compare/v3.2.2...v3.2.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~julien.wollscheid\"\u003ejulien.wollscheid\u003c/a\u003e, a new releaser for jws since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 3.0.4 to 3.1.5\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7bba97888a27a6162983056bcce2a6e28f668712\"\u003e\u003ccode\u003e7bba978\u003c/code\u003e\u003c/a\u003e 3.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/bd259425b2ca17b42897997f93e890314155522d\"\u003e\u003ccode\u003ebd25942\u003c/code\u003e\u003c/a\u003e docs: add warning about ReDoS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a9c27c75725474dbde57db2995b6281b267756d\"\u003e\u003ccode\u003e1a9c27c\u003c/code\u003e\u003c/a\u003e fix partial matching of globstar patterns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a2e084af579731af66c221214e3ca8222c9bf23\"\u003e\u003ccode\u003e1a2e084\u003c/code\u003e\u003c/a\u003e 3.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/ae24656237c3d58067442f790ce17eff84463a47\"\u003e\u003ccode\u003eae24656\u003c/code\u003e\u003c/a\u003e update lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/b1003749228b2a79e1f237963a0d559ef7a0941e\"\u003e\u003ccode\u003eb100374\u003c/code\u003e\u003c/a\u003e limit recursion for **, improve perf considerably\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/26ffeaa091b9f660833e23f42e07165b33e85c13\"\u003e\u003ccode\u003e26ffeaa\u003c/code\u003e\u003c/a\u003e lockfile update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/9eca892a4e5dbb20534f9f30483b85cdeee6c2eb\"\u003e\u003ccode\u003e9eca892\u003c/code\u003e\u003c/a\u003e lock node version to 14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/00c323b188b704e5d4bc534ecec2268cfa70a32a\"\u003e\u003ccode\u003e00c323b\u003c/code\u003e\u003c/a\u003e 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/30486b2048929264f44d18822891cfffa02af78b\"\u003e\u003ccode\u003e30486b2\u003c/code\u003e\u003c/a\u003e update CI matrix and actions\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v3.0.4...v3.1.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `picomatch` from 2.1.1 to 2.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/releases\"\u003epicomatch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.3.2\u003c/h2\u003e\n\u003cp\u003eThis is a security release fixing several security relevant issues.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: exception when glob pattern contains constructor by \u003ca href=\"https://github.com/Jason3S\"\u003e\u003ccode\u003e@​Jason3S\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/micromatch/picomatch/pull/144\"\u003emicromatch/picomatch#144\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj\"\u003eCVE-2026-33671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p\"\u003eCVE-2026-33672\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ehttps://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e2.3.1\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixes bug when a pattern containing an expression after the closing parenthesis (\u003ccode\u003e/!(*.d).{ts,tsx}\u003c/code\u003e) was incorrectly converted to regexp (\u003ca href=\"https://github.com/micromatch/picomatch/commit/9f241ef\"\u003e9f241ef\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSome documentation improvements (\u003ca href=\"https://github.com/micromatch/picomatch/commit/f81d236\"\u003ef81d236\u003c/a\u003e, \u003ca href=\"https://github.com/micromatch/picomatch/commit/421e0e7\"\u003e421e0e7\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.3\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDo not skip pattern seperator for square brackets (\u003ca href=\"https://github.com/micromatch/picomatch/commit/fb08a30\"\u003efb08a30\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eSet negatedExtGlob also if it does not span the whole pattern (\u003ca href=\"https://github.com/micromatch/picomatch/commit/032e3f5\"\u003e032e3f5\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.2\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md\"\u003epicomatch's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eRelease history\u003c/h1\u003e\n\u003cp\u003e\u003cstrong\u003eAll notable changes to this project will be documented in this file.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"http://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e\nand this project adheres to \u003ca href=\"http://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003eChangelogs are for humans, not machines.\u003c/li\u003e\n\u003cli\u003eThere should be an entry for every single version.\u003c/li\u003e\n\u003cli\u003eThe same types of changes should be grouped.\u003c/li\u003e\n\u003cli\u003eVersions and sections should be linkable.\u003c/li\u003e\n\u003cli\u003eThe latest version comes first.\u003c/li\u003e\n\u003cli\u003eThe release date of each versions is displayed.\u003c/li\u003e\n\u003cli\u003eMention whether you follow Semantic Versioning.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003eChangelog entries are classified using the following labels \u003cem\u003e(from \u003ca href=\"http://keepachangelog.com/\"\u003ekeep-a-changelog\u003c/a\u003e\u003c/em\u003e):\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eAdded\u003c/code\u003e for new features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eChanged\u003c/code\u003e for changes in existing functionality.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eDeprecated\u003c/code\u003e for soon-to-be removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRemoved\u003c/code\u003e for now removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFixed\u003c/code\u003e for any bug fixes.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eSecurity\u003c/code\u003e in case of vulnerabilities.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003e4.0.0 (2024-02-07)\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bad text values in parse \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/126\"\u003e#126\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/connor4312\"\u003e\u003ccode\u003e@​connor4312\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRemove process global to work outside of node \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/129\"\u003e#129\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/styfle\"\u003e\u003ccode\u003e@​styfle\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd sideEffects to package.json \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/128\"\u003e#128\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/frandiox\"\u003e\u003ccode\u003e@​frandiox\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemoved \u003ccode\u003eos\u003c/code\u003e, make compatible browser environment. See \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/124\"\u003e#124\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/gwsbhqt\"\u003e\u003ccode\u003e@​gwsbhqt\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.1\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/81cba8d4b767cab3cb29d26eb4f691eed75b73b2\"\u003e\u003ccode\u003e81cba8d\u003c/code\u003e\u003c/a\u003e Publish 2.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/fc1f6b69006e9435caf8fb40d8aff378bc0b7bce\"\u003e\u003ccode\u003efc1f6b6\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/eec17aee5428a7249e9ca5adbb8a0d28fa29619b\"\u003e\u003ccode\u003eeec17ae\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/78f8ca4362d9e66cadea97b93e292f10096452ed\"\u003e\u003ccode\u003e78f8ca4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/156\"\u003e#156\u003c/a\u003e from micromatch/backport-144\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/3f4f10eaa65bf3a52e8f2999674cd27e11fa3c9b\"\u003e\u003ccode\u003e3f4f10e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/144\"\u003e#144\u003c/a\u003e from Jason3S/jdent-object-properties\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/5467a5a9638472610de4f30709991b9a56bb5613\"\u003e\u003ccode\u003e5467a5a\u003c/code\u003e\u003c/a\u003e 2.3.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/9f241efedc15a21bcec1edafd43ee773ceb4bc35\"\u003e\u003ccode\u003e9f241ef\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/102\"\u003e#102\u003c/a\u003e from micromatch/ISSUE-93_incorrect_extglob_expanding\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/ac3cb660ca76764627aa825676df59378dd60bcd\"\u003e\u003ccode\u003eac3cb66\u003c/code\u003e\u003c/a\u003e fix: support stars in negation extglobs with expression after closing parenth...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/719d348d8a01cf23c6c10568191c1ad5a3fc33e3\"\u003e\u003ccode\u003e719d348\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/85\"\u003e#85\u003c/a\u003e from XhmikosR/codeql\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/ac74e57b38a0d16de8e1752a62003e49c1622cec\"\u003e\u003ccode\u003eac74e57\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/91\"\u003e#91\u003c/a\u003e from XhmikosR/patch-1\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.1.1...2.3.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~danez\"\u003edanez\u003c/a\u003e, a new releaser for picomatch since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `postcss` from 7.0.21 to 8.4.31\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/releases\"\u003epostcss's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.4.31\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003e\\r\u003c/code\u003e parsing to fix CVE-2023-44270.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.4.30\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map performance (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.4.29\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eNode#source.offset\u003c/code\u003e (by \u003ca href=\"https://github.com/idoros\"\u003e\u003ccode\u003e@​idoros\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFixed docs (by \u003ca href=\"https://github.com/coliff\"\u003e\u003ccode\u003e@​coliff\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.4.28\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eRoot.source.end\u003c/code\u003e for better source map (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eResult.root\u003c/code\u003e types when \u003ccode\u003eprocess()\u003c/code\u003e has no parser.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.4.27\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eContainer\u003c/code\u003e clone methods types.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.4.26\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed clone methods types.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.4.25\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImprove stringify performance (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFixed docs (by \u003ca href=\"https://github.com/vikaskaliramna07\"\u003e\u003ccode\u003e@​vikaskaliramna07\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.4.24\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003ePlugin\u003c/code\u003e types.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.4.23\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed warnings in TypeDoc.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.4.22\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed TypeScript support with \u003ccode\u003enode16\u003c/code\u003e (by \u003ca href=\"https://github.com/remcohaszing\"\u003e\u003ccode\u003e@​remcohaszing\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.4.21\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eInput#error\u003c/code\u003e types (by \u003ca href=\"https://github.com/hudochenkov\"\u003e\u003ccode\u003e@​hudochenkov\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.4.20\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed source map generation for childless at-rules like \u003ccode\u003e@layer\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.4.19\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed whitespace preserving after AST transformations (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.4.18\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an error on \u003ccode\u003eabsolute: true\u003c/code\u003e with empty \u003ccode\u003esourceContent\u003c/code\u003e (by \u003ca href=\"https://github.com/KingSora\"\u003e\u003ccode\u003e@​KingSora\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.4.17\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eNode.before()\u003c/code\u003e unexpected behavior (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eAdded TOC to docs (by \u003ca href=\"https://github.com/muddv\"\u003e\u003ccode\u003e@​muddv\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.4.16\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/blob/main/CHANGELOG.md\"\u003epostcss's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.4.31\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003e\\r\u003c/code\u003e parsing to fix CVE-2023-44270.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.4.30\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map performance (by Romain Menke).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.4.29\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eNode#source.offset\u003c/code\u003e (by Ido Rosenthal).\u003c/li\u003e\n\u003cli\u003eFixed docs (by Christian Oliff).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.4.28\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eRoot.source.end\u003c/code\u003e for better source map (by Romain Menke).\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eResult.root\u003c/code\u003e types when \u003ccode\u003eprocess()\u003c/code\u003e has no parser.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.4.27\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eContainer\u003c/code\u003e clone methods types.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.4.26\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed clone methods types.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.4.25\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImprove stringify performance (by Romain Menke).\u003c/li\u003e\n\u003cli\u003eFixed docs (by \u003ca href=\"https://github.com/vikaskaliramna07\"\u003e\u003ccode\u003e@​vikaskaliramna07\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.4.24\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003ePlugin\u003c/code\u003e types.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.4.23\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed warnings in TypeDoc.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.4.22\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed TypeScript support with \u003ccode\u003enode16\u003c/code\u003e (by Remco Haszing).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.4.21\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eInput#error\u003c/code\u003e types (by Aleks Hudochenkov).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.4.20\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed source map generation for childless at-rules like \u003ccode\u003e@layer\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/90208de8805dd762596c0028b8637ffbed23e371\"\u003e\u003ccode\u003e90208de\u003c/code\u003e\u003c/a\u003e Release 8.4.31 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/58cc860b4c1707510c9cd1bc1fa30b423a9ad6c5\"\u003e\u003ccode\u003e58cc860\u003c/code\u003e\u003c/a\u003e Fix carrier return parsing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/4fff8e4cdc237619df1d73a444c0a8329701c1e2\"\u003e\u003ccode\u003e4fff8e4\u003c/code\u003e\u003c/a\u003e Improve pnpm test output\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/cd43ed123274a92ebc13a1e8cccf1d65b8198f84\"\u003e\u003ccode\u003ecd43ed1\u003c/code\u003e\u003c/a\u003e Update dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/caa916bdcbf66c51321574e2dde112ab13e8b306\"\u003e\u003ccode\u003ecaa916b\u003c/code\u003e\u003c/a\u003e Update dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/8972f76923e921a3c9655822382039b31b1c8e1a\"\u003e\u003ccode\u003e8972f76\u003c/code\u003e\u003c/a\u003e Typo\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/11a5286f781d2a637f2c545c5e9cd661055acaab\"\u003e\u003ccode\u003e11a5286\u003c/code\u003e\u003c/a\u003e Typo\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/45c55017776fc61f7815d1ea8e92d5291ca5d6c8\"\u003e\u003ccode\u003e45c5501\u003c/code\u003e\u003c/a\u003e Release 8.4.30 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/bc3c341f589f9c15f1b56838a33d908374e537e0\"\u003e\u003ccode\u003ebc3c341\u003c/code\u003e\u003c/a\u003e Update linter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/b2be58a2eb788d12474ee1335f8ecdb9fa6225aa\"\u003e\u003ccode\u003eb2be58a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/postcss/postcss/issues/1881\"\u003e#1881\u003c/a\u003e from romainmenke/improve-sourcemap-performance--phil...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/postcss/postcss/compare/7.0.21...8.4.31\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `protobufjs` from 6.8.8 to 6.11.6\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protobufjs/protobuf.js/blob/master/CHANGELOG.md\"\u003eprotobufjs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v8.3.0...protobufjs-v8.4.0\"\u003e8.4.0\u003c/a\u003e (2026-05-18)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport BigInt conversions (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2257\"\u003e#2257\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/36873e69285251a7b6db8d14c8858fc31ef521d8\"\u003e36873e6\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v8.2.1...protobufjs-v8.3.0\"\u003e8.3.0\u003c/a\u003e (2026-05-13)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImprove generated typings (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2244\"\u003e#2244\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/faa424e3837fe43f1f010b0ccdeb583d808a57cf\"\u003efaa424e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v8.2.0...protobufjs-v8.2.1\"\u003e8.2.1\u003c/a\u003e (2026-05-13)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eConsolidate depth limit checks (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2246\"\u003e#2246\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/9050289ad214ea351d3b030cbc74385e81e02d79\"\u003e9050289\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePreserve explicit enum zero if not the default (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2249\"\u003e#2249\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/9621b35eb1f6bbecf098f8f5ba59e8d02eca7524\"\u003e9621b35\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance Improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSlightly optimize generated code (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2242\"\u003e#2242\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/c41160cda6a5f65b0960b194e7f32dd7e7d5ed49\"\u003ec41160c\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v8.0.3...protobufjs-v8.2.0\"\u003e8.2.0\u003c/a\u003e (2026-05-09)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd finishInto() for zero-copy serialization into existing buffers (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2196\"\u003e#2196\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/657d6f1328fa9bb55c5be2b8055e68f8da4da98b\"\u003e657d6f1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd textformat extension (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2233\"\u003e#2233\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/4639e2960789f4cc58af1908934caaf14c1fadbc\"\u003e4639e29\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e Add optional protoc-gen-pbjs plugin (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2231\"\u003e#2231\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/c9b6a2d2a6f81dd78812a6ce177fa7a5f9de885d\"\u003ec9b6a2d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e Align json-module with static-module output (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2227\"\u003e#2227\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/a015091a5862bdae9eb213b6554ab7e5b36187cb\"\u003ea015091\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRoundtrip unknown fields (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2209\"\u003e#2209\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/76fa03c252542b607e4c81a4fe4db12aa1f948af\"\u003e76fa03c\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAccept URL-safe base64 input (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2207\"\u003e#2207\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/57a3821de0d2ffdac06973be49554dea0332bb7f\"\u003e57a3821\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAlso resolve common definitions by file name (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2218\"\u003e#2218\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/e533950dbdc1a5e31ca3611e711a9042019c18c3\"\u003ee533950\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eApply oneof last-value wins during decode (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2193\"\u003e#2193\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/cf35cdc23237c06e7de603fa8fe36e47b7c037e0\"\u003ecf35cdc\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eConsistently handle scalar map keys (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2186\"\u003e#2186\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/29b11834520bc4ab0bb377933e4efefbf95f93b2\"\u003e29b1183\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eConsistently reject truncated strings (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2205\"\u003e#2205\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/689e911efa3b7e81ea20f29ae2cd725566891c6a\"\u003e689e911\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCorrect parsedOptions TypeScript types (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2217\"\u003e#2217\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/dbe8d7775a46bebaf644461dce586fa29be242f6\"\u003edbe8d77\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDecode bool values from full varints (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2192\"\u003e#2192\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/7b8d5c111a5e517be219872fb36f4dcfe2b6d371\"\u003e7b8d5c1\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/869caf6a071d4412fc0dcee2f7ae25aa5d7b0474\"\u003e\u003ccode\u003e869caf6\u003c/code\u003e\u003c/a\u003e chore: rebuild and release 6.11.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/086916b4a52c9f73ce88956edbb38fc902e54bbf\"\u003e\u003ccode\u003e086916b\u003c/code\u003e\u003c/a\u003e fix: filter invalid characters from the type name (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2127\"\u003e#2127\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2221\"\u003e#2221\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/70544eed42e9c58fb70deedc5454ce1b1b61dbaf\"\u003e\u003ccode\u003e70544ee\u003c/code\u003e\u003c/a\u003e fix: rebuild and release 6.11.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/69464f77fa30704897bccce1be2b1f3cda034707\"\u003e\u003ccode\u003e69464f7\u003c/code\u003e\u003c/a\u003e build: release 6.11.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/d37819eea1e9d225727aeeb96c03d3ea2ac12982\"\u003e\u003ccode\u003ed37819e\u003c/code\u003e\u003c/a\u003e build: rebuild bundles and regen lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/315ba51a7ea8d13cf5ebb029e57759c4b24ef346\"\u003e\u003ccode\u003e315ba51\u003c/code\u003e\u003c/a\u003e fix: do not let setProperty change the prototype (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/1899\"\u003e#1899\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/83679692b34ffe373bdb2ffa685a6d8f5753a642\"\u003e\u003ccode\u003e8367969\u003c/code\u003e\u003c/a\u003e fix(deps): patch minimatch vulnerability\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/b130dfd4f06b642d4b7c3ccc9f3f9fb6a6e6ed0d\"\u003e\u003ccode\u003eb130dfd\u003c/code\u003e\u003c/a\u003e chore(6.x): release 6.11.3 (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/1737\"\u003e#1737\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/c2c17ae66810378fbad616964d80894794f1dad1\"\u003e\u003ccode\u003ec2c17ae\u003c/code\u003e\u003c/a\u003e build: publish to main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/b2c6a5c76eccd4bbe445d13e3a04b949f344dd63\"\u003e\u003ccode\u003eb2c6a5c\u003c/code\u003e\u003c/a\u003e build: run tests if ci label added (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/1734\"\u003e#1734\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/6.8.8...v6.11.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~fenster\"\u003efenster\u003c/a\u003e, a new releaser for protobufjs since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `yaml` from 1.7.2 to 1.10.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/eemeli/yaml/releases\"\u003eyaml's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.10.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eprettier/prettier#10510\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.10.1\u003c/h2\u003e\n\u003cp\u003eThis release backports the following non-breaking fixes made during the work on \u003ccode\u003eyaml@2\u003c/code\u003e on top of \u003ccode\u003eyaml@1.10.0\u003c/code\u003e:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for\u003ccode\u003e __proto__\u003c/code\u003e as mapping key \u0026amp; anchor identifier (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/192\"\u003e#192\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix broken TS type for BigInt toggle\u003c/li\u003e\n\u003cli\u003eDump long keys properly (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/195\"\u003e#195\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eWhen folding highly indented lines, require at least \u003ccode\u003eminContentWidth\u003c/code\u003e chars on the first line (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/196\"\u003e#196\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eYAML.stringify()\u003c/code\u003e for certain null values (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/197\"\u003e#197\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDo not break escaped chars with escaped newlines (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/237\"\u003e#237\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/awslabs/cdk8s/issues/8\"\u003eawslabs/cdk8s8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSet \u003ccode\u003etype: \u0026quot;module\u0026quot;\u003c/code\u003e within browser/dist/ (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/208\"\u003e#208\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse CommonJS for the browser endpoints \u003ccode\u003eyaml/types\u003c/code\u003e \u0026amp; \u003ccode\u003eyaml/util\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/208\"\u003e#208\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAlways stringify non-Node object keys using explicit notation (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/218\"\u003e#218\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSpecify node type of \u003ccode\u003eDocument.Parsed.contents\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/221\"\u003e#221\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd missing type for CST \u003ccode\u003eNode.rangeAsLinePos\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/222\"\u003e#222\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePrefer literal over folded block scalar when \u003ccode\u003elineWidth=0\u003c/code\u003e is set (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/232\"\u003e#232\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow for empty lines after node props (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/242\"\u003e#242\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate dev dependencies\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.10.0\u003c/h2\u003e\n\u003cp\u003eThis will probably be the last minor release of \u003ccode\u003eyaml@1\u003c/code\u003e. I'm aiming to release \u003ca href=\"https://github.com/eemeli/yaml/milestone/1\"\u003e\u003ccode\u003eyaml@2\u003c/code\u003e\u003c/a\u003e within a few months; prereleases of that will be published using the \u003ccode\u003enext\u003c/code\u003e dist-tag on npm. Patch releases for 1.10 may still happen, if necessary.\u003c/p\u003e\n\u003ch3\u003eNew Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse Rollup for Node.js \u0026amp; browser builds (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/165\"\u003e#165\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eThis removes most of the internal \u003ccode\u003edist/\u003c/code\u003e paths from the release. If you want/need to use a class or function that is no longer public, please file an issue and we can add it to the exports.\u003c/li\u003e\n\u003cli\u003eDrop dependency on \u003ccode\u003e@babel/runtime\u003c/code\u003e. After this, the package has 0 runtime dependencies. 🎉\u003c/li\u003e\n\u003cli\u003eAdd exports \u003ccode\u003e{ Alias, Collection, Merge, Node }\u003c/code\u003e to 'yaml/types'\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eDocument \u003ccode\u003eSchema.createPair()\u003c/code\u003e \u0026amp; make its \u003ccode\u003ectx\u003c/code\u003e arg optional (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/157\"\u003e#157\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAlways indent top-level scalars with lines starting with document markers or % directives (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/162\"\u003e#162\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse double-space when forcing top-level block scalar indent, for clarity (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/162\"\u003e#162\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003egetNodes(): string[]\u003c/code\u003e method to Anchors (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/166\"\u003e#166\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRefactor Jest config, adding tests for compiled \u003ccode\u003edist/\u003c/code\u003e endpoints\u003c/li\u003e\n\u003cli\u003eRename \u0026amp; refactor source files. This should have no effect on the results, but lots of stuff moved around\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eImproved Errors \u0026amp; Warnings\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThrow more helpful error when setting Pair.commentBefore incorrectly (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/157\"\u003e#157\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBetter errors for bad indents (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/169\"\u003e#169\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop incorrect error for flow mapping keys with length \u0026gt; 1024 chars\u003c/li\u003e\n\u003cli\u003eAdd errors for plain scalars that start with reserved indicators\u003c/li\u003e\n\u003cli\u003eAdd more explicit errors for block scalar values with bad indents\u003c/li\u003e\n\u003cli\u003eEnable log prints during \u003ccode\u003enpm start\u003c/code\u003e debugging\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eImproved TypeScript declarations\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix/simplify export mapping of 'yaml/types' and 'yaml/util'\u003c/li\u003e\n\u003cli\u003eFix types, dropping \u003ccode\u003eAST.{AstNode,ScalarNode,CollectionNode}\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/160\"\u003e#160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd missing \u003ccode\u003etoString()\u003c/code\u003e methods to AST nodes (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/159\"\u003e#159\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd directivesEndMarker to Document type (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/167\"\u003e#167\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/cfe8f0437054ff5fbfe6499894f55b3316a54959\"\u003e\u003ccode\u003ecfe8f04\u003c/code\u003e\u003c/a\u003e 1.10.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/7abcf45dd63f0bc626890ad9a8cdeb397f92be73\"\u003e\u003ccode\u003e7abcf45\u003c/code\u003e\u003c/a\u003e fix: Catch stack overflow during CST composition\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/a0252f8b056f49875d1b79edb8709cff7d7d0dc6\"\u003e\u003ccode\u003ea0252f8\u003c/code\u003e\u003c/a\u003e chore: Add rules avoiding processing of tests/json-test-suite\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/a5e83b05f7124c31b4784b613f0c669959a5ed48\"\u003e\u003ccode\u003ea5e83b0\u003c/code\u003e\u003c/a\u003e style: Apply updates Prettier rules\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/b8ddca0a5d4794a3c60f252d3513e6ff7068fdf0\"\u003e\u003ccode\u003eb8ddca0\u003c/code\u003e\u003c/a\u003e chore: Refresh lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/395f892ec9a26b9038c8db388b675c3281ab8cd3\"\u003e\u003ccode\u003e395f892\u003c/code\u003e\u003c/a\u003e ci: Use a different (working) submodule checkout\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/6fd272052751775e48196024d4bed639cc1e0350\"\u003e\u003ccode\u003e6fd2720\u003c/code\u003e\u003c/a\u003e test-events: Add {} and [] indicators to flow maps \u0026amp; sequences\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/4cdcde632ece71155f3108ec0120c1a0329a6914\"\u003e\u003ccode\u003e4cdcde6\u003c/code\u003e\u003c/a\u003e 1.10.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/7c0e08316d82f167ac0a054428627f6e1f20ac6e\"\u003e\u003ccode\u003e7c0e083\u003c/code\u003e\u003c/a\u003e Allow for unindented comment after node props (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/242\"\u003e#242\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/8ef015788b219a4b249736f4bb8968dafe68dcc4\"\u003e\u003ccode\u003e8ef0157\u003c/code\u003e\u003c/a\u003e 1.10.1\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/eemeli/yaml/compare/v1.7.2...v1.10.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Nichtkunst/brian-lovin-next/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/Nichtkunst/brian-lovin-next/pull/1","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Nichtkunst%2Fbrian-lovin-next/issues/1","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1/packages"},{"uuid":"4462230916","node_id":"PR_kwDOMUnB387cURpS","number":2,"state":"closed","title":"Bump the npm_and_yarn group across 1 directory with 15 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":true,"comments_count":2,"pull_request":true,"closed_at":"2026-05-17T04:08:07.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-17T04:05:34.000Z","updated_at":"2026-05-17T04:08:09.000Z","time_to_close":153,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":15,"packages":[{"name":"axios","old_version":"1.7.9","new_version":"1.16.1","repository_url":"https://github.com/axios/axios"},{"name":"mongoose","old_version":"8.9.5","new_version":"8.22.1","repository_url":"https://github.com/Automattic/mongoose"},{"name":"next","old_version":"15.1.11","new_version":"15.5.18","repository_url":"https://github.com/vercel/next.js"},{"name":"next-auth","old_version":"5.0.0-beta.25","new_version":"5.0.0-beta.30","repository_url":"https://github.com/nextauthjs/next-auth"},{"name":"postcss","old_version":"8.4.49","new_version":"8.5.10","repository_url":"https://github.com/postcss/postcss"},{"name":"brace-expansion","old_version":"1.1.11","new_version":"2.1.0","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"minimatch","old_version":"3.1.2","new_version":"9.0.9","repository_url":"https://github.com/isaacs/minimatch"},{"name":"flatted","old_version":"3.3.2","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"js-yaml","old_version":"4.1.0","new_version":"4.1.1","repository_url":"https://github.com/nodeca/js-yaml"},{"name":"jws","old_version":"3.2.2","new_version":"3.2.3","repository_url":"https://github.com/brianloveswords/node-jws"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"qs","old_version":"6.13.1","new_version":"6.15.2","repository_url":"https://github.com/ljharb/qs"},{"name":"yaml","old_version":"2.6.1","new_version":"2.9.0","repository_url":"https://github.com/eemeli/yaml"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 13 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [axios](https://github.com/axios/axios) | `1.7.9` | `1.16.1` |\n| [mongoose](https://github.com/Automattic/mongoose) | `8.9.5` | `8.22.1` |\n| [next](https://github.com/vercel/next.js) | `15.1.11` | `15.5.18` |\n| [next-auth](https://github.com/nextauthjs/next-auth) | `5.0.0-beta.25` | `5.0.0-beta.30` |\n| [postcss](https://github.com/postcss/postcss) | `8.4.49` | `8.5.10` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `2.1.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `9.0.9` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.2` | `3.4.2` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `4.1.0` | `4.1.1` |\n| [jws](https://github.com/brianloveswords/node-jws) | `3.2.2` | `3.2.3` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [qs](https://github.com/ljharb/qs) | `6.13.1` | `6.15.2` |\n| [yaml](https://github.com/eemeli/yaml) | `2.6.1` | `2.9.0` |\n\n\nUpdates `axios` from 1.7.9 to 1.16.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/releases\"\u003eaxios's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.16.1 — May 13, 2026\u003c/h2\u003e\n\u003cp\u003eThis release ships a defence-in-depth fix for prototype pollution in \u003ccode\u003eformDataToJSON\u003c/code\u003e, hardens proxy and CI workflows, restores Webpack 4 compatibility for the fetch adapter, and includes several small bug fixes and maintenance improvements.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution Defence-in-Depth:\u003c/strong\u003e Hardened \u003ccode\u003eformDataToJSON\u003c/code\u003e against already-polluted \u003ccode\u003eObject.prototype\u003c/code\u003e by walking own properties only, so attacker-controlled keys inherited from a poisoned prototype cannot propagate through deserialization. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7413\"\u003e#7413\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProxy Cleartext Leak:\u003c/strong\u003e Fixed an issue where HTTPS request data could be transmitted in cleartext to an HTTP proxy under certain configurations. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10858\"\u003e#10858\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eCI Cache Removal:\u003c/strong\u003e Removed all GitHub Actions caches as a defence-in-depth measure against cache poisoning vectors in the build pipeline. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10882\"\u003e#10882\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eData URI Parsing:\u003c/strong\u003e Updated the \u003ccode\u003efromDataURI\u003c/code\u003e regex to match RFC 2397 more strictly, fixing edge cases in \u003ccode\u003edata:\u003c/code\u003e URL handling. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10829\"\u003e#10829\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUnicode Headers:\u003c/strong\u003e Preserved Unicode header values when running through request interceptors, so non-ASCII header content is no longer corrupted before dispatch. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10850\"\u003e#10850\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eXHR Upload Progress:\u003c/strong\u003e Guarded against malformed \u003ccode\u003eProgressEvent\u003c/code\u003e payloads emitted by some environments during XHR upload, preventing crashes when \u003ccode\u003eloaded\u003c/code\u003e / \u003ccode\u003etotal\u003c/code\u003e are missing or invalid. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10868\"\u003e#10868\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eWebpack 4 Fetch Adapter:\u003c/strong\u003e Fixed an \u0026quot;unexpected token\u0026quot; error caused by syntax in the fetch adapter that Webpack 4 could not parse, restoring compatibility for legacy bundler users. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10864\"\u003e#10864\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eType Definitions:\u003c/strong\u003e Made \u003ccode\u003eparseReviver\u003c/code\u003e \u003ccode\u003econtext.source\u003c/code\u003e optional in the type definitions to align with the ES2023 specification. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10837\"\u003e#10837\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eURL Object Support Reverted:\u003c/strong\u003e Reverted the change that allowed passing a \u003ccode\u003eURL\u003c/code\u003e object as \u003ccode\u003econfig.url\u003c/code\u003e (originally \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e\u003c/strong\u003e) due to regressions; this support will be reintroduced in a later release once the underlying issues are addressed. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10874\"\u003e#10874\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eCycle Detection Refactor:\u003c/strong\u003e Replaced the array-based cycle tracker in \u003ccode\u003etoJSONObject\u003c/code\u003e with a \u003ccode\u003eWeakSet\u003c/code\u003e, improving performance and memory behaviour on large nested structures. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10832\"\u003e#10832\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecomposeSignals Cleanup:\u003c/strong\u003e Refactored \u003ccode\u003ecomposeSignals\u003c/code\u003e to use a clearer early-return structure, simplifying the cancellation/abort composition path. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10844\"\u003e#10844\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eAI Readiness \u0026amp; Repo Docs:\u003c/strong\u003e Added \u003ccode\u003eAGENTS.md\u003c/code\u003e and related contributor-guide updates for both human and AI agents, plus post-release documentation improvements. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10835\"\u003e#10835\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10841\"\u003e#10841\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDocs Improvements:\u003c/strong\u003e Clarified the GET request example, fixed the interceptor \u003ccode\u003eeject\u003c/code\u003e example to reference the correct instance, and corrected the Buzzoid sponsor description in the README. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10836\"\u003e#10836\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10853\"\u003e#10853\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10856\"\u003e#10856\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSponsorship Tooling:\u003c/strong\u003e Fixed empty sponsor arrays in the sponsor processing script, added the ability to inject additional sponsors, updated the sponsorship link, and added a Twicsy advertisement entry. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10843\"\u003e#10843\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10859\"\u003e#10859\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10869\"\u003e#10869\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDependencies:\u003c/strong\u003e Bumped \u003ccode\u003e@commitlint/cli\u003c/code\u003e from 20.5.0 to 20.5.2. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10846\"\u003e#10846\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🌟 New Contributors\u003c/h2\u003e\n\u003cp\u003eWe are thrilled to welcome our new contributors. Thank you for helping improve axios:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/hpinmetaverse\"\u003e\u003ccode\u003e@​hpinmetaverse\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10836\"\u003e#10836\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/tommyhgunz14\"\u003e\u003ccode\u003e@​tommyhgunz14\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7413\"\u003e#7413\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/abhu85\"\u003e\u003ccode\u003e@​abhu85\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10829\"\u003e#10829\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/divyanshuraj1095\"\u003e\u003ccode\u003e@​divyanshuraj1095\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10853\"\u003e#10853\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/sagodi97\"\u003e\u003ccode\u003e@​sagodi97\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10856\"\u003e#10856\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/rkdfx\"\u003e\u003ccode\u003e@​rkdfx\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10868\"\u003e#10868\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/Liuwei1125\"\u003e\u003ccode\u003e@​Liuwei1125\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/axios/axios/compare/v1.16.0...v1.16.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.16.0 — May 2, 2026\u003c/h2\u003e\n\u003cp\u003eThis release adds support for the QUERY HTTP method and a new \u003ccode\u003eECONNREFUSED\u003c/code\u003e error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.\u003c/p\u003e\n\u003ch2\u003e⚠️ Notable Changes\u003c/h2\u003e\n\u003cp\u003eA handful of fixes in this release are either security-adjacent or change observable behaviour. Please review before upgrading:\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/blob/v1.x/CHANGELOG.md\"\u003eaxios's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003ev1.16.0 — May 2, 2026\u003c/h2\u003e\n\u003cp\u003eThis release adds support for the QUERY HTTP method and a new \u003ccode\u003eECONNREFUSED\u003c/code\u003e error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.\u003c/p\u003e\n\u003ch2\u003e⚠️ Notable Changes\u003c/h2\u003e\n\u003cp\u003eA handful of fixes in this release are either security-adjacent or change observable behaviour. Please review before upgrading:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFetch adapter now enforces \u003ccode\u003emaxBodyLength\u003c/code\u003e and \u003ccode\u003emaxContentLength\u003c/code\u003e.\u003c/strong\u003e These limits were silently ignored on the fetch adapter prior to 1.16.0 — anyone relying on them as a safety net (DoS protection, accidental large uploads) had no protection. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10795\"\u003e#10795\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProxy requests now preserve user-supplied \u003ccode\u003eHost\u003c/code\u003e headers.\u003c/strong\u003e Previously, the proxy path could overwrite a custom \u003ccode\u003eHost\u003c/code\u003e. Virtual-host-style routing through a proxy will now behave correctly. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10822\"\u003e#10822\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBasic auth credentials embedded in URLs are now URL-decoded.\u003c/strong\u003e If you have percent-encoded credentials in a URL (e.g. \u003ccode\u003ehttps://user:p%40ss@host\u003c/code\u003e), the decoded value is what now goes on the wire. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10825\"\u003e#10825\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eparseProtocol\u003c/code\u003e now strictly requires a colon in the protocol separator.\u003c/strong\u003e Strings that loosely parsed as protocols before may no longer match. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10729\"\u003e#10729\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDeprecated \u003ccode\u003eunescape()\u003c/code\u003e replaced with modern UTF-8 encoding.\u003c/strong\u003e Non-ASCII URL handling is now spec-correct; consumers depending on legacy \u003ccode\u003eunescape()\u003c/code\u003e quirks may see different output bytes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7378\"\u003e#7378\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003etransformRequest\u003c/code\u003e input typing change was reverted.\u003c/strong\u003e The typing change introduced in \u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e was reverted in \u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e after follow-up review — net behavior is unchanged from 1.15.2. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eQUERY HTTP Method:\u003c/strong\u003e Added support for the QUERY HTTP method across adapters and type definitions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10802\"\u003e#10802\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eECONNREFUSED Error Constant:\u003c/strong\u003e Exposed \u003ccode\u003eECONNREFUSED\u003c/code\u003e as a constant on \u003ccode\u003eAxiosError\u003c/code\u003e so callers can match connection-refused failures without comparing string literals (closes \u003ca href=\"https://redirect.github.com/axios/axios/issues/6485\"\u003e#6485\u003c/a\u003e). (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10680\"\u003e#10680\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eEncode Helper Export:\u003c/strong\u003e Exported the internal \u003ccode\u003eencode\u003c/code\u003e helper from \u003ccode\u003ebuildURL\u003c/code\u003e so userland param serializers can reuse the same encoding logic that axios uses internally. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6897\"\u003e#6897\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP Adapter — Redirects \u0026amp; Headers:\u003c/strong\u003e Cleared stale headers when a redirect targets a no-proxy host, fixed the redirect listener chain so listeners no longer stack across hops, restored the missing \u003ccode\u003erequestDetails\u003c/code\u003e argument on \u003ccode\u003ebeforeRedirect\u003c/code\u003e, preserved user-supplied \u003ccode\u003eHost\u003c/code\u003e headers when forwarding through a proxy, and properly URL-decoded basic auth credentials. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10794\"\u003e#10794\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10800\"\u003e#10800\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6241\"\u003e#6241\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10822\"\u003e#10822\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10825\"\u003e#10825\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP Adapter — Streams \u0026amp; Timeouts:\u003c/strong\u003e Preserved the partial response object on \u003ccode\u003eAxiosError\u003c/code\u003e when a stream is aborted after headers arrive, honoured the \u003ccode\u003etimeout\u003c/code\u003e option during the connect phase when redirects are disabled, and resolved an unsettled-promise hang when an aborted request was combined with compression and \u003ccode\u003emaxRedirects: 0\u003c/code\u003e. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10708\"\u003e#10708\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10819\"\u003e#10819\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7149\"\u003e#7149\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eFetch Adapter:\u003c/strong\u003e Enforced \u003ccode\u003emaxBodyLength\u003c/code\u003e / \u003ccode\u003emaxContentLength\u003c/code\u003e in the fetch adapter, set the \u003ccode\u003eUser-Agent\u003c/code\u003e header to match the HTTP adapter, preserved the original abort reason instead of replacing it with a generic error, and deferred global access so importing the module no longer throws a \u003ccode\u003eTypeError\u003c/code\u003e in restricted environments. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10795\"\u003e#10795\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10772\"\u003e#10772\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10806\"\u003e#10806\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7260\"\u003e#7260\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eXHR Adapter:\u003c/strong\u003e Unsubscribed the \u003ccode\u003ecancelToken\u003c/code\u003e and \u003ccode\u003eAbortSignal\u003c/code\u003e listeners on the error, timeout, and abort code paths to prevent leaked subscriptions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10787\"\u003e#10787\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eError Handling:\u003c/strong\u003e Attached the parsed response to \u003ccode\u003eAxiosError\u003c/code\u003e when \u003ccode\u003eJSON.parse\u003c/code\u003e fails inside \u003ccode\u003edispatchRequest\u003c/code\u003e, prevented \u003ccode\u003esettle\u003c/code\u003e from emitting \u003ccode\u003eundefined\u003c/code\u003e error codes, and tightened the \u003ccode\u003eparseProtocol\u003c/code\u003e regex to require a colon in the protocol separator. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10724\"\u003e#10724\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7276\"\u003e#7276\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10729\"\u003e#10729\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTypes \u0026amp; Exports:\u003c/strong\u003e Aligned the CommonJS \u003ccode\u003eCancelToken\u003c/code\u003e typings with the ESM build, fixed a compiler error caused by \u003ccode\u003eRawAxiosHeaders\u003c/code\u003e, and re-exported \u003ccode\u003ecreate\u003c/code\u003e from the package index. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7414\"\u003e#7414\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6389\"\u003e#6389\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6460\"\u003e#6460\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUTF-8 Encoding:\u003c/strong\u003e Replaced the deprecated \u003ccode\u003eunescape()\u003c/code\u003e call with a modern UTF-8 encoding implementation. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7378\"\u003e#7378\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eMisc Cleanup:\u003c/strong\u003e Resolved a batch of small inconsistencies and gadget-level issues across the codebase. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10833\"\u003e#10833\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRefactor — ES6 Modernisation:\u003c/strong\u003e Modernised the \u003ccode\u003eutils\u003c/code\u003e module and XHR adapter to use ES6 features, and tidied the multipart boundary error message. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10588\"\u003e#10588\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7419\"\u003e#7419\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTests:\u003c/strong\u003e Hardened the HTTP test server lifecycle to fix flaky \u003ccode\u003eFormData\u003c/code\u003e EPIPE failures, fixed Win32 platform support for the pipe tests, and corrected an incorrect test assumption. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10820\"\u003e#10820\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10791\"\u003e#10791\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10796\"\u003e#10796\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDocs:\u003c/strong\u003e Documented \u003ccode\u003eparamsSerializer.encode\u003c/code\u003e for strict RFC 3986 query encoding, updated the \u003ccode\u003eparseReviver\u003c/code\u003e TypeScript definitions and configuration docs for ES2023, added timeout guidance to the README's first async example, and expanded notes around the recent type changes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10821\"\u003e#10821\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10782\"\u003e#10782\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10759\"\u003e#10759\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10804\"\u003e#10804\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eReverted:\u003c/strong\u003e Reverted the \u003ccode\u003etransformRequest\u003c/code\u003e input typing change from \u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e after follow-up review. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDependencies:\u003c/strong\u003e Bumped \u003ccode\u003eactions/setup-node\u003c/code\u003e, the \u003ccode\u003egithub-actions\u003c/code\u003e group, and \u003ccode\u003epostcss\u003c/code\u003e (in \u003ccode\u003e/docs\u003c/code\u003e) to their latest versions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10785\"\u003e#10785\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10813\"\u003e#10813\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10814\"\u003e#10814\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRelease:\u003c/strong\u003e Updated changelog and packages, and prepared the 1.16.0 release. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10790\"\u003e#10790\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10834\"\u003e#10834\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🌟 New Contributors\u003c/h2\u003e\n\u003cp\u003eWe are thrilled to welcome our new contributors. Thank you for helping improve axios:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/singhankit001\"\u003e\u003ccode\u003e@​singhankit001\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10588\"\u003e#10588\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/cuiweixie\"\u003e\u003ccode\u003e@​cuiweixie\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7419\"\u003e#7419\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/iruizsalinas\"\u003e\u003ccode\u003e@​iruizsalinas\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10787\"\u003e#10787\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/1337d6b537afb2d3f501074c8ac4ef4308221197\"\u003e\u003ccode\u003e1337d6b\u003c/code\u003e\u003c/a\u003e chore(release): prepare release 1.16.1 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10877\"\u003e#10877\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/858a790cec06054547d0d3f941916d6fb2a4d18e\"\u003e\u003ccode\u003e858a790\u003c/code\u003e\u003c/a\u003e fix: remove all caches (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10882\"\u003e#10882\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/34adfd90efc9c145488399e1cf7fa96de67080fa\"\u003e\u003ccode\u003e34adfd9\u003c/code\u003e\u003c/a\u003e revert: \u0026quot;fix: support URL object as config.url input (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10874\"\u003e#10874\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/847d89b43654405d9a231e0b669832c2092b621f\"\u003e\u003ccode\u003e847d89b\u003c/code\u003e\u003c/a\u003e fix: support URL object as config.url input (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/40948863677bb793bfff0293cce7e7b4f8a1b212\"\u003e\u003ccode\u003e4094886\u003c/code\u003e\u003c/a\u003e fix(progress): guard malformed XHR upload events (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10868\"\u003e#10868\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/44f0c5bf73c45df6009365141faa394d73596bd7\"\u003e\u003ccode\u003e44f0c5b\u003c/code\u003e\u003c/a\u003e chore: change sponsorship link and add Twicsy advertisement (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10869\"\u003e#10869\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/64e1095efedc64c9fecf5176bd9cf2e5e93140d6\"\u003e\u003ccode\u003e64e1095\u003c/code\u003e\u003c/a\u003e chore: update PR and issue template to use h2 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10865\"\u003e#10865\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/3e6b4e1f311b43aa1dc77d78150a601d9fe4b280\"\u003e\u003ccode\u003e3e6b4e1\u003c/code\u003e\u003c/a\u003e fix: error unexpected token in fetch JS compatibility issue with Webpack 4 (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/c4453bab70f53575175903aee60810c821f72129\"\u003e\u003ccode\u003ec4453ba\u003c/code\u003e\u003c/a\u003e fix: add the ability to add additional sponsors to the process sponsors scrip...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/caa00a90b524bb67ed033474abcf4d8645ced793\"\u003e\u003ccode\u003ecaa00a9\u003c/code\u003e\u003c/a\u003e fix: https data in cleartext to proxy (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10858\"\u003e#10858\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/axios/axios/compare/v1.7.9...v1.16.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for axios since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `mongoose` from 8.9.5 to 8.22.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Automattic/mongoose/releases\"\u003emongoose's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e8.22.1 / 2025-02-04\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003efix: handle other top-level query operators in sanitizeFilter\u003c/li\u003e\n\u003cli\u003efix(document): when cloning a doc with subdocs, make sure the subdocs parent is the cloned doc \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15904\"\u003e#15904\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15901\"\u003e#15901\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etypes(models): support Mongoose query casting in AnyBulkWriteOperation filter property \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15910\"\u003e#15910\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etypes: add toBSON() to documents \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15927\"\u003e#15927\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e8.22.0 / 2026-01-27\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003efeat(model): allow passing strict option to hydrate() \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15944\"\u003e#15944\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15940\"\u003e#15940\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.21.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(clone): fix parent doc for map subdocuments and array subdocuments \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15958\"\u003e#15958\u003c/a\u003e \u003ca href=\"https://github.com/AbdelrahmanHafez\"\u003eAbdelrahmanHafez\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(document): when cloning a doc with subdocs, make sure the subdocs parent is the cloned doc \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15904\"\u003e#15904\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15901\"\u003e#15901\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: respect currentTime schema option in bulkWrite updates \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15976\"\u003e#15976\u003c/a\u003e \u003ca href=\"https://github.com/sderrow\"\u003esderrow\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etypes(models): support Mongoose query casting in AnyBulkWriteOperation filter property \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15910\"\u003e#15910\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etypes: add toBSON() to documents \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15927\"\u003e#15927\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e8.21.0 / 2025-12-29\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003efeat(document): add support for getAtomics() to allow custom container types to utilize atomics \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15817\"\u003e#15817\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(document+model): pass options to pre('deleteOne') and update+options to pre('updateOne') hooks \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15908\"\u003e#15908\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15870\"\u003e#15870\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: add support for typescript style enums \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15914\"\u003e#15914\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15913\"\u003e#15913\u003c/a\u003e \u003ca href=\"https://github.com/mjfwebb\"\u003emjfwebb\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e8.20.4 / 2025-12-18\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003efix(model): ensure $isDeleted is set after calling doc.deleteOne() successfully \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15898\"\u003e#15898\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(document): use bitwise OR to accumulate version mode flags \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15893\"\u003e#15893\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15888\"\u003e#15888\u003c/a\u003e \u003ca href=\"https://github.com/AbdelrahmanHafez\"\u003eAbdelrahmanHafez\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e8.20.3 / 2025-12-15\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eperf: use Object.hasOwn instead of Object#hasOwnProperty \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15875\"\u003e#15875\u003c/a\u003e \u003ca href=\"https://github.com/AbdelrahmanHafez\"\u003eAbdelrahmanHafez\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: improve error when calling Document.prototype.init() with null/undefined \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15812\"\u003e#15812\u003c/a\u003e \u003ca href=\"https://github.com/Vegapunk-debug\"\u003eVegapunk-debug\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etypes(schema): avoid treating paths with default: null as required \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15889\"\u003e#15889\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etypes(schema): allow partial statics to schema.statics() \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15780\"\u003e#15780\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e8.20.2 / 2025-12-05\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003efix(model): bump version if necessary after successful bulkSave() \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15809\"\u003e#15809\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15800\"\u003e#15800\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(bulkWrite): pass overwriteImmutable option to castUpdate fixes \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15789\"\u003e#15789\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15782\"\u003e#15782\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15781\"\u003e#15781\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etypes(schema): allow calling schema.static() with as TStatics \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15794\"\u003e#15794\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15780\"\u003e#15780\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e8.20.1 / 2025-11-20\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003etypes: correct Model.schema type and fix unknown check for this param type in schema.methods \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15750\"\u003e#15750\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15693\"\u003e#15693\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: add detailed loadClass() TypeScript usage guide \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15731\"\u003e#15731\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/12813\"\u003e#12813\u003c/a\u003e \u003ca href=\"https://github.com/Necro-Rohan\"\u003eNecro-Rohan\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: update version support documentation for Mongoose \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15761\"\u003e#15761\u003c/a\u003e \u003ca href=\"https://github.com/ManmathX\"\u003eManmathX\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: add copy-to-clipboard feature for code blocks in docs \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15759\"\u003e#15759\u003c/a\u003e \u003ca href=\"https://github.com/vedansha07\"\u003evedansha07\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e8.20.0 / 2025-11-17\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Automattic/mongoose/blob/master/CHANGELOG.md\"\u003emongoose's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e8.22.1 / 2026-02-04\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003efix: handle other top-level query operators in sanitizeFilter\u003c/li\u003e\n\u003cli\u003efix(document): when cloning a doc with subdocs, make sure the subdocs parent is the cloned doc \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15904\"\u003e#15904\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15901\"\u003e#15901\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etypes(models): support Mongoose query casting in AnyBulkWriteOperation filter property \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15910\"\u003e#15910\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etypes: add toBSON() to documents \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15927\"\u003e#15927\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e7.8.9 / 2026-02-04\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003efix: handle other top-level query operators in sanitizeFilter\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e8.22.0 / 2026-01-27\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003efeat(model): allow passing strict option to hydrate() \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15944\"\u003e#15944\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15940\"\u003e#15940\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e8.21.1 / 2026-01-23\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003efix(clone): fix parent doc for map subdocuments and array subdocuments \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15958\"\u003e#15958\u003c/a\u003e \u003ca href=\"https://github.com/AbdelrahmanHafez\"\u003eAbdelrahmanHafez\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(document): when cloning a doc with subdocs, make sure the subdocs parent is the cloned doc \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15904\"\u003e#15904\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15901\"\u003e#15901\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: respect currentTime schema option in bulkWrite updates \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15976\"\u003e#15976\u003c/a\u003e \u003ca href=\"https://github.com/sderrow\"\u003esderrow\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etypes(models): support Mongoose query casting in AnyBulkWriteOperation filter property \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15910\"\u003e#15910\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etypes: add toBSON() to documents \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15927\"\u003e#15927\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e9.1.5 / 2026-01-20\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003efix(map): validate map subdocument when loaded with init \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15960\"\u003e#15960\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15957\"\u003e#15957\u003c/a\u003e \u003ca href=\"https://github.com/AbdelrahmanHafez\"\u003eAbdelrahmanHafez\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(discriminator): prevent indexes and callQueue duplication with shared nested schemas \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15974\"\u003e#15974\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15966\"\u003e#15966\u003c/a\u003e \u003ca href=\"https://github.com/AbdelrahmanHafez\"\u003eAbdelrahmanHafez\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(subdocuments): do not pass parent path on init \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15970\"\u003e#15970\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15969\"\u003e#15969\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15682\"\u003e#15682\u003c/a\u003e \u003ca href=\"https://github.com/AbdelrahmanHafez\"\u003eAbdelrahmanHafez\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etypes(inferrawdoctype): correct handling for subdocs and doc arrays \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15967\"\u003e#15967\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/13772\"\u003e#13772\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: improve grammar and clarity in TypeScript schema comments \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15971\"\u003e#15971\u003c/a\u003e \u003ca href=\"https://github.com/harshsinghpujari\"\u003eharshsinghpujari\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e9.1.4 / 2026-01-15\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003efix: attach sessions to docs retrieved by cursor \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15953\"\u003e#15953\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15949\"\u003e#15949\u003c/a\u003e \u003ca href=\"https://github.com/mjfwalsh\"\u003emjfwalsh\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(model): make hydrate() handle nested schema arrays \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15964\"\u003e#15964\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15956\"\u003e#15956\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(clone): fix parent doc for map subdocuments and array subdocuments \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15958\"\u003e#15958\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15954\"\u003e#15954\u003c/a\u003e \u003ca href=\"https://github.com/AbdelrahmanHafez\"\u003eAbdelrahmanHafez\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: prevent crash when accessing nested paths on prototype \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15962\"\u003e#15962\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15961\"\u003e#15961\u003c/a\u003e \u003ca href=\"https://github.com/som14062005\"\u003esom14062005\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e9.1.3 / 2026-01-09\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003efix(model): support timestamps option to insertMany() as both boolean and QueryTimestampsConfig \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15941\"\u003e#15941\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15938\"\u003e#15938\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(query): include preview of current and incoming update in error when merging normal update with pipeline \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15939\"\u003e#15939\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15928\"\u003e#15928\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etypes(model): apply basic type casting to paths underneath subdocuments \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15948\"\u003e#15948\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15947\"\u003e#15947\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etypes(utility): make WithLevel1NestedPaths correctly handle PopulatedDoc and other TypeScript unions with Document members \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15942\"\u003e#15942\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15923\"\u003e#15923\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs(schema): expose \u0026quot;DocumentArrayElement\u0026quot; \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15590\"\u003e#15590\u003c/a\u003e \u003ca href=\"https://github.com/hasezoey\"\u003ehasezoey\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e9.1.2 / 2026-01-05\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003efix(subdocs): pass options to pre-save hooks for subdocs \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15921\"\u003e#15921\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15920\"\u003e#15920\u003c/a\u003e \u003ca href=\"https://github.com/AbdelrahmanHafez\"\u003eAbdelrahmanHafez\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eperf(model): select only _id when checking document existence during save() \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15919\"\u003e#15919\u003c/a\u003e \u003ca href=\"https://github.com/AbdelrahmanHafez\"\u003eAbdelrahmanHafez\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Automattic/mongoose/commit/472e7c7072e6696ead2cc06123b18a2068c1e04c\"\u003e\u003ccode\u003e472e7c7\u003c/code\u003e\u003c/a\u003e chore: release 8.22.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Automattic/mongoose/commit/17351494cd540ea60f24515f99e88506a95c5b8b\"\u003e\u003ccode\u003e1735149\u003c/code\u003e\u003c/a\u003e Merge branch '7.x' into 8.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Automattic/mongoose/commit/52278018019e8a331e1556bfc88c30c673404102\"\u003e\u003ccode\u003e5227801\u003c/code\u003e\u003c/a\u003e chore: release 7.8.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Automattic/mongoose/commit/b804e34e4d4cc670d7247fbd558c47412b4e5e01\"\u003e\u003ccode\u003eb804e34\u003c/code\u003e\u003c/a\u003e fix: handle other top-level query operators in sanitizeFilter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Automattic/mongoose/commit/8d9a81f54a9b9fa8ae5f5091dda5b082437ad69b\"\u003e\u003ccode\u003e8d9a81f\u003c/code\u003e\u003c/a\u003e chore: release 8.22.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Automattic/mongoose/commit/f752854cee2000df5ca46c6bd961df86fc2461e7\"\u003e\u003ccode\u003ef752854\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15985\"\u003e#15985\u003c/a\u003e from Automattic/8.22\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Automattic/mongoose/commit/e7a57ed33ad1a96c03716edb2ec69546a656fffa\"\u003e\u003ccode\u003ee7a57ed\u003c/code\u003e\u003c/a\u003e avoid hardcoding dbName\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Automattic/mongoose/commit/31adbb4587238a5d17423e7a6358d1eecacbb7a7\"\u003e\u003ccode\u003e31adbb4\u003c/code\u003e\u003c/a\u003e chore: release 8.21.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Automattic/mongoose/commit/62a5af713cea05399208c66f93f1abf099cc70cf\"\u003e\u003ccode\u003e62a5af7\u003c/code\u003e\u003c/a\u003e test: bring test cases from \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15958\"\u003e#15958\u003c/a\u003e into 8.x to ensure fixes are applied in 8.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Automattic/mongoose/commit/bc8cb23508bc034b38e94e8ec002770e22de9c58\"\u003e\u003ccode\u003ebc8cb23\u003c/code\u003e\u003c/a\u003e implement review suggestions\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Automattic/mongoose/compare/8.9.5...8.22.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for mongoose since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `next` from 15.1.11 to 15.5.18\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vercel/next.js/releases\"\u003enext's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev15.5.18\u003c/h2\u003e\n\u003cp\u003eThis release contains security fixes for the following advisories:\u003c/p\u003e\n\u003cp\u003eHigh:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-8h8q-6873-q5fj\"\u003eGHSA-8h8q-6873-q5fj: Denial of Service with Server Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-267c-6grr-h53f\"\u003eGHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-26hh-7cqf-hhc6\"\u003eGHSA-26hh-7cqf-hhc6: Middleware / Proxy bypass in App Router applications via segment-prefetch routes - Incomplete Fix Follow-Up\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-mg66-mrh9-m8jx\"\u003eGHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-492v-c6pp-mqqv\"\u003eGHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-c4j6-fc7j-m34r\"\u003eGHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-36qx-fr4f-26g5\"\u003eGHSA-36qx-fr4f-26g5: Middleware / Proxy bypass in Pages Router applications using i18n\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eModerate:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-ffhc-5mcf-pf4q\"\u003eGHSA-ffhc-5mcf-pf4q: Cross-site scripting in App Router applications using CSP nonces\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-gx5p-jg67-6x7h\"\u003eGHSA-gx5p-jg67-6x7h: Cross-site scripting in beforeInteractive scripts with untrusted input\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-h64f-5h5j-jqjh\"\u003eGHSA-h64f-5h5j-jqjh: Denial of Service in the Image Optimization API\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-wfc6-r584-vfw7\"\u003eGHSA-wfc6-r584-vfw7: Cache poisoning in React Server Component responses\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eLow:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-vfv6-92ff-j949\"\u003eGHSA-vfv6-92ff-j949: Cache poisoning via collisions in React Server Component cache-busting\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-3g8h-86w9-wvmq\"\u003eGHSA-3g8h-86w9-wvmq: Middleware / Proxy redirects can be cache-poisoned\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev15.5.16\u003c/h2\u003e\n\u003cp\u003eThis release contains security fixes for the following advisories:\u003c/p\u003e\n\u003cp\u003eHigh:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-8h8q-6873-q5fj\"\u003eGHSA-8h8q-6873-q5fj: Denial of Service with Server Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-267c-6grr-h53f\"\u003eGHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-mg66-mrh9-m8jx\"\u003eGHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-492v-c6pp-mqqv\"\u003eGHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-c4j6-fc7j-m34r\"\u003eGHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-36qx-fr4f-26g5\"\u003eGHSA-36qx-fr4f-26g5: Middleware / Proxy bypass in Pages Router applications using i18n\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eModerate:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-ffhc-5mcf-pf4q\"\u003eGHSA-ffhc-5mcf-pf4q: Cross-site scripting in App Router applications using CSP nonces\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-gx5p-jg67-6x7h\"\u003eGHSA-gx5p-jg67-6x7h: Cross-site scripting in beforeInteractive scripts with untrusted input\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-h64f-5h5j-jqjh\"\u003eGHSA-h64f-5h5j-jqjh: Denial of Service in the Image Optimization API\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-wfc6-r584-vfw7\"\u003eGHSA-wfc6-r584-vfw7: Cache poisoning in React Server Component responses\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eLow:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-vfv6-92ff-j949\"\u003eGHSA-vfv6-92ff-j949: Cache poisoning via collisions in React Server Component cache-busting\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-3g8h-86w9-wvmq\"\u003eGHSA-3g8h-86w9-wvmq: Middleware / Proxy redirects can be cache-poisoned\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev15.5.15\u003c/h2\u003e\n\u003cp\u003ePlease refer the following changelogs for more information about this security release:\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://vercel.com/changelog/summary-of-cve-2026-23869\"\u003ehttps://vercel.com/changelog/summary-of-cve-2026-23869\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev15.5.14\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/9ff92cebcaa6ba4e7463b6fd037a8510ba9b81ec\"\u003e\u003ccode\u003e9ff92ce\u003c/code\u003e\u003c/a\u003e v15.5.18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/00ebe23562bd7eb32dd78730984bfadb47138bcf\"\u003e\u003ccode\u003e00ebe23\u003c/code\u003e\u003c/a\u003e [backport] Disable build caches for production/staging/force-preview deploys ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/62c97ab0b5825e2cbc15f6b682d8286a8dd6a038\"\u003e\u003ccode\u003e62c97ab\u003c/code\u003e\u003c/a\u003e v15.5.17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/423623ae38c106273085b66946ee5bf9aab77f2c\"\u003e\u003ccode\u003e423623a\u003c/code\u003e\u003c/a\u003e Turbopack: Match proxy matchers with webpack implementation (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93594\"\u003e#93594\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/fa787399b38d9aa702118f9bd23a8315b9f0ecc6\"\u003e\u003ccode\u003efa78739\u003c/code\u003e\u003c/a\u003e Turbopack: Fix middleware matcher suffix (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93590\"\u003e#93590\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/36e62c6eb7813e42d409eb487f93b829f4ad77e8\"\u003e\u003ccode\u003e36e62c6\u003c/code\u003e\u003c/a\u003e [backport] Turbopack: more strict vergen setup (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93588\"\u003e#93588\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/36589b5db512b7704cdadd873cbe49b6dbcc9261\"\u003e\u003ccode\u003e36589b5\u003c/code\u003e\u003c/a\u003e [backport][test] Pin package manager to patch versions (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93596\"\u003e#93596\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/ad6fd4e50e5aba20b60d283c42b89273a3167ccd\"\u003e\u003ccode\u003ead6fd4e\u003c/code\u003e\u003c/a\u003e v15.5.16\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/79d7dff1448483f0c8f187f98887b31019f6e494\"\u003e\u003ccode\u003e79d7dff\u003c/code\u003e\u003c/a\u003e Ignore malformed CSP nonce headers (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/c4f69086cc8dcbd81b1dbc321c98ea874d90d6f8\"\u003e\u003ccode\u003ec4f6908\u003c/code\u003e\u003c/a\u003e router-server: guard upgrade proxy against absolute-url SSRF (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/77\"\u003e#77\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vercel/next.js/compare/v15.1.11...v15.5.18\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for next since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `next-auth` from 5.0.0-beta.25 to 5.0.0-beta.30\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nextauthjs/next-auth/releases\"\u003enext-auth's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003enext-auth@5.0.0-beta.29\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: always check typeof BroadcastChannel by \u003ca href=\"https://github.com/maiconcarraro\"\u003e\u003ccode\u003e@​maiconcarraro\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nextauthjs/next-auth/pull/12937\"\u003enextauthjs/next-auth#12937\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(providers): enable OIDC capabilities for Keycloak by \u003ca href=\"https://github.com/jvllmr\"\u003e\u003ccode\u003e@​jvllmr\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nextauthjs/next-auth/pull/12964\"\u003enextauthjs/next-auth#12964\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix typo: succesful -\u0026gt; successful by \u003ca href=\"https://github.com/changeworld\"\u003e\u003ccode\u003e@​changeworld\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nextauthjs/next-auth/pull/12973\"\u003enextauthjs/next-auth#12973\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix undefined providerId by \u003ca href=\"https://github.com/Regloom\"\u003e\u003ccode\u003e@​Regloom\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nextauthjs/next-auth/pull/12947\"\u003enextauthjs/next-auth#12947\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: fix typo profie -\u0026gt; profile by \u003ca href=\"https://github.com/changeworld\"\u003e\u003ccode\u003e@​changeworld\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nextauthjs/next-auth/pull/12987\"\u003enextauthjs/next-auth#12987\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: Fix typo initalization -\u0026gt; initialization by \u003ca href=\"https://github.com/changeworld\"\u003e\u003ccode\u003e@​changeworld\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nextauthjs/next-auth/pull/12989\"\u003enextauthjs/next-auth#12989\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: Fix typo depencies -\u0026gt; dependencies by \u003ca href=\"https://github.com/changeworld\"\u003e\u003ccode\u003e@​changeworld\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nextauthjs/next-auth/pull/12983\"\u003enextauthjs/next-auth#12983\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: add missing \u0026quot;key\u0026quot; prop for form element in providerMap iterator by \u003ca href=\"https://github.com/frshaad\"\u003e\u003ccode\u003e@​frshaad\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nextauthjs/next-auth/pull/13023\"\u003enextauthjs/next-auth#13023\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(docs): fix typo Minmum -\u0026gt; Minimum by \u003ca href=\"https://github.com/changeworld\"\u003e\u003ccode\u003e@​changeworld\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nextauthjs/next-auth/pull/13007\"\u003enextauthjs/next-auth#13007\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(docs): fix typo Avaliable Scopes -\u0026gt; Available Scopes by \u003ca href=\"https://github.com/changeworld\"\u003e\u003ccode\u003e@​changeworld\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nextauthjs/next-auth/pull/13009\"\u003enextauthjs/next-auth#13009\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(adapter): transistion to surrealdb@^1.0.0 by \u003ca href=\"https://github.com/dvanmali\"\u003e\u003ccode\u003e@​dvanmali\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nextauthjs/next-auth/pull/11911\"\u003enextauthjs/next-auth#11911\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix(provider): Mailgun region selection by \u003ca href=\"https://github.com/benhovinga\"\u003e\u003ccode\u003e@​benhovinga\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nextauthjs/next-auth/pull/13027\"\u003enextauthjs/next-auth#13027\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(next-auth): add missing middleware wrapper type to auth function by \u003ca href=\"https://github.com/k-taro56\"\u003e\u003ccode\u003e@​k-taro56\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nextauthjs/next-auth/pull/13026\"\u003enextauthjs/next-auth#13026\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate extending-the-session.mdx by \u003ca href=\"https://github.com/adriancuadrado\"\u003e\u003ccode\u003e@​adriancuadrado\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nextauthjs/next-auth/pull/13064\"\u003enextauthjs/next-auth#13064\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(adapters): handle P2025 errors without importing Prisma namespace by \u003ca href=\"https://github.com/karl-barbour\"\u003e\u003ccode\u003e@​karl-barbour\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nextauthjs/next-auth/pull/13061\"\u003enextauthjs/next-auth#13061\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(docs): Fix syntax error in RBAC guide by \u003ca href=\"https://github.com/benhovinga\"\u003e\u003ccode\u003e@​benhovinga\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nextauthjs/next-auth/pull/12733\"\u003enextauthjs/next-auth#12733\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(provider): Microsoft Entra ID by \u003ca href=\"https://github.com/benhovinga\"\u003e\u003ccode\u003e@​benhovinga\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nextauthjs/next-auth/pull/12616\"\u003enextauthjs/next-auth#12616\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate index.ts by \u003ca href=\"https://github.com/adriancuadrado\"\u003e\u003ccode\u003e@​adriancuadrado\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nextauthjs/next-auth/pull/13066\"\u003enextauthjs/next-auth#13066\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/maiconcarraro\"\u003e\u003ccode\u003e@​maiconcarraro\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/nextauthjs/next-auth/pull/12937\"\u003enextauthjs/next-auth#12937\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jvllmr\"\u003e\u003ccode\u003e@​jvllmr\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/nextauthjs/next-auth/pull/12964\"\u003enextauthjs/next-auth#12964\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Regloom\"\u003e\u003ccode\u003e@​Regloom\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/nextauthjs/next-auth/pull/12947\"\u003enextauthjs/next-auth#12947\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/frshaad\"\u003e\u003ccode\u003e@​frshaad\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/nextauthjs/next-auth/pull/13023\"\u003enextauthjs/next-auth#13023\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dvanmali\"\u003e\u003ccode\u003e@​dvanmali\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/nextauthjs/next-auth/pull/11911\"\u003enextauthjs/next-auth#11911\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/adriancuadrado\"\u003e\u003ccode\u003e@​adriancuadrado\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/nextauthjs/next-auth/pull/13064\"\u003enextauthjs/next-auth#13064\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/karl-barbour\"\u003e\u003ccode\u003e@​karl-barbour\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/nextauthjs/next-auth/pull/13061\"\u003enextauthjs/next-auth#13061\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nextauthjs/next-auth/compare/next-auth@5.0.0-beta.28...next-auth@5.0.0-beta.29\"\u003ehttps://github.com/nextauthjs/next-auth/compare/next-auth@5.0.0-beta.28...next-auth@5.0.0-beta.29\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/nextauthjs/next-auth/commits/next-auth@5.0.0-beta.30\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~himself_65\"\u003ehimself_65\u003c/a\u003e, a new releaser for next-auth since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `postcss` from 8.4.49 to 8.5.10\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/releases\"\u003epostcss's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcessor#version\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map annotation cleaning performance (by CodeAnt AI).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eContainerWithChildren\u003c/code\u003e type discriminating (by \u003ca href=\"https://github.com/Goodwine\"\u003e\u003ccode\u003e@​Goodwine\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epackage.json\u003c/code\u003e→\u003ccode\u003eexports\u003c/code\u003e compatibility with some tools (by \u003ca href=\"https://github.com/JounQin\"\u003e\u003ccode\u003e@​JounQin\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed Parcel compatibility issue (by \u003ca href=\"https://github.com/git-sumitchaudhary\"\u003e\u003ccode\u003e@​git-sumitchaudhary\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded more details to \u003ccode\u003eUnknown word\u003c/code\u003e error (by \u003ca href=\"https://github.com/hiepxanh\"\u003e\u003ccode\u003e@​hiepxanh\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFixed types (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFixed docs (by \u003ca href=\"https://github.com/catnipan\"\u003e\u003ccode\u003e@​catnipan\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed end position of rules with semicolon (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed backwards compatibility for complex cases (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5 “Duke Alloces”\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003ePostCSS 8.5 brought API to work better with non-CSS sources like HTML, Vue.js/Svelte sources or CSS-in-JS.\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e during \u003ca href=\"https://redirect.github.com/postcss/postcss/issues/1995\"\u003ehis work\u003c/a\u003e on \u003ca href=\"https://stylelint.io\"\u003eStylelint\u003c/a\u003e added \u003ccode\u003eInput#document\u003c/code\u003e in additional to \u003ccode\u003eInput#css\u003c/code\u003e.\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003eroot.source.input.document //=\u0026gt; \u0026quot;\u0026lt;p\u0026gt;Hello\u0026lt;/p\u0026gt;\r\n                           //    \u0026lt;style\u0026gt;\r\n                           //    p {\r\n                           //      color: green;\r\n                           //    }\r\n                           //    \u0026lt;/style\u0026gt;\u0026quot;\r\nroot.source.input.css      //=\u0026gt; \u0026quot;p {\r\n                           //      color: green;\r\n                           //    }\u0026quot;\r\n\u003cp\u003e\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt;\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/blob/main/CHANGELOG.md\"\u003epostcss's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcessor#version\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map annotation cleaning performance (by CodeAnt AI).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eContainerWithChildren\u003c/code\u003e type discriminating (by \u003ca href=\"https://github.com/Goodwine\"\u003e\u003ccode\u003e@​Goodwine\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epackage.json\u003c/code\u003e→\u003ccode\u003eexports\u003c/code\u003e compatibility with some tools (by \u003ca href=\"https://github.com/JounQin\"\u003e\u003ccode\u003e@​JounQin\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed Parcel compatibility issue (by \u003ca href=\"https://github.com/git-sumitchaudhary\"\u003e\u003ccode\u003e@​git-sumitchaudhary\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded more details to \u003ccode\u003eUnknown word\u003c/code\u003e error (by \u003ca href=\"https://github.com/hiepxanh\"\u003e\u003ccode\u003e@​hiepxanh\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFixed types (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFixed docs (by \u003ca href=\"https://github.com/catnipan\"\u003e\u003ccode\u003e@​catnipan\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed end position of rules with semicolon (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed backwards compatibility for complex cases (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5 “Duke Alloces”\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003eInput#document\u003c/code\u003e for sources like CSS-in-JS or HTML (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/33b9790263dc1562a46ce45d9532bd63e95b7986\"\u003e\u003ccode\u003e33b9790\u003c/code\u003e\u003c/a\u003e Release 8.5.10 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/536c79e4b01e58a3a56b09c3c0cf2323f4b9a28b\"\u003e\u003ccode\u003e536c79e\u003c/code\u003e\u003c/a\u003e Escape \u0026lt;/style\u0026gt; in CSS output (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2074\"\u003e#2074\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/afa96b2a139ce625c4d27973313479c7c85f39d4\"\u003e\u003ccode\u003eafa96b2\u003c/code\u003e\u003c/a\u003e Update dependencies (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2073\"\u003e#2073\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/effe88bb87cabdc1876e02adbdd30f392f19f40d\"\u003e\u003ccode\u003eeffe88b\u003c/code\u003e\u003c/a\u003e Typo (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2072\"\u003e#2072\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/3ee79a2c4a11e41d52db50b444eebe38299495ad\"\u003e\u003ccode\u003e3ee79a2\u003c/code\u003e\u003c/a\u003e Thread model (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2071\"\u003e#2071\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/2e0683daca4dc2919211b03774f6b2d137136c01\"\u003e\u003ccode\u003e2e0683d\u003c/code\u003e\u003c/a\u003e Create incident response docs (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/fe88ac29c06b7b218be32994cdc6ca1525bdf2c9\"\u003e\u003ccode\u003efe88ac2\u003c/code\u003e\u003c/a\u003e Release 8.5.9 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/c551632496b87ab3f1965bfda5dc386b6c71963e\"\u003e\u003ccode\u003ec551632\u003c/code\u003e\u003c/a\u003e Avoid RegExp when we can use simple JS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/89a6b744060eb8dee743351c785a9fbe37d4525a\"\u003e\u003ccode\u003e89a6b74\u003c/code\u003e\u003c/a\u003e Move SECURITY.txt for docs folder to keep GitHub page cleaner\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/6ceb8a46af9f9de821faee98f861bdf84617347b\"\u003e\u003ccode\u003e6ceb8a4\u003c/code\u003e\u003c/a\u003e Create SECURITY.md\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/postcss/postcss/compare/8.4.49...8.5.10\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `brace-expansion` from 1.1.11 to 2.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/juliangruber/brace-expansion/releases\"\u003ebrace-expansion's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003epkg: publish on tag 2.x  14f1d91\u003c/li\u003e\n\u003cli\u003efmt  ed7780a\u003c/li\u003e\n\u003cli\u003eFix potential ReDoS Vulnerability or Inefficient Regular Expression (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/65\"\u003e#65\u003c/a\u003e)  36603d5\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v2.0.1...v2.0.2\"\u003ehttps://github.com/juliangruber/brace-expansion/compare/v2.0.1...v2.0.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.1.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003epkg: publish on tag 1.x  c460dbd\u003c/li\u003e\n\u003cli\u003efmt  ccb8ac6\u003c/li\u003e\n\u003cli\u003eFix potential ReDoS Vulnerability or Inefficient Regular Expression (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/65\"\u003e#65\u003c/a\u003e)  c3c73c8\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v1.1.11...v1.1.12\"\u003ehttps://github.com/juliangruber/brace-expansion/compare/v1.1.11...v1.1.12\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/1ee4a9069c69a51bd502aab289c0c6629c8920ca\"\u003e\u003ccode\u003e1ee4a90\u003c/code\u003e\u003c/a\u003e 2.1.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/b0302ac153ecfaad66752aac79bf30d2895db8f1\"\u003e\u003ccode\u003eb0302ac\u003c/code\u003e\u003c/a\u003e Add opt-in { max } mitigation to v2 legacy line (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/100\"\u003e#100\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/73b5459d2ab973c984d01324769d306f66440c7e\"\u003e\u003ccode\u003e73b5459\u003c/code\u003e\u003c/a\u003e 2.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/311ac0d54994158c0a384e286a7d6cbb17ee8ed5\"\u003e\u003ccode\u003e311ac0d\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-f886-m6hf-6m8v to v2 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/96\"\u003e#96\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/a3efcee659ef0fb381e2b50d759c720900580a15\"\u003e\u003ccode\u003ea3efcee\u003c/code\u003e\u003c/a\u003e 2.0.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/14f1d91b0523ffb0c8bbe6a28dc98ddc56ae53bc\"\u003e\u003ccode\u003e14f1d91\u003c/code\u003e\u003c/a\u003e pkg: publish on tag 2.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/ed7780ab1cb8a7696f1813b5a945fcc70d8d1990\"\u003e\u003ccode\u003eed7780a\u003c/code\u003e\u003c/a\u003e fmt\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/36603d5f3599a37af9e85eda30acd7d28599c36e\"\u003e\u003ccode\u003e36603d5\u003c/code\u003e\u003c/a\u003e Fix potential ReDoS Vulnerability or Inefficient Regular Expression (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/65\"\u003e#65\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/b9c0e57027317a8d0a56a7ccee28fc478d847da2\"\u003e\u003ccode\u003eb9c0e57\u003c/code\u003e\u003c/a\u003e 2.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/4d96d7dbca632806263efb0da8d1e9d8a2143cc2\"\u003e\u003ccode\u003e4d96d7d\u003c/code\u003e\u003c/a\u003e switch to fork of matcha that works on node\u0026gt;12\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/1.1.11...v2.1.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 3.1.2 to 9.0.9\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/isaacs/minimatch/blob/main/changelog.md\"\u003eminimatch's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003echange log\u003c/h1\u003e\n\u003ch2\u003e10.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003ebraceExpandMax\u003c/code\u003e option\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e10.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003emagicalBraces\u003c/code\u003e option for \u003ccode\u003eescape\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003emakeRe\u003c/code\u003e when \u003ccode\u003epartial: true\u003c/code\u003e is set.\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003emakeRe\u003c/code\u003e when pattern ends in a final \u003ccode\u003e**\u003c/code\u003e path part.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e10.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRequire node 20 or 22 and higher\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e9.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo default export, only named exports.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRecursive descent parser for extglob, allowing correct support\nfor arbitrarily nested extglob expressions\u003c/li\u003e\n\u003cli\u003eBump required Node.js version\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eescape()\u003c/code\u003e method\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eunescape()\u003c/code\u003e method\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eMinimatch.hasMagic()\u003c/code\u003e method\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for posix character classes in a unicode-aware way.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003ewindowsNoMagicRoot\u003c/code\u003e option\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eoptimizationLevel\u003c/code\u003e configuration option, and revert the\ndefault back to the 6.2 style minimal optimizations, making the\nadvanced transforms introduced in 7.0 opt-in. Also, process\nprovided file paths in the same way in optimizationLevel:2\nmode, so \u003cem\u003emost\u003c/em\u003e things that matched with optimizationLevel 1 or\n0 \u003cem\u003eshould\u003c/em\u003e match with level 2 as well. However, level 1 is the\ndefault, out of an abundance of caution.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/s...\n\n_Description has been truncated_","html_url":"https://github.com/reddevilprasun/webplus/pull/2","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/reddevilprasun%2Fwebplus/issues/2","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2/packages"},{"uuid":"4459767226","node_id":"PR_kwDOSPVOwc7cNBBu","number":10,"state":"closed","title":"Bump the npm_and_yarn group across 21 directories with 28 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-16T11:57:02.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-16T11:49:54.000Z","updated_at":"2026-05-16T11:57:04.000Z","time_to_close":428,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":28,"packages":[{"name":"axios","old_version":"0.21.4","new_version":"1.16.1","repository_url":"https://github.com/axios/axios"},{"name":"express","old_version":"4.21.2","new_version":"4.22.0","repository_url":"https://github.com/expressjs/express"},{"name":"esbuild","old_version":"0.18.20","new_version":"0.25.0","repository_url":"https://github.com/evanw/esbuild"},{"name":"jws","old_version":"3.2.2","new_version":"3.2.3","repository_url":"https://github.com/brianloveswords/node-jws"},{"name":"brace-expansion","old_version":"1.1.11","new_version":"1.1.14","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"flatted","old_version":"3.3.3","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"js-yaml","old_version":"3.14.1","new_version":"3.14.2","repository_url":"https://github.com/nodeca/js-yaml"},{"name":"lodash","old_version":"4.17.21","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"minimatch","old_version":"3.1.2","new_version":"3.1.5","repository_url":"https://github.com/isaacs/minimatch"},{"name":"path-to-regexp","old_version":"0.1.12","new_version":"0.1.13","repository_url":"https://github.com/pillarjs/path-to-regexp"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 11 updates in the /samples/TeamsJS/app-sso/nodejs directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [axios](https://github.com/axios/axios) | `0.21.4` | `1.16.1` |\n| [express](https://github.com/expressjs/express) | `4.21.2` | `4.22.0` |\n| [esbuild](https://github.com/evanw/esbuild) | `0.18.20` | `0.25.0` |\n| [jws](https://github.com/brianloveswords/node-jws) | `3.2.2` | `3.2.3` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.14` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `0.1.12` | `0.1.13` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n\nBumps the npm_and_yarn group with 6 updates in the /samples/TeamsJS/connector-github-notification/nodejs directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [express](https://github.com/expressjs/express) | `4.18.2` | `4.22.0` |\n| [esbuild](https://github.com/evanw/esbuild) | `0.18.5` | `0.25.0` |\n| [cookie](https://github.com/jshttp/cookie) | `0.4.1` | `0.7.2` |\n| [semver](https://github.com/npm/node-semver) | `5.7.1` | `5.7.2` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [mongoose](https://github.com/Automattic/mongoose) | `4.13.21` | `6.13.9` |\n\nBumps the npm_and_yarn group with 9 updates in the /samples/TeamsJS/graph-activity-feed/nodejs directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [axios](https://github.com/axios/axios) | `0.21.4` | `0.31.1` |\n| [express](https://github.com/expressjs/express) | `4.21.2` | `4.22.0` |\n| [esbuild](https://github.com/evanw/esbuild) | `0.18.20` | `0.25.0` |\n| [jws](https://github.com/brianloveswords/node-jws) | `3.2.2` | `3.2.3` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `2.0.1` | `2.1.0` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.14` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `2.0.2` | `2.1.0` |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.9` | `1.16.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `5.1.6` | `5.1.9` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `0.1.12` | `0.1.13` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n\nBumps the npm_and_yarn group with 11 updates in the /samples/TeamsJS/graph-bulk-meetings/csharp/EventMeeting/ClientApp directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [axios](https://github.com/axios/axios) | `0.21.4` | `0.31.1` |\n| [express](https://github.com/expressjs/express) | `4.18.2` | `4.22.2` |\n| [@babel/runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-runtime) | `7.20.1` | `7.29.2` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.14` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.2.7` | `3.4.2` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [json5](https://github.com/json5/json5) | `1.0.1` | `2.2.3` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.5` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [ejs](https://github.com/mde/ejs) | `2.7.4` | `3.1.10` |\n\nBumps the npm_and_yarn group with 9 updates in the /samples/TeamsJS/graph-bulk-meetings/nodejs directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [axios](https://github.com/axios/axios) | `0.21.4` | `0.31.1` |\n| [express](https://github.com/expressjs/express) | `4.21.2` | `4.22.0` |\n| [esbuild](https://github.com/evanw/esbuild) | `0.18.20` | `0.25.0` |\n| [jws](https://github.com/brianloveswords/node-jws) | `3.2.2` | `3.2.3` |\n| [jws](https://github.com/brianloveswords/node-jws) | `4.0.0` | `4.0.1` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `2.0.1` | `2.1.0` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.14` |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.9` | `1.16.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `5.1.6` | `5.1.9` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `0.1.12` | `0.1.13` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n\nBumps the npm_and_yarn group with 6 updates in the /samples/TeamsJS/graph-bulk-meetings/nodejs/client directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [axios](https://github.com/axios/axios) | `0.21.4` | `0.31.1` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `2.1.0` |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.9` | `1.16.0` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `4.1.1` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `4.0.4` |\n\nBumps the npm_and_yarn group with 9 updates in the /samples/TeamsJS/graph-pinned-messages/nodejs directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [axios](https://github.com/axios/axios) | `0.21.4` | `0.31.1` |\n| [express](https://github.com/expressjs/express) | `4.21.2` | `4.22.0` |\n| [esbuild](https://github.com/evanw/esbuild) | `0.18.20` | `0.25.0` |\n| [jws](https://github.com/brianloveswords/node-jws) | `3.2.2` | `3.2.3` |\n| [jws](https://github.com/brianloveswords/node-jws) | `4.0.0` | `4.0.1` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `2.0.1` | `2.1.0` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.14` |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.9` | `1.16.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `5.1.6` | `5.1.9` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `0.1.12` | `0.1.13` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n\nBumps the npm_and_yarn group with 9 updates in the /samples/TeamsJS/graph-teams-tag/nodejs directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [axios](https://github.com/axios/axios) | `0.21.4` | `0.31.1` |\n| [express](https://github.com/expressjs/express) | `4.21.2` | `4.22.0` |\n| [esbuild](https://github.com/evanw/esbuild) | `0.18.20` | `0.25.0` |\n| [jws](https://github.com/brianloveswords/node-jws) | `3.2.2` | `3.2.3` |\n| [jws](https://github.com/brianloveswords/node-jws) | `4.0.0` | `4.0.1` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `2.0.1` | `2.1.0` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.14` |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.9` | `1.16.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `5.1.6` | `5.1.9` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `0.1.12` | `0.1.13` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n\nBumps the npm_and_yarn group with 10 updates in the /samples/TeamsJS/graph-teams-tag/nodejs/client directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [axios](https://github.com/axios/axios) | `0.21.4` | `0.31.1` |\n| [express](https://github.com/expressjs/express) | `4.18.1` | `4.22.2` |\n| [@babel/runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-runtime) | `7.18.9` | `7.29.2` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.14` |\n| [braces](https://github.com/micromatch/braces) | `2.3.2` | `3.0.3` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.2.6` | `3.4.2` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [json5](https://github.com/json5/json5) | `1.0.1` | `2.2.3` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.5` |\n\nBumps the npm_and_yarn group with 12 updates in the /samples/TeamsJS/meeting-tabs/nodejs directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [axios](https://github.com/axios/axios) | `0.21.4` | `0.31.1` |\n| [express](https://github.com/expressjs/express) | `4.18.2` | `4.22.2` |\n| [@babel/runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-runtime) | `7.22.6` | `7.29.2` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.14` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `2.0.1` | `2.1.0` |\n| [braces](https://github.com/micromatch/braces) | `3.0.2` | `3.0.3` |\n| [semver](https://github.com/npm/node-semver) | `6.3.0` | `6.3.1` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.2.7` | `3.4.2` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `4.1.1` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [minimatch](https://github.com/isaacs/minimatch) | `5.1.6` | `5.1.9` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [ejs](https://github.com/mde/ejs) | `3.1.9` | `3.1.10` |\n\nBumps the npm_and_yarn group with 10 updates in the /samples/TeamsJS/meetings-audio-state/nodejs directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [axios](https://github.com/axios/axios) | `0.21.4` | `0.31.1` |\n| [express](https://github.com/expressjs/express) | `4.18.1` | `4.22.2` |\n| [@babel/runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-runtime) | `7.18.9` | `7.29.2` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.14` |\n| [braces](https://github.com/micromatch/braces) | `2.3.2` | `3.0.3` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.2.6` | `3.4.2` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [json5](https://github.com/json5/json5) | `1.0.1` | `2.2.3` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.5` |\n\nBumps the npm_and_yarn group with 7 updates in the /samples/TeamsJS/meetings-stage-view/nodejs directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [axios](https://github.com/axios/axios) | `0.21.4` | `0.31.1` |\n| [express](https://github.com/expressjs/express) | `4.21.2` | `4.22.0` |\n| [esbuild](https://github.com/evanw/esbuild) | `0.18.20` | `0.25.0` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `2.0.1` | `2.1.0` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.14` |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.9` | `1.16.0` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `0.1.12` | `0.1.13` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n\nBumps the npm_and_yarn group with 5 updates in the /samples/TeamsJS/tab-external-auth/nodejs/api-server directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [axios](https://github.com/axios/axios) | `0.21.1` | `0.31.1` |\n| [express](https://github.com/expressjs/express) | `4.18.2` | `4.22.0` |\n| [jws](https://github.com/brianloveswords/node-jws) | `3.2.2` | `3.2.3` |\n| [semver](https://github.com/npm/node-semver) | `5.7.1` | `5.7.2` |\n| [jsonwebtoken](https://github.com/auth0/node-jsonwebtoken) | `8.5.1` | `9.0.3` |\n\nBumps the npm_and_yarn group with 9 updates in the /samples/TeamsJS/tab-people-picker/nodejs directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [axios](https://github.com/axios/axios) | `0.21.4` | `0.31.1` |\n| [express](https://github.com/expressjs/express) | `4.21.2` | `4.22.0` |\n| [esbuild](https://github.com/evanw/esbuild) | `0.18.20` | `0.25.0` |\n| [jws](https://github.com/brianloveswords/node-jws) | `3.2.2` | `3.2.3` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `2.0.1` | `2.1.0` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.14` |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.9` | `1.16.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `5.1.6` | `5.1.9` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `0.1.12` | `0.1.13` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n\nBumps the npm_and_yarn group with 8 updates in the /samples/TeamsJS/tab-request-approval/nodejs directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [axios](https://github.com/axios/axios) | `0.21.4` | `0.31.1` |\n| [express](https://github.com/expressjs/express) | `4.21.2` | `4.22.0` |\n| [esbuild](https://github.com/evanw/esbuild) | `0.18.20` | `0.25.0` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `2.0.1` | `2.1.0` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.14` |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.9` | `1.16.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `5.1.6` | `5.1.9` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `0.1.12` | `0.1.13` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n\nBumps the npm_and_yarn group with 2 updates in the /samples/app-complete-sample/nodejs directory: [axios](https://github.com/axios/axios) and [minimatch](https://github.com/isaacs/minimatch).\nBumps the npm_and_yarn group with 1 update in the /samples/bot-release-management/nodejs directory: [axios](https://github.com/axios/axios).\nBumps the npm_and_yarn group with 10 updates in the /samples/graph-appcatalog-lifecycle/nodejs directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [axios](https://github.com/axios/axios) | `0.21.1` | `1.16.1` |\n| [esbuild](https://github.com/evanw/esbuild) | `0.18.11` | `0.25.0` |\n| [@babel/runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-runtime) | `7.14.0` | `7.29.2` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.14` |\n| [braces](https://github.com/micromatch/braces) | `3.0.2` | `3.0.3` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.1.1` | `3.4.2` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n\nBumps the npm_and_yarn group with 3 updates in the /samples/graph-proactive-installation/nodejs directory: [axios](https://github.com/axios/axios), [express](https://github.com/expressjs/express) and [esbuild](https://github.com/evanw/esbuild).\nBumps the npm_and_yarn group with 14 updates in the /samples/tab-stage-view/nodejs directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [axios](https://github.com/axios/axios) | `0.21.4` | `1.16.1` |\n| [express](https://github.com/expressjs/express) | `4.17.1` | `4.22.0` |\n| [esbuild](https://github.com/evanw/esbuild) | `0.18.14` | `0.25.0` |\n| [@babel/runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-runtime) | `7.14.8` | `7.29.2` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `2.0.1` | `2.1.0` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.14` |\n| [braces](https://github.com/micromatch/braces) | `3.0.2` | `3.0.3` |\n| [semver](https://github.com/npm/node-semver) | `5.7.1` | `5.7.2` |\n| [semver](https://github.com/npm/node-semver) | `6.3.0` | `6.3.1` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.2.2` | `3.4.2` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [json5](https://github.com/json5/json5) | `2.2.0` | `2.2.3` |\n| [minimatch](https://github.com/isaacs/minimatch) | `5.1.6` | `5.1.9` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [minimist](https://github.com/minimistjs/minimist) | `1.2.5` | `1.2.8` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [ejs](https://github.com/mde/ejs) | `3.1.9` | `3.1.10` |\n\nBumps the npm_and_yarn group with 16 updates in the /samples/tab-staggered-permission/nodejs directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [axios](https://github.com/axios/axios) | `0.21.4` | `removed` |\n| [express](https://github.com/expressjs/express) | `4.17.2` | `4.22.0` |\n| [esbuild](https://github.com/evanw/esbuild) | `0.18.13` | `0.25.0` |\n| [@babel/runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-runtime) | `7.12.13` | `7.29.2` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.14` |\n| [braces](https://github.com/micromatch/braces) | `3.0.2` | `3.0.3` |\n| [semver](https://github.com/npm/node-semver) | `7.3.5` | `7.8.0` |\n| [semver](https://github.com/npm/node-semver) | `6.3.0` | `6.3.1` |\n| [semver](https://github.com/npm/node-semver) | `5.7.1` | `5.7.2` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.2.5` | `3.4.2` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [json5](https://github.com/json5/json5) | `1.0.1` | `1.0.2` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.5` |\n| [minimist](https://github.com/minimistjs/minimist) | `1.2.5` | `1.2.8` |\n| [node-fetch](https://github.com/node-fetch/node-fetch) | `2.6.1` | `2.7.0` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [ejs](https://github.com/mde/ejs) | `3.1.6` | `3.1.10` |\n| [got](https://github.com/sindresorhus/got) | `9.6.0` | `removed` |\n\n\nUpdates `axios` from 0.21.4 to 1.16.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/releases\"\u003eaxios's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.16.1 — May 13, 2026\u003c/h2\u003e\n\u003cp\u003eThis release ships a defence-in-depth fix for prototype pollution in \u003ccode\u003eformDataToJSON\u003c/code\u003e, hardens proxy and CI workflows, restores Webpack 4 compatibility for the fetch adapter, and includes several small bug fixes and maintenance improvements.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution Defence-in-Depth:\u003c/strong\u003e Hardened \u003ccode\u003eformDataToJSON\u003c/code\u003e against already-polluted \u003ccode\u003eObject.prototype\u003c/code\u003e by walking own properties only, so attacker-controlled keys inherited from a poisoned prototype cannot propagate through deserialization. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7413\"\u003e#7413\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProxy Cleartext Leak:\u003c/strong\u003e Fixed an issue where HTTPS request data could be transmitted in cleartext to an HTTP proxy under certain configurations. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10858\"\u003e#10858\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eCI Cache Removal:\u003c/strong\u003e Removed all GitHub Actions caches as a defence-in-depth measure against cache poisoning vectors in the build pipeline. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10882\"\u003e#10882\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eData URI Parsing:\u003c/strong\u003e Updated the \u003ccode\u003efromDataURI\u003c/code\u003e regex to match RFC 2397 more strictly, fixing edge cases in \u003ccode\u003edata:\u003c/code\u003e URL handling. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10829\"\u003e#10829\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUnicode Headers:\u003c/strong\u003e Preserved Unicode header values when running through request interceptors, so non-ASCII header content is no longer corrupted before dispatch. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10850\"\u003e#10850\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eXHR Upload Progress:\u003c/strong\u003e Guarded against malformed \u003ccode\u003eProgressEvent\u003c/code\u003e payloads emitted by some environments during XHR upload, preventing crashes when \u003ccode\u003eloaded\u003c/code\u003e / \u003ccode\u003etotal\u003c/code\u003e are missing or invalid. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10868\"\u003e#10868\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eWebpack 4 Fetch Adapter:\u003c/strong\u003e Fixed an \u0026quot;unexpected token\u0026quot; error caused by syntax in the fetch adapter that Webpack 4 could not parse, restoring compatibility for legacy bundler users. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10864\"\u003e#10864\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eType Definitions:\u003c/strong\u003e Made \u003ccode\u003eparseReviver\u003c/code\u003e \u003ccode\u003econtext.source\u003c/code\u003e optional in the type definitions to align with the ES2023 specification. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10837\"\u003e#10837\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eURL Object Support Reverted:\u003c/strong\u003e Reverted the change that allowed passing a \u003ccode\u003eURL\u003c/code\u003e object as \u003ccode\u003econfig.url\u003c/code\u003e (originally \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e\u003c/strong\u003e) due to regressions; this support will be reintroduced in a later release once the underlying issues are addressed. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10874\"\u003e#10874\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eCycle Detection Refactor:\u003c/strong\u003e Replaced the array-based cycle tracker in \u003ccode\u003etoJSONObject\u003c/code\u003e with a \u003ccode\u003eWeakSet\u003c/code\u003e, improving performance and memory behaviour on large nested structures. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10832\"\u003e#10832\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecomposeSignals Cleanup:\u003c/strong\u003e Refactored \u003ccode\u003ecomposeSignals\u003c/code\u003e to use a clearer early-return structure, simplifying the cancellation/abort composition path. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10844\"\u003e#10844\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eAI Readiness \u0026amp; Repo Docs:\u003c/strong\u003e Added \u003ccode\u003eAGENTS.md\u003c/code\u003e and related contributor-guide updates for both human and AI agents, plus post-release documentation improvements. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10835\"\u003e#10835\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10841\"\u003e#10841\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDocs Improvements:\u003c/strong\u003e Clarified the GET request example, fixed the interceptor \u003ccode\u003eeject\u003c/code\u003e example to reference the correct instance, and corrected the Buzzoid sponsor description in the README. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10836\"\u003e#10836\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10853\"\u003e#10853\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10856\"\u003e#10856\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSponsorship Tooling:\u003c/strong\u003e Fixed empty sponsor arrays in the sponsor processing script, added the ability to inject additional sponsors, updated the sponsorship link, and added a Twicsy advertisement entry. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10843\"\u003e#10843\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10859\"\u003e#10859\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10869\"\u003e#10869\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDependencies:\u003c/strong\u003e Bumped \u003ccode\u003e@commitlint/cli\u003c/code\u003e from 20.5.0 to 20.5.2. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10846\"\u003e#10846\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🌟 New Contributors\u003c/h2\u003e\n\u003cp\u003eWe are thrilled to welcome our new contributors. Thank you for helping improve axios:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/hpinmetaverse\"\u003e\u003ccode\u003e@​hpinmetaverse\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10836\"\u003e#10836\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/tommyhgunz14\"\u003e\u003ccode\u003e@​tommyhgunz14\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7413\"\u003e#7413\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/abhu85\"\u003e\u003ccode\u003e@​abhu85\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10829\"\u003e#10829\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/divyanshuraj1095\"\u003e\u003ccode\u003e@​divyanshuraj1095\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10853\"\u003e#10853\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/sagodi97\"\u003e\u003ccode\u003e@​sagodi97\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10856\"\u003e#10856\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/rkdfx\"\u003e\u003ccode\u003e@​rkdfx\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10868\"\u003e#10868\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/Liuwei1125\"\u003e\u003ccode\u003e@​Liuwei1125\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/axios/axios/compare/v1.16.0...v1.16.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.16.0 — May 2, 2026\u003c/h2\u003e\n\u003cp\u003eThis release adds support for the QUERY HTTP method and a new \u003ccode\u003eECONNREFUSED\u003c/code\u003e error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.\u003c/p\u003e\n\u003ch2\u003e⚠️ Notable Changes\u003c/h2\u003e\n\u003cp\u003eA handful of fixes in this release are either security-adjacent or change observable behaviour. Please review before upgrading:\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/blob/v1.x/CHANGELOG.md\"\u003eaxios's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003ev1.16.0 — May 2, 2026\u003c/h2\u003e\n\u003cp\u003eThis release adds support for the QUERY HTTP method and a new \u003ccode\u003eECONNREFUSED\u003c/code\u003e error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.\u003c/p\u003e\n\u003ch2\u003e⚠️ Notable Changes\u003c/h2\u003e\n\u003cp\u003eA handful of fixes in this release are either security-adjacent or change observable behaviour. Please review before upgrading:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFetch adapter now enforces \u003ccode\u003emaxBodyLength\u003c/code\u003e and \u003ccode\u003emaxContentLength\u003c/code\u003e.\u003c/strong\u003e These limits were silently ignored on the fetch adapter prior to 1.16.0 — anyone relying on them as a safety net (DoS protection, accidental large uploads) had no protection. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10795\"\u003e#10795\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProxy requests now preserve user-supplied \u003ccode\u003eHost\u003c/code\u003e headers.\u003c/strong\u003e Previously, the proxy path could overwrite a custom \u003ccode\u003eHost\u003c/code\u003e. Virtual-host-style routing through a proxy will now behave correctly. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10822\"\u003e#10822\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBasic auth credentials embedded in URLs are now URL-decoded.\u003c/strong\u003e If you have percent-encoded credentials in a URL (e.g. \u003ccode\u003ehttps://user:p%40ss@host\u003c/code\u003e), the decoded value is what now goes on the wire. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10825\"\u003e#10825\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eparseProtocol\u003c/code\u003e now strictly requires a colon in the protocol separator.\u003c/strong\u003e Strings that loosely parsed as protocols before may no longer match. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10729\"\u003e#10729\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDeprecated \u003ccode\u003eunescape()\u003c/code\u003e replaced with modern UTF-8 encoding.\u003c/strong\u003e Non-ASCII URL handling is now spec-correct; consumers depending on legacy \u003ccode\u003eunescape()\u003c/code\u003e quirks may see different output bytes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7378\"\u003e#7378\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003etransformRequest\u003c/code\u003e input typing change was reverted.\u003c/strong\u003e The typing change introduced in \u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e was reverted in \u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e after follow-up review — net behavior is unchanged from 1.15.2. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eQUERY HTTP Method:\u003c/strong\u003e Added support for the QUERY HTTP method across adapters and type definitions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10802\"\u003e#10802\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eECONNREFUSED Error Constant:\u003c/strong\u003e Exposed \u003ccode\u003eECONNREFUSED\u003c/code\u003e as a constant on \u003ccode\u003eAxiosError\u003c/code\u003e so callers can match connection-refused failures without comparing string literals (closes \u003ca href=\"https://redirect.github.com/axios/axios/issues/6485\"\u003e#6485\u003c/a\u003e). (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10680\"\u003e#10680\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eEncode Helper Export:\u003c/strong\u003e Exported the internal \u003ccode\u003eencode\u003c/code\u003e helper from \u003ccode\u003ebuildURL\u003c/code\u003e so userland param serializers can reuse the same encoding logic that axios uses internally. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6897\"\u003e#6897\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP Adapter — Redirects \u0026amp; Headers:\u003c/strong\u003e Cleared stale headers when a redirect targets a no-proxy host, fixed the redirect listener chain so listeners no longer stack across hops, restored the missing \u003ccode\u003erequestDetails\u003c/code\u003e argument on \u003ccode\u003ebeforeRedirect\u003c/code\u003e, preserved user-supplied \u003ccode\u003eHost\u003c/code\u003e headers when forwarding through a proxy, and properly URL-decoded basic auth credentials. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10794\"\u003e#10794\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10800\"\u003e#10800\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6241\"\u003e#6241\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10822\"\u003e#10822\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10825\"\u003e#10825\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP Adapter — Streams \u0026amp; Timeouts:\u003c/strong\u003e Preserved the partial response object on \u003ccode\u003eAxiosError\u003c/code\u003e when a stream is aborted after headers arrive, honoured the \u003ccode\u003etimeout\u003c/code\u003e option during the connect phase when redirects are disabled, and resolved an unsettled-promise hang when an aborted request was combined with compression and \u003ccode\u003emaxRedirects: 0\u003c/code\u003e. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10708\"\u003e#10708\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10819\"\u003e#10819\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7149\"\u003e#7149\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eFetch Adapter:\u003c/strong\u003e Enforced \u003ccode\u003emaxBodyLength\u003c/code\u003e / \u003ccode\u003emaxContentLength\u003c/code\u003e in the fetch adapter, set the \u003ccode\u003eUser-Agent\u003c/code\u003e header to match the HTTP adapter, preserved the original abort reason instead of replacing it with a generic error, and deferred global access so importing the module no longer throws a \u003ccode\u003eTypeError\u003c/code\u003e in restricted environments. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10795\"\u003e#10795\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10772\"\u003e#10772\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10806\"\u003e#10806\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7260\"\u003e#7260\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eXHR Adapter:\u003c/strong\u003e Unsubscribed the \u003ccode\u003ecancelToken\u003c/code\u003e and \u003ccode\u003eAbortSignal\u003c/code\u003e listeners on the error, timeout, and abort code paths to prevent leaked subscriptions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10787\"\u003e#10787\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eError Handling:\u003c/strong\u003e Attached the parsed response to \u003ccode\u003eAxiosError\u003c/code\u003e when \u003ccode\u003eJSON.parse\u003c/code\u003e fails inside \u003ccode\u003edispatchRequest\u003c/code\u003e, prevented \u003ccode\u003esettle\u003c/code\u003e from emitting \u003ccode\u003eundefined\u003c/code\u003e error codes, and tightened the \u003ccode\u003eparseProtocol\u003c/code\u003e regex to require a colon in the protocol separator. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10724\"\u003e#10724\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7276\"\u003e#7276\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10729\"\u003e#10729\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTypes \u0026amp; Exports:\u003c/strong\u003e Aligned the CommonJS \u003ccode\u003eCancelToken\u003c/code\u003e typings with the ESM build, fixed a compiler error caused by \u003ccode\u003eRawAxiosHeaders\u003c/code\u003e, and re-exported \u003ccode\u003ecreate\u003c/code\u003e from the package index. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7414\"\u003e#7414\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6389\"\u003e#6389\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6460\"\u003e#6460\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUTF-8 Encoding:\u003c/strong\u003e Replaced the deprecated \u003ccode\u003eunescape()\u003c/code\u003e call with a modern UTF-8 encoding implementation. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7378\"\u003e#7378\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eMisc Cleanup:\u003c/strong\u003e Resolved a batch of small inconsistencies and gadget-level issues across the codebase. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10833\"\u003e#10833\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRefactor — ES6 Modernisation:\u003c/strong\u003e Modernised the \u003ccode\u003eutils\u003c/code\u003e module and XHR adapter to use ES6 features, and tidied the multipart boundary error message. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10588\"\u003e#10588\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7419\"\u003e#7419\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTests:\u003c/strong\u003e Hardened the HTTP test server lifecycle to fix flaky \u003ccode\u003eFormData\u003c/code\u003e EPIPE failures, fixed Win32 platform support for the pipe tests, and corrected an incorrect test assumption. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10820\"\u003e#10820\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10791\"\u003e#10791\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10796\"\u003e#10796\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDocs:\u003c/strong\u003e Documented \u003ccode\u003eparamsSerializer.encode\u003c/code\u003e for strict RFC 3986 query encoding, updated the \u003ccode\u003eparseReviver\u003c/code\u003e TypeScript definitions and configuration docs for ES2023, added timeout guidance to the README's first async example, and expanded notes around the recent type changes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10821\"\u003e#10821\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10782\"\u003e#10782\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10759\"\u003e#10759\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10804\"\u003e#10804\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eReverted:\u003c/strong\u003e Reverted the \u003ccode\u003etransformRequest\u003c/code\u003e input typing change from \u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e after follow-up review. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDependencies:\u003c/strong\u003e Bumped \u003ccode\u003eactions/setup-node\u003c/code\u003e, the \u003ccode\u003egithub-actions\u003c/code\u003e group, and \u003ccode\u003epostcss\u003c/code\u003e (in \u003ccode\u003e/docs\u003c/code\u003e) to their latest versions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10785\"\u003e#10785\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10813\"\u003e#10813\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10814\"\u003e#10814\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRelease:\u003c/strong\u003e Updated changelog and packages, and prepared the 1.16.0 release. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10790\"\u003e#10790\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10834\"\u003e#10834\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🌟 New Contributors\u003c/h2\u003e\n\u003cp\u003eWe are thrilled to welcome our new contributors. Thank you for helping improve axios:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/singhankit001\"\u003e\u003ccode\u003e@​singhankit001\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10588\"\u003e#10588\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/cuiweixie\"\u003e\u003ccode\u003e@​cuiweixie\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7419\"\u003e#7419\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/iruizsalinas\"\u003e\u003ccode\u003e@​iruizsalinas\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10787\"\u003e#10787\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/1337d6b537afb2d3f501074c8ac4ef4308221197\"\u003e\u003ccode\u003e1337d6b\u003c/code\u003e\u003c/a\u003e chore(release): prepare release 1.16.1 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10877\"\u003e#10877\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/858a790cec06054547d0d3f941916d6fb2a4d18e\"\u003e\u003ccode\u003e858a790\u003c/code\u003e\u003c/a\u003e fix: remove all caches (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10882\"\u003e#10882\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/34adfd90efc9c145488399e1cf7fa96de67080fa\"\u003e\u003ccode\u003e34adfd9\u003c/code\u003e\u003c/a\u003e revert: \u0026quot;fix: support URL object as config.url input (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10874\"\u003e#10874\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/847d89b43654405d9a231e0b669832c2092b621f\"\u003e\u003ccode\u003e847d89b\u003c/code\u003e\u003c/a\u003e fix: support URL object as config.url input (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/40948863677bb793bfff0293cce7e7b4f8a1b212\"\u003e\u003ccode\u003e4094886\u003c/code\u003e\u003c/a\u003e fix(progress): guard malformed XHR upload events (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10868\"\u003e#10868\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/44f0c5bf73c45df6009365141faa394d73596bd7\"\u003e\u003ccode\u003e44f0c5b\u003c/code\u003e\u003c/a\u003e chore: change sponsorship link and add Twicsy advertisement (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10869\"\u003e#10869\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/64e1095efedc64c9fecf5176bd9cf2e5e93140d6\"\u003e\u003ccode\u003e64e1095\u003c/code\u003e\u003c/a\u003e chore: update PR and issue template to use h2 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10865\"\u003e#10865\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/3e6b4e1f311b43aa1dc77d78150a601d9fe4b280\"\u003e\u003ccode\u003e3e6b4e1\u003c/code\u003e\u003c/a\u003e fix: error unexpected token in fetch JS compatibility issue with Webpack 4 (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/c4453bab70f53575175903aee60810c821f72129\"\u003e\u003ccode\u003ec4453ba\u003c/code\u003e\u003c/a\u003e fix: add the ability to add additional sponsors to the process sponsors scrip...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/caa00a90b524bb67ed033474abcf4d8645ced793\"\u003e\u003ccode\u003ecaa00a9\u003c/code\u003e\u003c/a\u003e fix: https data in cleartext to proxy (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10858\"\u003e#10858\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/axios/axios/compare/v0.21.4...v1.16.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for axios since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `express` from 4.21.2 to 4.22.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/expressjs/express/releases\"\u003eexpress's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.22.0\u003c/h2\u003e\n\u003ch2\u003eImportant: Security\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity fix for \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2024-51999\"\u003eCVE-2024-51999\u003c/a\u003e (\u003ca href=\"https://github.com/expressjs/express/security/advisories/GHSA-pj86-cfqh-vqx6\"\u003eGHSA-pj86-cfqh-vqx6\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRefactor: improve readability by \u003ca href=\"https://github.com/sazk07\"\u003e\u003ccode\u003e@​sazk07\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6190\"\u003eexpressjs/express#6190\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add support for Node.js@23.0 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6080\"\u003eexpressjs/express#6080\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMethod functions with no path should error by \u003ca href=\"https://github.com/wesleytodd\"\u003e\u003ccode\u003e@​wesleytodd\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/5957\"\u003eexpressjs/express#5957\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: updated github actions ci workflow by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6323\"\u003eexpressjs/express#6323\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: reorder \u003ccode\u003enpm i\u003c/code\u003e steps to fix ci for older node versions by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6336\"\u003eexpressjs/express#6336\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBackport: ci: add node.js 24 to test matrix by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6506\"\u003eexpressjs/express#6506\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(4.x): wider range for query test skip by \u003ca href=\"https://github.com/jonchurch\"\u003e\u003ccode\u003e@​jonchurch\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6513\"\u003eexpressjs/express#6513\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003euse tilde notation for certain dependencies by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6905\"\u003eexpressjs/express#6905\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeps: qs@6.14.0 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6909\"\u003eexpressjs/express#6909\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeps: use tilde notation for \u003ccode\u003eqs\u003c/code\u003e by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6919\"\u003eexpressjs/express#6919\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelease: 4.22.0 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6921\"\u003eexpressjs/express#6921\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/expressjs/express/compare/4.21.2...4.22.0\"\u003ehttps://github.com/expressjs/express/compare/4.21.2...4.22.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/expressjs/express/blob/4.22.0/History.md\"\u003eexpress's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e4.22.0 / 2025-12-01\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity fix for \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2024-51999\"\u003eCVE-2024-51999\u003c/a\u003e (\u003ca href=\"https://github.com/expressjs/express/security/advisories/GHSA-pj86-cfqh-vqx6\"\u003eGHSA-pj86-cfqh-vqx6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edeps: use tilde notation for dependencies\u003c/li\u003e\n\u003cli\u003edeps: qs@6.14.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/49744abd1120484fe64d7bde1cd3197c32523b6e\"\u003e\u003ccode\u003e49744ab\u003c/code\u003e\u003c/a\u003e 4.22.0 (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6921\"\u003e#6921\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/6e97452f600a3b01719fbc5517d833c7646b0bb7\"\u003e\u003ccode\u003e6e97452\u003c/code\u003e\u003c/a\u003e sec: security patch for CVE-2024-51999\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/6a23d34d652b9e69a4486d2a2a0dea54b9685fa5\"\u003e\u003ccode\u003e6a23d34\u003c/code\u003e\u003c/a\u003e deps: use tilde notation for \u003ccode\u003eqs\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6919\"\u003e#6919\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/8c12cdf93b89a4628b59179e3cc0722fc517d6b3\"\u003e\u003ccode\u003e8c12cdf\u003c/code\u003e\u003c/a\u003e deps: qs@6.14.0 (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6909\"\u003e#6909\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/7fea74fcf02764580f38f2a7f1932dfa54cddd90\"\u003e\u003ccode\u003e7fea74f\u003c/code\u003e\u003c/a\u003e deps: use tilde notation for certain dependencies (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6905\"\u003e#6905\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/dac7a0475a99e9dfc57b3b8e6d5bdf52813f1944\"\u003e\u003ccode\u003edac7a04\u003c/code\u003e\u003c/a\u003e chore: wider range for query test skip (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6513\"\u003e#6513\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/997919b48879bbd53171c3b4e5dd1b04ad139241\"\u003e\u003ccode\u003e997919b\u003c/code\u003e\u003c/a\u003e ci: add node.js 24 to test matrix (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6506\"\u003e#6506\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/36fb59c6c7d9dfca0b08dfeafb5b6e4a249234a1\"\u003e\u003ccode\u003e36fb59c\u003c/code\u003e\u003c/a\u003e fix(ci): reorder \u003ccode\u003enpm i\u003c/code\u003e steps to fix ci for older node versions (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6336\"\u003e#6336\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/3a5edfaff06f1a2c7079b08d0635108b371eddfd\"\u003e\u003ccode\u003e3a5edfa\u003c/code\u003e\u003c/a\u003e fix(ci): updated github actions ci workflow (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6323\"\u003e#6323\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/52d978119a7af27667cce5d99ac0739dc269d818\"\u003e\u003ccode\u003e52d9781\u003c/code\u003e\u003c/a\u003e fix(test): add test for method routes without paths \u003ca href=\"https://redirect.github.com/expressjs/express/issues/5955\"\u003e#5955\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/expressjs/express/compare/4.21.2...4.22.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `esbuild` from 0.18.20 to 0.25.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/evanw/esbuild/releases\"\u003eesbuild's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.25.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eThis release deliberately contains backwards-incompatible changes.\u003c/strong\u003e To avoid automatically picking up releases like this, you should either be pinning the exact version of \u003ccode\u003eesbuild\u003c/code\u003e in your \u003ccode\u003epackage.json\u003c/code\u003e file (recommended) or be using a version range syntax that only accepts patch upgrades such as \u003ccode\u003e^0.24.0\u003c/code\u003e or \u003ccode\u003e~0.24.0\u003c/code\u003e. See npm's documentation about \u003ca href=\"https://docs.npmjs.com/cli/v6/using-npm/semver/\"\u003esemver\u003c/a\u003e for more information.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eRestrict access to esbuild's development server (\u003ca href=\"https://github.com/evanw/esbuild/security/advisories/GHSA-67mh-4wv8-2f99\"\u003eGHSA-67mh-4wv8-2f99\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThis change addresses esbuild's first security vulnerability report. Previously esbuild set the \u003ccode\u003eAccess-Control-Allow-Origin\u003c/code\u003e header to \u003ccode\u003e*\u003c/code\u003e to allow esbuild's development server to be flexible in how it's used for development. However, this allows the websites you visit to make HTTP requests to esbuild's local development server, which gives read-only access to your source code if the website were to fetch your source code's specific URL. You can read more information in \u003ca href=\"https://github.com/evanw/esbuild/security/advisories/GHSA-67mh-4wv8-2f99\"\u003ethe report\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eStarting with this release, \u003ca href=\"https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS\"\u003eCORS\u003c/a\u003e will now be disabled, and requests will now be denied if the host does not match the one provided to \u003ccode\u003e--serve=\u003c/code\u003e. The default host is \u003ccode\u003e0.0.0.0\u003c/code\u003e, which refers to all of the IP addresses that represent the local machine (e.g. both \u003ccode\u003e127.0.0.1\u003c/code\u003e and \u003ccode\u003e192.168.0.1\u003c/code\u003e). If you want to customize anything about esbuild's development server, you can \u003ca href=\"https://esbuild.github.io/api/#serve-proxy\"\u003eput a proxy in front of esbuild\u003c/a\u003e and modify the incoming and/or outgoing requests.\u003c/p\u003e\n\u003cp\u003eIn addition, the \u003ccode\u003eserve()\u003c/code\u003e API call has been changed to return an array of \u003ccode\u003ehosts\u003c/code\u003e instead of a single \u003ccode\u003ehost\u003c/code\u003e string. This makes it possible to determine all of the hosts that esbuild's development server will accept.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/sapphi-red\"\u003e\u003ccode\u003e@​sapphi-red\u003c/code\u003e\u003c/a\u003e for reporting this issue.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDelete output files when a build fails in watch mode (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/3643\"\u003e#3643\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eIt has been requested for esbuild to delete files when a build fails in watch mode. Previously esbuild left the old files in place, which could cause people to not immediately realize that the most recent build failed. With this release, esbuild will now delete all output files if a rebuild fails. Fixing the build error and triggering another rebuild will restore all output files again.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix correctness issues with the CSS nesting transform (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/3620\"\u003e#3620\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/3877\"\u003e#3877\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/3933\"\u003e#3933\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/3997\"\u003e#3997\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4005\"\u003e#4005\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/evanw/esbuild/pull/4037\"\u003e#4037\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/evanw/esbuild/pull/4038\"\u003e#4038\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThis release fixes the following problems:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eNaive expansion of CSS nesting can result in an exponential blow-up of generated CSS if each nesting level has multiple selectors. Previously esbuild sometimes collapsed individual nesting levels using \u003ccode\u003e:is()\u003c/code\u003e to limit expansion. However, this collapsing wasn't correct in some cases, so it has been removed to fix correctness issues.\u003c/p\u003e\n\u003cpre lang=\"css\"\u003e\u003ccode\u003e/* Original code */\r\n.parent {\r\n  \u0026gt; .a,\r\n  \u0026gt; .b1 \u0026gt; .b2 {\r\n    color: red;\r\n  }\r\n}\r\n\u003cp\u003e/* Old output (with --supported:nesting=false) */\u003cbr /\u003e\n.parent \u0026gt; :is(.a, .b1 \u0026gt; .b2) {\u003cbr /\u003e\ncolor: red;\u003cbr /\u003e\n}\u003c/p\u003e\n\u003cp\u003e/* New output (with --supported:nesting=false) */\u003cbr /\u003e\n.parent \u0026gt; .a,\u003cbr /\u003e\n.parent \u0026gt; .b1 \u0026gt; .b2 {\u003cbr /\u003e\ncolor: red;\u003cbr /\u003e\n}\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/tim-we\"\u003e\u003ccode\u003e@​tim-we\u003c/code\u003e\u003c/a\u003e for working on a fix.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ccode\u003e\u0026amp;\u003c/code\u003e CSS nesting selector can be repeated multiple times to increase CSS specificity. Previously esbuild ignored this possibility and incorrectly considered \u003ccode\u003e\u0026amp;\u0026amp;\u003c/code\u003e to have the same specificity as \u003ccode\u003e\u0026amp;\u003c/code\u003e. With this release, this should now work correctly:\u003c/p\u003e\n\u003cpre lang=\"css\"\u003e\u003ccode\u003e/* Original code (color should be red) */\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/evanw/esbuild/blob/main/CHANGELOG-2023.md\"\u003eesbuild's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog: 2023\u003c/h1\u003e\n\u003cp\u003eThis changelog documents all esbuild versions published in the year 2023 (versions 0.16.13 through 0.19.11).\u003c/p\u003e\n\u003ch2\u003e0.19.11\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix TypeScript-specific class transform edge case (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/3559\"\u003e#3559\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThe previous release introduced an optimization that avoided transforming \u003ccode\u003esuper()\u003c/code\u003e in the class constructor for TypeScript code compiled with \u003ccode\u003euseDefineForClassFields\u003c/code\u003e set to \u003ccode\u003efalse\u003c/code\u003e if all class instance fields have no initializers. The rationale was that in this case, all class instance fields are omitted in the output so no changes to the constructor are needed. However, if all of this is the case \u003cem\u003eand\u003c/em\u003e there are \u003ccode\u003e#private\u003c/code\u003e instance fields with initializers, those private instance field initializers were still being moved into the constructor. This was problematic because they were being inserted before the call to \u003ccode\u003esuper()\u003c/code\u003e (since \u003ccode\u003esuper()\u003c/code\u003e is now no longer transformed in that case). This release introduces an additional optimization that avoids moving the private instance field initializers into the constructor in this edge case, which generates smaller code, matches the TypeScript compiler's output more closely, and avoids this bug:\u003c/p\u003e\n\u003cpre lang=\"ts\"\u003e\u003ccode\u003e// Original code\nclass Foo extends Bar {\n  #private = 1;\n  public: any;\n  constructor() {\n    super();\n  }\n}\n\u003cp\u003e// Old output (with esbuild v0.19.9)\u003cbr /\u003e\nclass Foo extends Bar {\u003cbr /\u003e\nconstructor() {\u003cbr /\u003e\nsuper();\u003cbr /\u003e\nthis.#private = 1;\u003cbr /\u003e\n}\u003cbr /\u003e\n#private;\u003cbr /\u003e\n}\u003c/p\u003e\n\u003cp\u003e// Old output (with esbuild v0.19.10)\u003cbr /\u003e\nclass Foo extends Bar {\u003cbr /\u003e\nconstructor() {\u003cbr /\u003e\nthis.#private = 1;\u003cbr /\u003e\nsuper();\u003cbr /\u003e\n}\u003cbr /\u003e\n#private;\u003cbr /\u003e\n}\u003c/p\u003e\n\u003cp\u003e// New output\u003cbr /\u003e\nclass Foo extends Bar {\u003cbr /\u003e\n#private = 1;\u003cbr /\u003e\nconstructor() {\u003cbr /\u003e\nsuper();\u003cbr /\u003e\n}\u003cbr /\u003e\n}\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMinifier: allow reording a primitive past a side-effect (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/3568\"\u003e#3568\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThe minifier previously allowed reordering a side-effect past a primitive, but didn't handle the case of reordering a primitive past a side-effect. This additional case is now handled:\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/e9174d671b1882758cd32ac5e146200f5bee3e45\"\u003e\u003ccode\u003ee9174d6\u003c/code\u003e\u003c/a\u003e publish 0.25.0 to npm\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/c27dbebb9e7a55dd9a084dd151dddd840787490e\"\u003e\u003ccode\u003ec27dbeb\u003c/code\u003e\u003c/a\u003e fix \u003ccode\u003ehosts\u003c/code\u003e in \u003ccode\u003eplugin-tests.js\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/6794f602a453cf0255bcae245871de120a89a559\"\u003e\u003ccode\u003e6794f60\u003c/code\u003e\u003c/a\u003e fix \u003ccode\u003ehosts\u003c/code\u003e in \u003ccode\u003enode-unref-tests.js\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/de85afd65edec9ebc44a11e245fd9e9a2e99760d\"\u003e\u003ccode\u003ede85afd\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/da1de1bf77a65f06654b49878d9ec4747ddaa21f\"\u003e\u003ccode\u003eda1de1b\u003c/code\u003e\u003c/a\u003e fix \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4065\"\u003e#4065\u003c/a\u003e: bitwise operators can return bigints\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/f4e9d19fb20095a98bf40634f0380f6a16be91e7\"\u003e\u003ccode\u003ef4e9d19\u003c/code\u003e\u003c/a\u003e switch case liveness: \u003ccode\u003edefault\u003c/code\u003e is always last\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/7aa47c3e778ea04849f97f18dd9959df88fa0886\"\u003e\u003ccode\u003e7aa47c3\u003c/code\u003e\u003c/a\u003e fix \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4028\"\u003e#4028\u003c/a\u003e: minify live/dead \u003ccode\u003eswitch\u003c/code\u003e cases better\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/22ecd306190b8971ec4474b5485266c20350e266\"\u003e\u003ccode\u003e22ecd30\u003c/code\u003e\u003c/a\u003e minify: more constant folding for strict equality\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/4cdf03c03697128044fa8fb76e5c478e9765b353\"\u003e\u003ccode\u003e4cdf03c\u003c/code\u003e\u003c/a\u003e fix \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4053\"\u003e#4053\u003c/a\u003e: reordering of \u003ccode\u003e.tsx\u003c/code\u003e in \u003ccode\u003enode_modules\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/dc719775b7140120916bd9e6777ca1cb8a1cdc0e\"\u003e\u003ccode\u003edc71977\u003c/code\u003e\u003c/a\u003e fix \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/3692\"\u003e#3692\u003c/a\u003e: \u003ccode\u003e0\u003c/code\u003e now picks a random ephemeral port\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/evanw/esbuild/compare/v0.18.20...v0.25.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jws` from 3.2.2 to 3.2.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/brianloveswords/node-jws/releases\"\u003ejws's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.2.3\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix advisory GHSA-869p-cjfg-cm3x: createSign and createVerify now require\nthat a non empty secret is provided (via opts.secret, opts.privateKey or opts.key)\nwhen using HMAC algorithms.\u003c/li\u003e\n\u003cli\u003eUpgrading JWA version to 1.4.2, addressing a compatibility issue for Node \u0026gt;= 25.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/auth0/node-jws/blob/master/CHANGELOG.md\"\u003ejws's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[3.2.3]\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix advisory GHSA-869p-cjfg-cm3x: createSign and createVerify now require\nthat a non empty secret is provided (via opts.secret, opts.privateKey or opts.key)\nwhen using HMAC algorithms.\u003c/li\u003e\n\u003cli\u003eUpgrading JWA version to 1.4.2, adressing a compatibility issue for Node \u0026gt;= 25.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.0.0]\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eBREAKING\u003c/strong\u003e: \u003ccode\u003ejwt.verify\u003c/code\u003e now requires an \u003ccode\u003ealgorithm\u003c/code\u003e parameter, and\n\u003ccode\u003ejws.createVerify\u003c/code\u003e requires an \u003ccode\u003ealgorithm\u003c/code\u003e option. The \u003ccode\u003e\u0026quot;alg\u0026quot;\u003c/code\u003e field\nsignature headers is ignored. This mitigates a critical security flaw\nin the library which would allow an attacker to generate signatures with\narbitrary contents that would be accepted by \u003ccode\u003ejwt.verify\u003c/code\u003e. See\n\u003ca href=\"https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/\"\u003ehttps://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/\u003c/a\u003e\nfor details.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/brianloveswords/node-jws/compare/v1.0.1...v2.0.0\"\u003e2.0.0\u003c/a\u003e - 2015-01-30\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eBREAKING\u003c/strong\u003e: Default payload encoding changed from \u003ccode\u003ebinary\u003c/code\u003e to\n\u003ccode\u003eutf8\u003c/code\u003e. \u003ccode\u003eutf8\u003c/code\u003e is a is a more sensible default than \u003ccode\u003ebinary\u003c/code\u003e because\nmany payloads, as far as I can tell, will contain user-facing\nstrings that could be in any language. (\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/brianloveswords/node-jws/commit/6b6de48\"\u003e6b6de48\u003c/a\u003e\u003c!-- raw HTML omitted --\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCode reorganization, thanks \u003ca href=\"https://github.com/fearphage\"\u003e\u003ccode\u003e@​fearphage\u003c/code\u003e\u003c/a\u003e! (\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/brianloveswords/node-jws/commit/7880050\"\u003e7880050\u003c/a\u003e\u003c!-- raw HTML omitted --\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eOption in all relevant methods for \u003ccode\u003eencoding\u003c/code\u003e. For those few users\nthat might be depending on a \u003ccode\u003ebinary\u003c/code\u003e encoding of the messages, this\nis for them. (\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/brianloveswords/node-jws/commit/6b6de48\"\u003e6b6de48\u003c/a\u003e\u003c!-- raw HTML omitted --\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/auth0/node-jws/commit/4f6e73f24df42f07d632dec6431ade8eda8d11a6\"\u003e\u003ccode\u003e4f6e73f\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/auth0/node-jws/commit/bd0fea57f35a97b6749a632b19ae5100d6d35729\"\u003e\u003ccode\u003ebd0fea5\u003c/code\u003e\u003c/a\u003e version 3.2.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/auth0/node-jws/commit/7c3b4b411004c206af8901fa3f8e644127bbf8d9\"\u003e\u003ccode\u003e7c3b4b4\u003c/code\u003e\u003c/a\u003e Enhance tests for HMAC streaming sign and verify\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/auth0/node-jws/commit/a9b8ed999de8f8fff486ac9167514577a0fae323\"\u003e\u003ccode\u003ea9b8ed9\u003c/code\u003e\u003c/a\u003e Improve secretOrKey initialization in VerifyStream\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/auth0/node-jws/commit/6707fde62cbae465a7f11e52760fb994dbc0e0dc\"\u003e\u003ccode\u003e6707fde\u003c/code\u003e\u003c/a\u003e Improve secret handling in SignStream\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/brianloveswords/node-jws/compare/v3.2.2...v3.2.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~julien.wollscheid\"\u003ejulien.wollscheid\u003c/a\u003e, a new releaser for jws since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `brace-expansion` from 1.1.11 to 1.1.14\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/juliangruber/brace-expansion/releases\"\u003ebrace-expansion's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.1.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003epkg: publish on tag 1.x  c460dbd\u003c/li\u003e\n\u003cli\u003efmt  ccb8ac6\u003c/li\u003e\n\u003cli\u003eFix potential ReDoS Vulnerability or Inefficient Regular Expression (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/65\"\u003e#65\u003c/a\u003e)  c3c73c8\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v1.1.11...v1.1.12\"\u003ehttps://github.com/juliangruber/brace-expansion/compare/v1.1.11...v1.1.12\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/10c05fcf3699b1a29ef5e611c011af3d3c97e6e3\"\u003e\u003ccode\u003e10c05fc\u003c/code\u003e\u003c/a\u003e 1.1.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/1afa1b22ead12f6a7a02f25bf0f7d64c2439b007\"\u003e\u003ccode\u003e1afa1b2\u003c/code\u003e\u003c/a\u003e Add opt-in { max } mitigation to v1 legacy line (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/2fbb6a2aa0f984bb2fb5f60252ca6cba3e1368ec\"\u003e\u003ccode\u003e2fbb6a2\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/0d7652e3093d3273151729812f9b0b79a17ecba6\"\u003e\u003ccode\u003e0d7652e\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/6c353caf23beb9644f858eb3fe38d43a68b82898\"\u003e\u003ccode\u003e6c353ca\u003c/code\u003e\u003c/a\u003e 1.1.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2\"\u003e\u003ccode\u003e7fd684f\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-f886-m6hf-6m8v (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/95\"\u003e#95\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/44f33b47c5c6a965d507421af43e86cf5971d711\"\u003e\u003ccode\u003e44f33b4\u003c/code\u003e\u003c/a\u003e 1.1.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/c460dbd68e428d147b2080622d8ce126c7a08570\"\u003e\u003ccode\u003ec460dbd\u003c/code\u003e\u003c/a\u003e pkg: publish on tag 1.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/ccb8ac6d4292b7661b677fe048ba6690c877f51f\"\u003e\u003ccode\u003eccb8ac6\u003c/code\u003e\u003c/a\u003e fmt\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/c3c73c8b088defc70851843be88ccc3af08e7217\"\u003e\u003ccode\u003ec3c73c8\u003c/code\u003e\u003c/a\u003e Fix potential ReDoS Vulnerability or Inefficient Regular Expression (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/65\"\u003e#65\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/1.1.11...v1.1.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `flatted` from 3.3.3 to 3.4.2\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/3bf09091c3562e17a0647bc06710dd6097079cf7\"\u003e\u003ccode\u003e3bf0909\u003c/code\u003e\u003c/a\u003e 3.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/885ddcc33cf9657caf38c57c7be45ae1c5272802\"\u003e\u003ccode\u003e885ddcc\u003c/code\u003e\u003c/a\u003e fix CWE-1321\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/0bdba705d130f00892b1b8fcc80cf4cdea0631e3\"\u003e\u003ccode\u003e0bdba70\u003c/code\u003e\u003c/a\u003e added flatted-view to the benchmark\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/2a02dce7c641dec31194c67663f9b0b12e62da20\"\u003e\u003ccode\u003e2a02dce\u003c/code\u003e\u003c/a\u003e 3.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/fba4e8f2e113665da275b19cd0f695f3d98e9416\"\u003e\u003ccode\u003efba4e8f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/WebReflection/flatted/issues/89\"\u003e#89\u003c/a\u003e from WebReflection/python-fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/5fe86485e6df7f7f34a07a2a85498bd3e17384e7\"\u003e\u003ccode\u003e5fe8648\u003c/code\u003e\u003c/a\u003e added \u0026quot;when in Rome\u0026quot; also a test for PHP\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/53517adbefe724fe472b2f9ebcdb01910d0ae3f0\"\u003e\u003ccode\u003e53517ad\u003c/code\u003e\u003c/a\u003e some minor improvement\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/b3e2a0c387bf446435fec45ad7f05299f012346f\"\u003e\u003ccode\u003eb3e2a0c\u003c/code\u003e\u003c/a\u003e Fixing recursion issue in Python too\u003c/li\u003e\n\u003cli...\n\n_Description has been truncated_","html_url":"https://github.com/shaneslo/Microsoft-Teams-Samples/pull/10","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/shaneslo%2FMicrosoft-Teams-Samples/issues/10","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/10/packages"},{"uuid":"4448199263","node_id":"PR_kwDOE6qmMc7boNQo","number":12,"state":"closed","title":"Bump the npm_and_yarn group across 7 directories with 20 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-15T01:43:31.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-14T18:11:08.000Z","updated_at":"2026-05-15T01:43:33.000Z","time_to_close":27143,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":20,"packages":[{"name":"browserstack-local","old_version":"1.4.0","new_version":"1.5.9","repository_url":"https://github.com/browserstack/browserstack-local-nodejs"},{"name":"express","old_version":"4.17.0","new_version":"4.22.0","repository_url":"https://github.com/expressjs/express"},{"name":"minimatch","old_version":"3.0.4","new_version":"3.1.4","repository_url":"https://github.com/isaacs/minimatch"},{"name":"pnpm","old_version":"5.14.3","new_version":"10.28.2","repository_url":"https://github.com/pnpm/pnpm"},{"name":"tar","old_version":"4.4.10","new_version":"7.5.11","repository_url":"https://github.com/isaacs/node-tar"},{"name":"devalue","old_version":"2.0.1","new_version":"5.6.4","repository_url":"https://github.com/sveltejs/devalue"},{"name":"@babel/plugin-transform-modules-systemjs","old_version":"7.12.1","new_version":"7.29.4","repository_url":"https://github.com/babel/babel"},{"name":"bn.js","old_version":"4.11.9","new_version":"5.2.3","repository_url":"https://github.com/indutny/bn.js"},{"name":"cipher-base","old_version":"1.0.4","new_version":"1.0.7","repository_url":"https://github.com/crypto-browserify/cipher-base"},{"name":"follow-redirects","old_version":"1.9.0","new_version":"1.16.0","repository_url":"https://github.com/follow-redirects/follow-redirects"},{"name":"handlebars","old_version":"4.5.3","new_version":"4.7.9","repository_url":"https://github.com/handlebars-lang/handlebars.js"},{"name":"js-yaml","old_version":"3.13.1","new_version":"3.14.2","repository_url":"https://github.com/nodeca/js-yaml"},{"name":"jws","old_version":"3.2.2","new_version":"3.2.3","repository_url":"https://github.com/brianloveswords/node-jws"},{"name":"picomatch","old_version":"2.2.2","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"rollup","old_version":"2.35.1","new_version":"2.80.0","repository_url":"https://github.com/rollup/rollup"},{"name":"sha.js","old_version":"2.4.11","new_version":"2.4.12","repository_url":"https://github.com/crypto-browserify/sha.js"},{"name":"tar-fs","old_version":"2.0.0","new_version":"2.1.4","repository_url":"https://github.com/mafintosh/tar-fs"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 17 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [browserstack-local](https://github.com/browserstack/browserstack-local-nodejs) | `1.4.0` | `1.5.9` |\n| [express](https://github.com/expressjs/express) | `4.17.0` | `4.22.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.4` |\n| [pnpm](https://github.com/pnpm/pnpm/tree/HEAD/pnpm) | `5.14.3` | `10.28.2` |\n| [tar](https://github.com/isaacs/node-tar) | `4.4.10` | `7.5.11` |\n| [devalue](https://github.com/sveltejs/devalue) | `2.0.1` | `5.6.4` |\n| [@babel/plugin-transform-modules-systemjs](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs) | `7.12.1` | `7.29.4` |\n| [bn.js](https://github.com/indutny/bn.js) | `4.11.9` | `5.2.3` |\n| [cipher-base](https://github.com/crypto-browserify/cipher-base) | `1.0.4` | `1.0.7` |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.9.0` | `1.16.0` |\n| [handlebars](https://github.com/handlebars-lang/handlebars.js) | `4.5.3` | `4.7.9` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.13.1` | `3.14.2` |\n| [jws](https://github.com/brianloveswords/node-jws) | `3.2.2` | `3.2.3` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.2.2` | `2.3.2` |\n| [rollup](https://github.com/rollup/rollup) | `2.35.1` | `2.80.0` |\n| [sha.js](https://github.com/crypto-browserify/sha.js) | `2.4.11` | `2.4.12` |\n| [tar-fs](https://github.com/mafintosh/tar-fs) | `2.0.0` | `2.1.4` |\n\nBumps the npm_and_yarn group with 1 update in the /examples/api-routes-rate-limit directory: [next](https://github.com/vercel/next.js).\nBumps the npm_and_yarn group with 1 update in the /examples/using-preact directory: [next](https://github.com/vercel/next.js).\nBumps the npm_and_yarn group with 1 update in the /examples/with-mongodb-mongoose directory: [mongoose](https://github.com/Automattic/mongoose).\nBumps the npm_and_yarn group with 1 update in the /examples/with-next-translate directory: [next](https://github.com/vercel/next.js).\nBumps the npm_and_yarn group with 1 update in the /examples/with-paste-typescript directory: [next](https://github.com/vercel/next.js).\nBumps the npm_and_yarn group with 1 update in the /examples/with-storybook-styled-jsx-scss directory: [next](https://github.com/vercel/next.js).\n\nUpdates `browserstack-local` from 1.4.0 to 1.5.9\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/browserstack/browserstack-local-nodejs/releases\"\u003ebrowserstack-local's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eChanged local binary paths to support LocalBinary 7.3. Fixed folder argument.\u003c/h2\u003e\n\u003cp\u003eChanged local binary paths to support LocalBinary 7.3.\nFixed folder argument when building browserstack local arguments.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserstack/browserstack-local-nodejs/commit/f11c8ea6af74397e113bee17a170d2a62c8bce08\"\u003e\u003ccode\u003ef11c8ea\u003c/code\u003e\u003c/a\u003e 1.5.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserstack/browserstack-local-nodejs/commit/8c461a517ef8b274e28ae008d15ccc738ce8db83\"\u003e\u003ccode\u003e8c461a5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/browserstack/browserstack-local-nodejs/issues/169\"\u003e#169\u003c/a\u003e from browserstack/LOC-6480\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserstack/browserstack-local-nodejs/commit/ee24820b591123c5ebde347639da4b2f54841e5a\"\u003e\u003ccode\u003eee24820\u003c/code\u003e\u003c/a\u003e use writeFileSync instead of echo to clear the logfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserstack/browserstack-local-nodejs/commit/440aa806810347033b641a09cc24704f115e7448\"\u003e\u003ccode\u003e440aa80\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/browserstack/browserstack-local-nodejs/issues/163\"\u003e#163\u003c/a\u003e from browserstack/release_1.5.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserstack/browserstack-local-nodejs/commit/125b8f1d3b946d23c686d38e60e365d2200992b6\"\u003e\u003ccode\u003e125b8f1\u003c/code\u003e\u003c/a\u003e 1.5.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserstack/browserstack-local-nodejs/commit/3eeca3f1e505032c7cacc691684432c1348006d0\"\u003e\u003ccode\u003e3eeca3f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/browserstack/browserstack-local-nodejs/issues/162\"\u003e#162\u003c/a\u003e from browserstack/download_source_from_specified_host\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserstack/browserstack-local-nodejs/commit/17a583ae8ccddce15d48150b5bb134614913e0bf\"\u003e\u003ccode\u003e17a583a\u003c/code\u003e\u003c/a\u003e refactor into utility methods\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserstack/browserstack-local-nodejs/commit/4c0de9ded45228b163573a8a1293576bbfc2afc3\"\u003e\u003ccode\u003e4c0de9d\u003c/code\u003e\u003c/a\u003e Request download source from specified host\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserstack/browserstack-local-nodejs/commit/3b190ed2033a0ddaa1580d1289ef6fbc72f09842\"\u003e\u003ccode\u003e3b190ed\u003c/code\u003e\u003c/a\u003e 1.5.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserstack/browserstack-local-nodejs/commit/56d7b62e8a1e5b2a4eb121b3ebad0eb1e9ce976f\"\u003e\u003ccode\u003e56d7b62\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/browserstack/browserstack-local-nodejs/issues/161\"\u003e#161\u003c/a\u003e from browserstack/Change_Binary_Download_Distribution\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/browserstack/browserstack-local-nodejs/compare/v1.4.0...v1.5.9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~browserstack-admin\"\u003ebrowserstack-admin\u003c/a\u003e, a new releaser for browserstack-local since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `express` from 4.17.0 to 4.22.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/expressjs/express/releases\"\u003eexpress's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.22.0\u003c/h2\u003e\n\u003ch2\u003eImportant: Security\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity fix for \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2024-51999\"\u003eCVE-2024-51999\u003c/a\u003e (\u003ca href=\"https://github.com/expressjs/express/security/advisories/GHSA-pj86-cfqh-vqx6\"\u003eGHSA-pj86-cfqh-vqx6\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRefactor: improve readability by \u003ca href=\"https://github.com/sazk07\"\u003e\u003ccode\u003e@​sazk07\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6190\"\u003eexpressjs/express#6190\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add support for Node.js@23.0 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6080\"\u003eexpressjs/express#6080\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMethod functions with no path should error by \u003ca href=\"https://github.com/wesleytodd\"\u003e\u003ccode\u003e@​wesleytodd\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/5957\"\u003eexpressjs/express#5957\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: updated github actions ci workflow by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6323\"\u003eexpressjs/express#6323\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: reorder \u003ccode\u003enpm i\u003c/code\u003e steps to fix ci for older node versions by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6336\"\u003eexpressjs/express#6336\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBackport: ci: add node.js 24 to test matrix by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6506\"\u003eexpressjs/express#6506\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(4.x): wider range for query test skip by \u003ca href=\"https://github.com/jonchurch\"\u003e\u003ccode\u003e@​jonchurch\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6513\"\u003eexpressjs/express#6513\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003euse tilde notation for certain dependencies by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6905\"\u003eexpressjs/express#6905\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeps: qs@6.14.0 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6909\"\u003eexpressjs/express#6909\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeps: use tilde notation for \u003ccode\u003eqs\u003c/code\u003e by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6919\"\u003eexpressjs/express#6919\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelease: 4.22.0 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6921\"\u003eexpressjs/express#6921\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/expressjs/express/compare/4.21.2...4.22.0\"\u003ehttps://github.com/expressjs/express/compare/4.21.2...4.22.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e4.21.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd funding field (v4) by \u003ca href=\"https://github.com/bjohansebas\"\u003e\u003ccode\u003e@​bjohansebas\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6065\"\u003eexpressjs/express#6065\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeps: path-to-regexp@0.1.11 by \u003ca href=\"https://github.com/blakeembrey\"\u003e\u003ccode\u003e@​blakeembrey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/5956\"\u003eexpressjs/express#5956\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeps: bump path-to-regexp@0.1.12 by \u003ca href=\"https://github.com/jonchurch\"\u003e\u003ccode\u003e@​jonchurch\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6209\"\u003eexpressjs/express#6209\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelease: 4.21.2 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6094\"\u003eexpressjs/express#6094\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/expressjs/express/compare/4.21.1...4.21.2\"\u003ehttps://github.com/expressjs/express/compare/4.21.1...4.21.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e4.21.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBackport a fix for CVE-2024-47764 to the 4.x branch by \u003ca href=\"https://github.com/joshbuker\"\u003e\u003ccode\u003e@​joshbuker\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6029\"\u003eexpressjs/express#6029\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelease: 4.21.1 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6031\"\u003eexpressjs/express#6031\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/expressjs/express/compare/4.21.0...4.21.1\"\u003ehttps://github.com/expressjs/express/compare/4.21.0...4.21.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e4.21.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate \u003ccode\u003e\u0026quot;back\u0026quot;\u003c/code\u003e magic string in redirects by \u003ca href=\"https://github.com/blakeembrey\"\u003e\u003ccode\u003e@​blakeembrey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/5935\"\u003eexpressjs/express#5935\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efinalhandler@1.3.1 by \u003ca href=\"https://github.com/wesleytodd\"\u003e\u003ccode\u003e@​wesleytodd\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/5954\"\u003eexpressjs/express#5954\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(deps): serve-static@1.16.2 by \u003ca href=\"https://github.com/wesleytodd\"\u003e\u003ccode\u003e@​wesleytodd\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/5951\"\u003eexpressjs/express#5951\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgraded dependency qs to 6.13.0 to match qs in body-parser by \u003ca href=\"https://github.com/agadzinski93\"\u003e\u003ccode\u003e@​agadzinski93\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/5946\"\u003eexpressjs/express#5946\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agadzinski93\"\u003e\u003ccode\u003e@​agadzinski93\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/5946\"\u003eexpressjs/express#5946\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/expressjs/express/blob/4.22.0/History.md\"\u003eexpress's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e4.22.0 / 2025-12-01\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity fix for \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2024-51999\"\u003eCVE-2024-51999\u003c/a\u003e (\u003ca href=\"https://github.com/expressjs/express/security/advisories/GHSA-pj86-cfqh-vqx6\"\u003eGHSA-pj86-cfqh-vqx6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edeps: use tilde notation for dependencies\u003c/li\u003e\n\u003cli\u003edeps: qs@6.14.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e4.21.2 / 2024-11-06\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003edeps: path-to-regexp@0.1.12\n\u003cul\u003e\n\u003cli\u003eFix backtracking protection\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003edeps: path-to-regexp@0.1.11\n\u003cul\u003e\n\u003cli\u003eThrows an error on invalid path values\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e4.21.1 / 2024-10-08\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eBackported a fix for \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2024-47764\"\u003eCVE-2024-47764\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e4.21.0 / 2024-09-11\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate \u003ccode\u003eres.location(\u0026quot;back\u0026quot;)\u003c/code\u003e and \u003ccode\u003eres.redirect(\u0026quot;back\u0026quot;)\u003c/code\u003e magic string\u003c/li\u003e\n\u003cli\u003edeps: serve-static@1.16.2\n\u003cul\u003e\n\u003cli\u003eincludes send@0.19.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003edeps: finalhandler@1.3.1\u003c/li\u003e\n\u003cli\u003edeps: qs@6.13.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e4.20.0 / 2024-09-10\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003edeps: serve-static@0.16.0\n\u003cul\u003e\n\u003cli\u003eRemove link renderization in html while redirecting\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003edeps: send@0.19.0\n\u003cul\u003e\n\u003cli\u003eRemove link renderization in html while redirecting\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003edeps: body-parser@0.6.0\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003edepth\u003c/code\u003e option to customize the depth level in the parser\u003c/li\u003e\n\u003cli\u003eIMPORTANT: The default \u003ccode\u003edepth\u003c/code\u003e level for parsing URL-encoded data is now \u003ccode\u003e32\u003c/code\u003e (previously was \u003ccode\u003eInfinity\u003c/code\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eRemove link renderization in html while using \u003ccode\u003eres.redirect\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003edeps: path-to-regexp@0.1.10\n\u003cul\u003e\n\u003cli\u003eAdds support for named matching groups in the routes using a regex\u003c/li\u003e\n\u003cli\u003eAdds backtracking protection to parameters without regexes defined\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003edeps: encodeurl@~2.0.0\n\u003cul\u003e\n\u003cli\u003eRemoves encoding of \u003ccode\u003e\\\u003c/code\u003e, \u003ccode\u003e|\u003c/code\u003e, and \u003ccode\u003e^\u003c/code\u003e to align better with URL spec\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eDeprecate passing \u003ccode\u003eoptions.maxAge\u003c/code\u003e and \u003ccode\u003eoptions.expires\u003c/code\u003e to \u003ccode\u003eres.clearCookie\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003eWill be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e4.19.2 / 2024-03-25\u003c/h1\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/49744abd1120484fe64d7bde1cd3197c32523b6e\"\u003e\u003ccode\u003e49744ab\u003c/code\u003e\u003c/a\u003e 4.22.0 (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6921\"\u003e#6921\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/6e97452f600a3b01719fbc5517d833c7646b0bb7\"\u003e\u003ccode\u003e6e97452\u003c/code\u003e\u003c/a\u003e sec: security patch for CVE-2024-51999\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/6a23d34d652b9e69a4486d2a2a0dea54b9685fa5\"\u003e\u003ccode\u003e6a23d34\u003c/code\u003e\u003c/a\u003e deps: use tilde notation for \u003ccode\u003eqs\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6919\"\u003e#6919\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/8c12cdf93b89a4628b59179e3cc0722fc517d6b3\"\u003e\u003ccode\u003e8c12cdf\u003c/code\u003e\u003c/a\u003e deps: qs@6.14.0 (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6909\"\u003e#6909\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/7fea74fcf02764580f38f2a7f1932dfa54cddd90\"\u003e\u003ccode\u003e7fea74f\u003c/code\u003e\u003c/a\u003e deps: use tilde notation for certain dependencies (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6905\"\u003e#6905\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/dac7a0475a99e9dfc57b3b8e6d5bdf52813f1944\"\u003e\u003ccode\u003edac7a04\u003c/code\u003e\u003c/a\u003e chore: wider range for query test skip (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6513\"\u003e#6513\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/997919b48879bbd53171c3b4e5dd1b04ad139241\"\u003e\u003ccode\u003e997919b\u003c/code\u003e\u003c/a\u003e ci: add node.js 24 to test matrix (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6506\"\u003e#6506\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/36fb59c6c7d9dfca0b08dfeafb5b6e4a249234a1\"\u003e\u003ccode\u003e36fb59c\u003c/code\u003e\u003c/a\u003e fix(ci): reorder \u003ccode\u003enpm i\u003c/code\u003e steps to fix ci for older node versions (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6336\"\u003e#6336\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/3a5edfaff06f1a2c7079b08d0635108b371eddfd\"\u003e\u003ccode\u003e3a5edfa\u003c/code\u003e\u003c/a\u003e fix(ci): updated github actions ci workflow (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6323\"\u003e#6323\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/52d978119a7af27667cce5d99ac0739dc269d818\"\u003e\u003ccode\u003e52d9781\u003c/code\u003e\u003c/a\u003e fix(test): add test for method routes without paths \u003ca href=\"https://redirect.github.com/expressjs/express/issues/5955\"\u003e#5955\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/expressjs/express/compare/4.17.0...4.22.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~ulisesgascon\"\u003eulisesgascon\u003c/a\u003e, a new releaser for express since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 3.0.4 to 3.1.4\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a2e084af579731af66c221214e3ca8222c9bf23\"\u003e\u003ccode\u003e1a2e084\u003c/code\u003e\u003c/a\u003e 3.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/ae24656237c3d58067442f790ce17eff84463a47\"\u003e\u003ccode\u003eae24656\u003c/code\u003e\u003c/a\u003e update lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/b1003749228b2a79e1f237963a0d559ef7a0941e\"\u003e\u003ccode\u003eb100374\u003c/code\u003e\u003c/a\u003e limit recursion for **, improve perf considerably\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/26ffeaa091b9f660833e23f42e07165b33e85c13\"\u003e\u003ccode\u003e26ffeaa\u003c/code\u003e\u003c/a\u003e lockfile update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/9eca892a4e5dbb20534f9f30483b85cdeee6c2eb\"\u003e\u003ccode\u003e9eca892\u003c/code\u003e\u003c/a\u003e lock node version to 14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/00c323b188b704e5d4bc534ecec2268cfa70a32a\"\u003e\u003ccode\u003e00c323b\u003c/code\u003e\u003c/a\u003e 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/30486b2048929264f44d18822891cfffa02af78b\"\u003e\u003ccode\u003e30486b2\u003c/code\u003e\u003c/a\u003e update CI matrix and actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/9c31b2d4e0af72a6c2d2d62c5dbc2247da669802\"\u003e\u003ccode\u003e9c31b2d\u003c/code\u003e\u003c/a\u003e update test expectations for coalesced consecutive stars\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/46fe687857cf02f6cf45469cc593b97e11b10c96\"\u003e\u003ccode\u003e46fe687\u003c/code\u003e\u003c/a\u003e coalesce consecutive non-globstar * characters\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/5a9ccbda64befc5d94b965534dbea2853c92aebd\"\u003e\u003ccode\u003e5a9ccbd\u003c/code\u003e\u003c/a\u003e [meta] update publishConfig.tag to legacy-v3\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v3.0.4...v3.1.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pnpm` from 5.14.3 to 10.28.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pnpm/pnpm/releases\"\u003epnpm's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003epnpm 10.28.2\u003c/h2\u003e\n\u003ch2\u003ePatch Changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eSecurity fix: prevent path traversal in \u003ccode\u003edirectories.bin\u003c/code\u003e field.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eWhen pnpm installs a \u003ccode\u003efile:\u003c/code\u003e or \u003ccode\u003egit:\u003c/code\u003e dependency, it now validates that symlinks point within the package directory. Symlinks to paths outside the package root are skipped to prevent local data from being leaked into \u003ccode\u003enode_modules\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003eThis fixes a security issue where a malicious package could create symlinks to sensitive files (e.g., \u003ccode\u003e/etc/passwd\u003c/code\u003e, \u003ccode\u003e~/.ssh/id_rsa\u003c/code\u003e) and have their contents copied when the package is installed.\u003c/p\u003e\n\u003cp\u003eNote: This only affects \u003ccode\u003efile:\u003c/code\u003e and \u003ccode\u003egit:\u003c/code\u003e dependencies. Registry packages (npm) have symlinks stripped during publish and are not affected.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed optional dependencies to request full metadata from the registry to get the \u003ccode\u003elibc\u003c/code\u003e field, which is required for proper platform compatibility checks \u003ca href=\"https://redirect.github.com/pnpm/pnpm/issues/9950\"\u003e#9950\u003c/a\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ePlatinum Sponsors\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eGold Sponsors\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pnpm/pnpm/blob/v10.28.2/pnpm/CHANGELOG.md\"\u003epnpm's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e10.28.2\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eSecurity fix: prevent path traversal in \u003ccode\u003edirectories.bin\u003c/code\u003e field.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eWhen pnpm installs a \u003ccode\u003efile:\u003c/code\u003e or \u003ccode\u003egit:\u003c/code\u003e dependency, it now validates that symlinks point within the package directory. Symlinks to paths outside the package root are skipped to prevent local data from being leaked into \u003ccode\u003enode_modules\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003eThis fixes a security issue where a malicious package could create symlinks to sensitive files (e.g., \u003ccode\u003e/etc/passwd\u003c/code\u003e, \u003ccode\u003e~/.ssh/id_rsa\u003c/code\u003e) and have their contents copied when the package is installed.\u003c/p\u003e\n\u003cp\u003eNote: This only affects \u003ccode\u003efile:\u003c/code\u003e and \u003ccode\u003egit:\u003c/code\u003e dependencies. Registry packages (npm) have symlinks stripped during publish and are not affected.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed optional dependencies to request full metadata from the registry to get the \u003ccode\u003elibc\u003c/code\u003e field, which is required for proper platform compatibility checks \u003ca href=\"https://redirect.github.com/pnpm/pnpm/issues/9950\"\u003e#9950\u003c/a\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e10.28.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFixed installation of config dependencies from private registries.\u003c/p\u003e\n\u003cp\u003eAdded support for object type in \u003ccode\u003econfigDependencies\u003c/code\u003e when the tarball URL returned from package metadata differs from the computed URL \u003ca href=\"https://redirect.github.com/pnpm/pnpm/pull/10431\"\u003e#10431\u003c/a\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix path traversal vulnerability in binary fetcher ZIP extraction\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eValidate ZIP entry paths before extraction to prevent writing files outside target directory\u003c/li\u003e\n\u003cli\u003eValidate BinaryResolution.prefix (basename) to prevent directory escape via crafted prefix\u003c/li\u003e\n\u003cli\u003eBoth attack vectors now throw \u003ccode\u003eERR_PNPM_PATH_TRAVERSAL\u003c/code\u003e error\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSupport plain \u003ccode\u003ehttp://\u003c/code\u003e and \u003ccode\u003ehttps://\u003c/code\u003e URLs ending with \u003ccode\u003e.git\u003c/code\u003e as git repository dependencies.\u003c/p\u003e\n\u003cp\u003ePreviously, URLs like \u003ccode\u003ehttps://gitea.example.org/user/repo.git#commit\u003c/code\u003e were not recognized as git repositories because they lacked the \u003ccode\u003egit+\u003c/code\u003e prefix (e.g., \u003ccode\u003egit+https://\u003c/code\u003e). This caused issues when installing dependencies from self-hosted git servers like Gitea or Forgejo that don't provide tarball downloads.\u003c/p\u003e\n\u003cp\u003eChanges:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe git resolver now runs before the tarball resolver, ensuring git URLs are handled by the correct resolver\u003c/li\u003e\n\u003cli\u003eThe git resolver now recognizes plain \u003ccode\u003ehttp://\u003c/code\u003e and \u003ccode\u003ehttps://\u003c/code\u003e URLs ending in \u003ccode\u003e.git\u003c/code\u003e as git repositories\u003c/li\u003e\n\u003cli\u003eRemoved the \u003ccode\u003eisRepository\u003c/code\u003e check from the tarball resolver since it's no longer needed with the new resolver order\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFixes \u003ca href=\"https://github.com/pnpm/pnpm/tree/HEAD/pnpm/issues/10468\"\u003e#10468\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003epnpm run -r\u003c/code\u003e and \u003ccode\u003epnpm run --filter\u003c/code\u003e now fail with a non-zero exit code when no packages have the specified script. Previously, this only failed when all packages were selected. Use \u003ccode\u003e--if-present\u003c/code\u003e to suppress this error \u003ca href=\"https://redirect.github.com/pnpm/pnpm/issues/6844\"\u003e#6844\u003c/a\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a path traversal vulnerability in tarball extraction on Windows. The path normalization was only checking for \u003ccode\u003e./\u003c/code\u003e but not \u003ccode\u003e.\\\u003c/code\u003e. Since backslashes are directory separators on Windows, malicious packages could use paths like \u003ccode\u003efoo\\..\\..\\.npmrc\u003c/code\u003e to write files outside the package directory.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eWhen running \u0026quot;pnpm exec\u0026quot; from a subdirectory of a project, don't change the current working directory to the root of the project \u003ca href=\"https://redirect.github.com/pnpm/pnpm/issues/5759\"\u003e#5759\u003c/a\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a path traversal vulnerability in pnpm's bin linking. Bin names starting with \u003ccode\u003e@\u003c/code\u003e bypassed validation, and after scope normalization, path traversal sequences like \u003ccode\u003e../../\u003c/code\u003e remained intact.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRevert Try to avoid making network calls with preferOffline \u003ca href=\"https://redirect.github.com/pnpm/pnpm/pull/10334\"\u003e#10334\u003c/a\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003e--save-peer\u003c/code\u003e to write valid semver ranges to \u003ccode\u003epeerDependencies\u003c/code\u003e for protocol-based installs (e.g. \u003ccode\u003ejsr:\u003c/code\u003e) by deriving from resolved versions when available and falling back to \u003ccode\u003e*\u003c/code\u003e if none is available \u003ca href=\"https://redirect.github.com/pnpm/pnpm/issues/10417\"\u003e#10417\u003c/a\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDo not exclude the root workspace project, when it is explicitly selected via a filter \u003ca href=\"https://redirect.github.com/pnpm/pnpm/pull/10465\"\u003e#10465\u003c/a\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e10.28.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pnpm/pnpm/commit/89a2c4ec38735945ccc7a208221e696fae655e3f\"\u003e\u003ccode\u003e89a2c4e\u003c/code\u003e\u003c/a\u003e chore(release): 10.28.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pnpm/pnpm/commit/a484cea3f2564a80ce8c3171d433f3d8c3e714ef\"\u003e\u003ccode\u003ea484cea\u003c/code\u003e\u003c/a\u003e fix(npm-resolver): request full metadata for optional dependencies (\u003ca href=\"https://github.com/pnpm/pnpm/tree/HEAD/pnpm/issues/10455\"\u003e#10455\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pnpm/pnpm/commit/c90837083c28949364627d02a47238f17eea25db\"\u003e\u003ccode\u003ec908370\u003c/code\u003e\u003c/a\u003e test: fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pnpm/pnpm/commit/0b5a56aaec74a51d796adc1828c399ad6319c5be\"\u003e\u003ccode\u003e0b5a56a\u003c/code\u003e\u003c/a\u003e chore(release): 10.28.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pnpm/pnpm/commit/916b26b63ce92e3357698aef311c2deaa8a077c8\"\u003e\u003ccode\u003e916b26b\u003c/code\u003e\u003c/a\u003e fix: prevent implicit root exclusion when user filters are provided (\u003ca href=\"https://github.com/pnpm/pnpm/tree/HEAD/pnpm/issues/10465\"\u003e#10465\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pnpm/pnpm/commit/9cbba288fc49a428615db5a5d3ad8a5ef973cc71\"\u003e\u003ccode\u003e9cbba28\u003c/code\u003e\u003c/a\u003e fix(exec): preserve user execution cwd (\u003ca href=\"https://github.com/pnpm/pnpm/tree/HEAD/pnpm/issues/10445\"\u003e#10445\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pnpm/pnpm/commit/91a241e692de524a974460f69c35a309769d3045\"\u003e\u003ccode\u003e91a241e\u003c/code\u003e\u003c/a\u003e chore(release): 10.28.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pnpm/pnpm/commit/a9784fb3df170e16d9627a262cce0255cf3e41ed\"\u003e\u003ccode\u003ea9784fb\u003c/code\u003e\u003c/a\u003e revert: \u0026quot;chore: upgrade qs to 6.14.1 (\u003ca href=\"https://github.com/pnpm/pnpm/tree/HEAD/pnpm/issues/10389\"\u003e#10389\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pnpm/pnpm/commit/787ed46577c0e477f47587d2d968e8350be55f8b\"\u003e\u003ccode\u003e787ed46\u003c/code\u003e\u003c/a\u003e chore: upgrade qs to 6.14.1 (\u003ca href=\"https://github.com/pnpm/pnpm/tree/HEAD/pnpm/issues/10389\"\u003e#10389\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pnpm/pnpm/commit/6bdba72ad31e4d6b79821405e09c6bdcc93894ee\"\u003e\u003ccode\u003e6bdba72\u003c/code\u003e\u003c/a\u003e chore(release): 10.27.0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pnpm/pnpm/commits/v10.28.2/pnpm\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for pnpm since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `tar` from 4.4.10 to 7.5.11\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/isaacs/node-tar/releases\"\u003etar's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.1.13\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/npm/node-tar/compare/v6.1.12...v6.1.13\"\u003e6.1.13\u003c/a\u003e (2022-12-07)\u003c/h2\u003e\n\u003ch3\u003eDependencies\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-tar/commit/cc4e0ddfe523a0bce383846a67442c637a65d486\"\u003e\u003ccode\u003ecc4e0dd\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-tar/pull/343\"\u003e#343\u003c/a\u003e bump minipass from 3.3.6 to 4.0.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.1.12\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/npm/node-tar/compare/v6.1.11...v6.1.12\"\u003e6.1.12\u003c/a\u003e (2022-10-31)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-tar/commit/57493ee66ece50d62114e02914282fc37be3a91a\"\u003e\u003ccode\u003e57493ee\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-tar/pull/332\"\u003e#332\u003c/a\u003e ensuring close event is emited after stream has ended (\u003ca href=\"https://github.com/webark\"\u003e\u003ccode\u003e@​webark\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-tar/commit/b003c64f624332e24e19b30dc011069bb6708680\"\u003e\u003ccode\u003eb003c64\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-tar/pull/314\"\u003e#314\u003c/a\u003e replace deprecated String.prototype.substr() (\u003ca href=\"https://redirect.github.com/isaacs/node-tar/issues/314\"\u003e#314\u003c/a\u003e) (\u003ca href=\"https://github.com/CommanderRoot\"\u003e\u003ccode\u003e@​CommanderRoot\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/lukekarrys\"\u003e\u003ccode\u003e@​lukekarrys\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-tar/commit/f12992932f171ea248b27fad95e7d489a56d31ed\"\u003e\u003ccode\u003ef129929\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-tar/pull/313\"\u003e#313\u003c/a\u003e remove dead link to benchmarks (\u003ca href=\"https://redirect.github.com/isaacs/node-tar/issues/313\"\u003e#313\u003c/a\u003e) (\u003ca href=\"https://github.com/yetzt\"\u003e\u003ccode\u003e@​yetzt\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-tar/commit/c1faa9f44001dfb0bc7638b2850eb6058bd56a4a\"\u003e\u003ccode\u003ec1faa9f\u003c/code\u003e\u003c/a\u003e add examples/explanation of using tar.t (\u003ca href=\"https://github.com/isaacs\"\u003e\u003ccode\u003e@​isaacs\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md\"\u003etar's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003e7.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003ezstd\u003c/code\u003e compression support.\u003c/li\u003e\n\u003cli\u003eConsistent TOCTOU behavior in sync t.list\u003c/li\u003e\n\u003cli\u003eOnly read from ustar block if not specified in Pax\u003c/li\u003e\n\u003cli\u003eFix sync tar.list when file size reduces while reading\u003c/li\u003e\n\u003cli\u003eSanitize absolute linkpaths properly\u003c/li\u003e\n\u003cli\u003ePrevent writing hardlink entries to the archive ahead of their\nfile target\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate \u003ccode\u003eonentry\u003c/code\u003e in favor of \u003ccode\u003eonReadEntry\u003c/code\u003e for clarity.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eonWriteEntry\u003c/code\u003e option\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDRY the command definitions into a single \u003ccode\u003emakeCommand\u003c/code\u003e method,\nand update the type signatures to more appropriately infer the\nreturn type from the options and arguments provided.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate minipass to v7.1.0\u003c/li\u003e\n\u003cli\u003eUpdate the type definitions of \u003ccode\u003ewrite()\u003c/code\u003e and \u003ccode\u003eend()\u003c/code\u003e methods on\n\u003ccode\u003eUnpack\u003c/code\u003e and \u003ccode\u003eParser\u003c/code\u003e classes to be compatible with the\nNodeJS.WritableStream type in the latest versions of\n\u003ccode\u003e@types/node\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for node \u0026lt;18\u003c/li\u003e\n\u003cli\u003eRewrite in TypeScript, provide ESM and CommonJS hybrid\ninterface\u003c/li\u003e\n\u003cli\u003eAdd tree-shake friendly exports, like \u003ccode\u003eimport('tar/create')\u003c/code\u003e\nand \u003ccode\u003eimport('tar/read-entry')\u003c/code\u003e to get individual functions or\nclasses.\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003echmod\u003c/code\u003e option that defaults to false, and deprecate\n\u003ccode\u003enoChmod\u003c/code\u003e. That is, reverse the default option regarding\nexplicitly setting file system modes to match tar entry\nsettings.\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eprocessUmask\u003c/code\u003e option to avoid having to call\n\u003ccode\u003eprocess.umask()\u003c/code\u003e when \u003ccode\u003echmod: true\u003c/code\u003e (or \u003ccode\u003enoChmod: false\u003c/code\u003e) is\nset.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/bf776f673164215074b62749e0fe80e5834588f4\"\u003e\u003ccode\u003ebf776f6\u003c/code\u003e\u003c/a\u003e 7.5.11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/f48b5fa3b7985ddab96dc0f2125a4ffc9911b6ad\"\u003e\u003ccode\u003ef48b5fa\u003c/code\u003e\u003c/a\u003e prevent escaping symlinks with drive-relative paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/97cff15d3539a37a4095eb3d287147d9d77c2dc3\"\u003e\u003ccode\u003e97cff15\u003c/code\u003e\u003c/a\u003e docs: more security info\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/2b72abc1d47c3570e1ad95c9ab557fc4c2e6e4b1\"\u003e\u003ccode\u003e2b72abc\u003c/code\u003e\u003c/a\u003e 7.5.10\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/7bc755dd85e623c0279e08eb3784909e6d7e4b9f\"\u003e\u003ccode\u003e7bc755d\u003c/code\u003e\u003c/a\u003e parse root off paths before sanitizing .. parts\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/c8cb84629dee649feedde03f2f4ea48f2e44e778\"\u003e\u003ccode\u003ec8cb846\u003c/code\u003e\u003c/a\u003e update deps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/1f0c2c9006b10199cf2686f8ef43e79a1773e1aa\"\u003e\u003ccode\u003e1f0c2c9\u003c/code\u003e\u003c/a\u003e 7.5.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/fbb08518bf290733b68ca4d4135f75becf73fd75\"\u003e\u003ccode\u003efbb0851\u003c/code\u003e\u003c/a\u003e build minified version as default export\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/6b8eba0ef367ac937e703238daa6df94ae6f823f\"\u003e\u003ccode\u003e6b8eba0\u003c/code\u003e\u003c/a\u003e 7.5.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/2cb1120bcefe28d7ecc719b41441ade59c52e384\"\u003e\u003ccode\u003e2cb1120\u003c/code\u003e\u003c/a\u003e fix(unpack): improve UnpackSync symlink error \u0026quot;into\u0026quot; path accuracy\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/node-tar/compare/v4.4.10...v7.5.11\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~isaacs\"\u003eisaacs\u003c/a\u003e, a new releaser for tar since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `devalue` from 2.0.1 to 5.6.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sveltejs/devalue/releases\"\u003edevalue's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.6.4\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e87c1f3c: fix: reject \u003ccode\u003e__proto__\u003c/code\u003e keys in malformed \u003ccode\u003eObject\u003c/code\u003e wrapper payloads\u003c/p\u003e\n\u003cp\u003eThis validates the \u003ccode\u003e\u0026quot;Object\u0026quot;\u003c/code\u003e parse path and throws when the wrapped value has an own \u003ccode\u003e__proto__\u003c/code\u003e key.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e40f1db1: fix: ensure sparse array indices are integers\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e87c1f3c: fix: disallow \u003ccode\u003e__proto__\u003c/code\u003e keys in null-prototype object parsing\u003c/p\u003e\n\u003cp\u003eThis disallows \u003ccode\u003e__proto__\u003c/code\u003e keys in the \u003ccode\u003e\u0026quot;null\u0026quot;\u003c/code\u003e parse path so null-prototype object hydration cannot carry that key through parse/unflatten.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.6.3\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e0f04d4d: fix: Properly handle \u003ccode\u003e__proto__\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e819f1ac: fix: better encoding for sparse arrays\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.6.2\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e1175584: fix: validate input for \u003ccode\u003eArrayBuffer\u003c/code\u003e parsing\u003c/li\u003e\n\u003cli\u003ee46afa6: fix: validate input for typed arrays\u003c/li\u003e\n\u003cli\u003e1175584: fix: more helpful errors for inputs causing stack overflows\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.6.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e2161d44: fix: add hasOwn check before calling reviver\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.6.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ea3d09d4: feat: expose \u003ccode\u003eDevalueError\u003c/code\u003e for \u003ccode\u003einstanceof\u003c/code\u003e checks in \u003ccode\u003ecatch\u003c/code\u003e clauses\u003c/li\u003e\n\u003cli\u003ea3d09d4: feat: add \u003ccode\u003evalue\u003c/code\u003e and \u003ccode\u003eroot\u003c/code\u003e properties in \u003ccode\u003eDevalueError\u003c/code\u003e instances\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.5.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e828fa1c: Enable support for custom reducer/reviver for \u0026quot;function\u0026quot; values\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.4.2\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e5c26c0d: fix: allow custom revivers to revive things serialized by builtin reducers\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.4.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sveltejs/devalue/blob/main/CHANGELOG.md\"\u003edevalue's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.6.4\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e87c1f3c: fix: reject \u003ccode\u003e__proto__\u003c/code\u003e keys in malformed \u003ccode\u003eObject\u003c/code\u003e wrapper payloads\u003c/p\u003e\n\u003cp\u003eThis validates the \u003ccode\u003e\u0026quot;Object\u0026quot;\u003c/code\u003e parse path and throws when the wrapped value has an own \u003ccode\u003e__proto__\u003c/code\u003e key.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e40f1db1: fix: ensure sparse array indices are integers\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e87c1f3c: fix: disallow \u003ccode\u003e__proto__\u003c/code\u003e keys in null-prototype object parsing\u003c/p\u003e\n\u003cp\u003eThis disallows \u003ccode\u003e__proto__\u003c/code\u003e keys in the \u003ccode\u003e\u0026quot;null\u0026quot;\u003c/code\u003e parse path so null-prototype object hydration cannot carry that key through parse/unflatten.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.6.3\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e0f04d4d: fix: Properly handle \u003ccode\u003e__proto__\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e819f1ac: fix: better encoding for sparse arrays\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.6.2\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e1175584: fix: validate input for \u003ccode\u003eArrayBuffer\u003c/code\u003e parsing\u003c/li\u003e\n\u003cli\u003ee46afa6: fix: validate input for typed arrays\u003c/li\u003e\n\u003cli\u003e1175584: fix: more helpful errors for inputs causing stack overflows\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.6.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e2161d44: fix: add hasOwn check before calling reviver\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.6.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ea3d09d4: feat: expose \u003ccode\u003eDevalueError\u003c/code\u003e for \u003ccode\u003einstanceof\u003c/code\u003e checks in \u003ccode\u003ecatch\u003c/code\u003e clauses\u003c/li\u003e\n\u003cli\u003ea3d09d4: feat: add \u003ccode\u003evalue\u003c/code\u003e and \u003ccode\u003eroot\u003c/code\u003e properties in \u003ccode\u003eDevalueError\u003c/code\u003e instances\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.5.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e828fa1c: Enable support for custom reducer/reviver for \u0026quot;function\u0026quot; values\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.4.2\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/devalue/commit/6cbb3f51258e01d7769e2b3d77b6ce9ed060804b\"\u003e\u003ccode\u003e6cbb3f5\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://redirect.github.com/sveltejs/devalue/issues/133\"\u003e#133\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/devalue/commit/40f1db13afdd65c8e2ebd02f684276c273ef81b0\"\u003e\u003ccode\u003e40f1db1\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/devalue/commit/87c1f3ce3759765a061cfe34843ecc4b0711ba8d\"\u003e\u003ccode\u003e87c1f3c\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/devalue/commit/a4a37d208a4d1bdd0d58c82e5644c87cab855259\"\u003e\u003ccode\u003ea4a37d2\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://redirect.github.com/sveltejs/devalue/issues/132\"\u003e#132\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/devalue/commit/819f1ac7475ab37547645cfb09bf2f678a799cf0\"\u003e\u003ccode\u003e819f1ac\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/devalue/commit/0f04d4d678eac39ad5d7a07d1956275d7874e81c\"\u003e\u003ccode\u003e0f04d4d\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/devalue/commit/fcf4e88275f2e2e45b9ea70ffaa5247c8f55f057\"\u003e\u003ccode\u003efcf4e88\u003c/code\u003e\u003c/a\u003e fix tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/devalue/commit/1d8a5ea5863bcd9992755ce5a3842265753cb4ab\"\u003e\u003ccode\u003e1d8a5ea\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://redirect.github.com/sveltejs/devalue/issues/131\"\u003e#131\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/devalue/commit/11755849fa0634ae294a15ec0aef2f43efcad7c4\"\u003e\u003ccode\u003e1175584\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/devalue/commit/e46afa64dd2b25aa35fb905ba5d20cea63aabbf7\"\u003e\u003ccode\u003ee46afa6\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sveltejs/devalue/compare/v2.0.1...v5.6.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for devalue since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@babel/plugin-transform-modules-systemjs` from 7.12.1 to 7.29.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/babel/babel/releases\"\u003e@​babel/plugin-transform-modules-systemjs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.29.4 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-plugin-transform-modules-systemjs\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17974\"\u003e#17974\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 1\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.3 (2026-04-30)\u003c/h2\u003e\n\u003ch4\u003e:eyeglasses: Spec Compliance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17923\"\u003e#17923\u003c/a\u003e Support flow extends bound (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helper-create-class-features-plugin\u003c/code\u003e, \u003ccode\u003ebabel-plugin-proposal-decorators\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17931\"\u003e#17931\u003c/a\u003e fix(decorators): replace super within all removed static elements (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-register\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17915\"\u003e#17915\u003c/a\u003e Fix thread synchronization issues in \u003ccode\u003e@babel/register\u003c/code\u003e (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-compat-data\u003c/code\u003e, \u003ccode\u003ebabel-plugin-bugfix-safari-rest-destructuring-rhs-array\u003c/code\u003e, \u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17788\"\u003e#17788\u003c/a\u003e Add bugfix plugin for Safari array rest destructuring bug (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:nail_care: Polish\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17782\"\u003e#17782\u003c/a\u003e Improve trailing comma comment handling (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:memo: Documentation\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17847\"\u003e#17847\u003c/a\u003e Replace npmjs.com links with npmx.dev (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:running_woman: Performance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helper-import-to-platform-api\u003c/code\u003e, \u003ccode\u003ebabel-plugin-proposal-import-wasm-source\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-json-modules\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17818\"\u003e#17818\u003c/a\u003e Load async Wasm and JSON imports in parallel (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 4\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eBabel Bot (\u003ca href=\"https://github.com/babel-bot\"\u003e\u003ccode\u003e@​babel-bot\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNicolò Ribaudo (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.2 (2026-03-16)\u003c/h2\u003e\n\u003ch4\u003e:eyeglasses: Spec Compliance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17840\"\u003e#17840\u003c/a\u003e [7.x backport] async x =\u0026gt; {} must be in leading pos (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helpers\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-async-generator-functions\u003c/code\u003e, \u003ccode\u003ebabel-preset-env\u003c/code\u003e, \u003ccode\u003ebabel-runtime-corejs3\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17805\"\u003e#17805\u003c/a\u003e [7.x backport] fix: Properly handle await in finally (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-preset-env\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/a458f66074b97d54773db8159af673d23b26079b\"\u003e\u003ccode\u003ea458f66\u003c/code\u003e\u003c/a\u003e v7.29.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/32ebd5aaf2526ddd176fd6a3d1e3dc594abdc8d9\"\u003e\u003ccode\u003e32ebd5a\u003c/code\u003e\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17974\"\u003e#17974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/aa8394e454337d118ac3d40bfa3ee1a3cb3f3ed2\"\u003e\u003ccode\u003eaa8394e\u003c/code\u003e\u003c/a\u003e v7.29.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/0053db620c05acf0036f593b5aaf4e372daa79d0\"\u003e\u003ccode\u003e0053db6\u003c/code\u003e\u003c/a\u003e Update polyfill packages (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17727\"\u003e#17727\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/61647ae2397c82c3c71f077b5ab109106a5cac0f\"\u003e\u003ccode\u003e61647ae\u003c/code\u003e\u003c/a\u003e v7.28.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/a177d551adba99773f4ff00ea9bf46550def6132\"\u003e\u003ccode\u003ea177d55\u003c/code\u003e\u003c/a\u003e [Babel 8] Use \u003ccode\u003et.traverseFast\u003c/code\u003e to replace some \u003ccode\u003epath.traverse\u003c/code\u003e (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17518\"\u003e#17518\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/eebd3a06021c13d335b5b0bd79734df3abbea678\"\u003e\u003ccode\u003eeebd3a0\u003c/code\u003e\u003c/a\u003e v7.27.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/317e332e650bc04907bc787ab79f930288a3e71e\"\u003e\u003ccode\u003e317e332\u003c/code\u003e\u003c/a\u003e Enforce node protocol import (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17207\"\u003e#17207\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/fdc0fb59e119ee0b38bced63867a344a5b4bc2f3\"\u003e\u003ccode\u003efdc0fb5\u003c/code\u003e\u003c/a\u003e [Babel 8] Bump nodejs requirements to \u003ccode\u003e^20.19.0 || \u0026gt;= 22.12.0\u003c/code\u003e (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17204\"\u003e#17204\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/cd24cc07ef6558b7f6510f9177f6393c91b0549f\"\u003e\u003ccode\u003ecd24cc0\u003c/code\u003e\u003c/a\u003e chore: Update TS 5.7 (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17053\"\u003e#17053\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/babel/babel/commits/v7.29.4/packages/babel-plugin-transform-modules-systemjs\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for \u003ccode\u003e@​babel/plugin-transform-modules-systemjs\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `bn.js` from 4.11.9 to 5.2.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/indutny/bn.js/releases\"\u003ebn.js's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: serious issue in \u003ccode\u003e.toString(16)\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/295\"\u003e#295\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: Buffer not using global in browser (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/260\"\u003e#260\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix: LE constructor for HEX (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/265\"\u003e#265\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.1.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for defined but not implemented Symbol.for (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/252\"\u003e#252\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.1.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix BN v5/v4 interoperability issue (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/249\"\u003e#249\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.1.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eTemporary workaround for BN#_move (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/236\"\u003e#236\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd eslintrc instead config in package.json (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/237\"\u003e#237\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.1.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBenchmark for BigInt (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/226\"\u003e#226\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd documentation for max/min (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/232\"\u003e#232\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate BN#inspect for Symbols (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/225\"\u003e#225\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove performance of toArrayLike (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/222\"\u003e#222\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etemporary disable jumboMulTo in BN#mulTo (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/221\"\u003e#221\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eoptimize toBitArray function (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/212\"\u003e#212\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix iaddn sign issue (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/216\"\u003e#216\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003etravis: update node versions (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/205\"\u003e#205\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRefactor buffer constructor (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/200\"\u003e#200\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003elib: fix for negative numbers: imuln, modrn, idivn (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/185\"\u003e#185\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebn: fix Red#imod (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/178\"\u003e#178\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echeck unexpected high bits for invalid characters (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/173\"\u003e#173\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edocument support very large integers (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/158\"\u003e#158\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eonly define toBuffer if Buffer is defined (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/172\"\u003e#172\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003elib: better validation of string input (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/151\"\u003e#151\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etests: reject decimal input in constructor (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/91\"\u003e#91\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebn: make .strip() an internal method (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/105\"\u003e#105\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003elib: deprecate \u003ccode\u003e.modn()\u003c/code\u003e introduce \u003ccode\u003e.modrn()\u003c/code\u003e  (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/112\"\u003e#112\u003c/a\u003e \u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/129\"\u003e#129\u003c/a\u003e \u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/130\"\u003e#130\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebn: don't accept invalid characters (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/141\"\u003e#141\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003epackage: use \u003ccode\u003efiles\u003c/code\u003e insteadof \u003ccode\u003e.npmignore\u003c/code\u003e  (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/152\"\u003e#152\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebn: improve allocation speed for buffers (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/167\"\u003e#167\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etoJSON to default to interoperable hex (length % 2) (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/164\"\u003e#164\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/indutny/bn.js/blob/master/CHANGELOG.md\"\u003ebn.js's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.2.3 / 2026-02-19\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: imaskn state (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/317\"\u003e#317\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.2 / 2025-04-25\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: imuln/muln with zero (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/313\"\u003e#313\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.1 / 2022-02-23\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: serious issue in \u003ccode\u003e.toString(16)\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/295\"\u003e#295\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.0 / 2021-02-23\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: Buffer not using global in browser (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/260\"\u003e#260\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix LE constructor for HEX (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/265\"\u003e#265\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.1.3 / 2020-08-14\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for defined but not implemented Symbol.for (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/252\"\u003e#252\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.1.2 / 2020-05-20\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix BN v5/v4 interoperability issue (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/249\"\u003e#249\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.1.1 / 2019-12-24\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eTemporary workaround for BN#_move (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/236\"\u003e#236\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd eslintrc instead config in package.json (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/237\"\u003e#237\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.1.0 / 2019-12-23\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBenchmark for BigInt (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/226\"\u003e#226\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd documentation for max/min (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/232\"\u003e#232\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate BN#inspect for Symbols (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/225\"\u003e#225\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove performance of toArrayLike (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/222\"\u003e#222\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etemporary disable jumboMulTo in BN#mulTo (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/221\"\u003e#221\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eoptimize toBitArray function (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/212\"\u003e#212\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix iaddn sign issue (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/216\"\u003e#216\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.0.0 / 2019-07-04\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/ea6c072a951493ca99e5cd5f8da3851b90116271\"\u003e\u003ccode\u003eea6c072\u003c/code\u003e\u003c/a\u003e 5.2.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/33df26b5771e824f303a79ec6407409376baa64b\"\u003e\u003ccode\u003e33df26b\u003c/code\u003e\u003c/a\u003e fix imaskn state (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/317\"\u003e#317\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/6db7c3818569423b94ebcf2bdff90fcfb9c47f6d\"\u003e\u003ccode\u003e6db7c38\u003c/code\u003e\u003c/a\u003e 5.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/c7e1a532566c83fd0297ff7669c227b824928bf4\"\u003e\u003ccode\u003ec7e1a53\u003c/code\u003e\u003c/a\u003e Fix imuln/muln with zero (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/313\"\u003e#313\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/4cc0bfa5195d54876a6b807827e582522c813019\"\u003e\u003ccode\u003e4cc0bfa\u003c/code\u003e\u003c/a\u003e docs: mention the max plain JS number argument value (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/307\"\u003e#307\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/5df40f81ea8afb835b909bb7c21e0833cdeb6a30\"\u003e\u003ccode\u003e5df40f8\u003c/code\u003e\u003c/a\u003e Document \u003ccode\u003elength\u003c/code\u003e unit in \u003ccode\u003etoBuffer(...)\u003c/code\u003e input (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/299\"\u003e#299\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/7078ea85082f2d14e6b315debec76b472b1d55fa\"\u003e\u003ccode\u003e7078ea8\u003c/code\u003e\u003c/a\u003e 5.2.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/042ab62e70418c15f189b45460709a51faf303cc\"\u003e\u003ccode\u003e042ab62\u003c/code\u003e\u003c/a\u003e Fix serious issue in \u003ccode\u003e.toString(16)\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/295\"\u003e#295\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/db57519421f0c47c9f68c05fa6fc12273dcca2c2\"\u003e\u003ccode\u003edb57519\u003c/code\u003e\u003c/a\u003e Fix a few typos in readme (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/285\"\u003e#285\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/4187ca213e91b41acf72be046072f2dc1f06d0de\"\u003e\u003ccode\u003e4187ca2\u003c/code\u003e\u003c/a\u003e readme: add Scout APM to new Sponsors section\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/indutny/bn.js/compare/v4.11.9...v5.2.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cipher-base` from 1.0.4 to 1.0.7\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/browserify/cipher-base/blob/master/CHANGELOG.md\"\u003ecipher-base's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/browserify/cipher-base/compare/v1.0.6...v1.0.7\"\u003ev1.0.7\u003c/a\u003e - 2025-09-24\u003c/h2\u003e\n\u003ch3\u003eCommits\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Refactor] use \u003ccode\u003eto-buffer\u003c/code\u003e \u003ca href=\"https://github.com/browserify/cipher-base/commit/fd1e5eeafccbc8eaa827ee6b9b60c14608aa784f\"\u003e\u003ccode\u003efd1e5ee\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e \u003ca href=\"https://github.com/browserify/cipher-base/commit/08ba8034223a53d300b7dccf33d8f14e52379a34\"\u003e\u003ccode\u003e08ba803\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/browserify/cipher-base/compare/v1.0.5...v1.0.6\"\u003ev1.0.6\u003c/a\u003e - 2024-11-26\u003c/h2\u003e\n\u003ch3\u003eCommits\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] io.js 3.0 - Node.js 5.3 typed array support \u003ca href=\"https://github.com/browserify/cipher-base/commit/b7ddd2ac24e65cc47befc1e0eb5026422f8ab037\"\u003e\u003ccode\u003eb7ddd2a\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/browserify/cipher-base/compare/v1.0.4...v1.0.5\"\u003ev1.0.5\u003c/a\u003e - 2024-11-17\u003c/h2\u003e\n\u003ch3\u003eCommits\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Tests] standard -\u0026gt; eslint, make test dir, etc \u003ca href=\"https://github.com/browserify/cipher-base/commit/ae02fd6624c41ac4ac18077be797111d1955bc76\"\u003e\u003ccode\u003eae02fd6\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] migrate from travis to GHA \u003ca href=\"https://github.com/browserify/cipher-base/commit/66387d71461287ad9067bb1bcbfdc47403a33ee7\"\u003e\u003ccode\u003e66387d7\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] fix package.json indentation \u003ca href=\"https://github.com/browserify/cipher-base/commit/5c02918ac58c875ed36913c2dc3e1043f4d1c99c\"\u003e\u003ccode\u003e5c02918\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] return valid values on multi-byte-wide TypedArray input \u003ca href=\"https://github.com/browserify/cipher-base/commit/8fd136432ca298a664f5637629cf2b42a6c7f294\"\u003e\u003ccode\u003e8fd1364\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] add \u003ccode\u003eauto-changelog\u003c/code\u003e \u003ca href=\"https://github.com/browserify/cipher-base/commit/88dc806806d3dc41444dbf639c87c00f82c949b3\"\u003e\u003ccode\u003e88dc806\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] add \u003ccode\u003enpmignore\u003c/code\u003e and \u003ccode\u003esafe-publish-latest\u003c/code\u003e \u003ca href=\"https://github.com/browserify/cipher-base/commit/7a137d749ce7ea7ea56b9c096844b1b8ab723f61\"\u003e\u003ccode\u003e7a137d7\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eOnly apps should have lockfiles \u003ca href=\"https://github.com/browserify/cipher-base/commit/42528f291db16bf2e7d5f831ebe2ad87fd0b1f42\"\u003e\u003ccode\u003e42528f2\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003einherits\u003c/code\u003e, \u003ccode\u003esafe-buffer\u003c/code\u003e \u003ca href=\"https://github.com/browserify/cipher-base/commit/0e7a2d9a33a391e82fa9cf512d6e25cc91ab8613\"\u003e\u003ccode\u003e0e7a2d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] add missing \u003ccode\u003eengines.node\u003c/code\u003e \u003ca href=\"https://github.com/browserify/cipher-base/commit/f2dc13e47bbcf3c873db9a9e0f83e5f29d0783fe\"\u003e\u003ccode\u003ef2dc13e\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/00567180c846dd3db3848c9223991c58a0d5490c\"\u003e\u003ccode\u003e0056718\u003c/code\u003e\u003c/a\u003e v1.0.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/fd1e5eeafccbc8eaa827ee6b9b60c14608aa784f\"\u003e\u003ccode\u003efd1e5ee\u003c/code\u003e\u003c/a\u003e [Refactor] use \u003ccode\u003eto-buffer\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/08ba8034223a53d300b7dccf33d8f14e52379a34\"\u003e\u003ccode\u003e08ba803\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/f5249f94611506ef35a8be4d48a3fc5ecf1fac63\"\u003e\u003ccode\u003ef5249f9\u003c/code\u003e\u003c/a\u003e v1.0.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/b7ddd2ac24e65cc47befc1e0eb5026422f8ab037\"\u003e\u003ccode\u003eb7ddd2a\u003c/code\u003e\u003c/a\u003e [Fix] io.js 3.0 - Node.js 5.3 typed array support\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/f03cebfdad1cba1d56614c58affa303b0fa2a43e\"\u003e\u003ccode\u003ef03cebf\u003c/code\u003e\u003c/a\u003e v1.0.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/88dc806806d3dc41444dbf639c87c00f82c949b3\"\u003e\u003ccode\u003e88dc806\u003c/code\u003e\u003c/a\u003e [meta] add \u003ccode\u003eauto-changelog\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/7a137d749ce7ea7ea56b9c096844b1b8ab723f61\"\u003e\u003ccode\u003e7a137d7\u003c/code\u003e\u003c/a\u003e [meta] add \u003ccode\u003enpmignore\u003c/code\u003e and \u003ccode\u003esafe-publish-latest\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/5c02918ac58c875ed36913c2dc3e1043f4d1c99c\"\u003e\u003ccode\u003e5c02918\u003c/code\u003e\u003c/a\u003e [meta] fix package.json indentation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/8fd136432ca298a664f5637629cf2b42a6c7f294\"\u003e\u003ccode\u003e8fd1364\u003c/code\u003e\u003c/a\u003e [Fix] return valid values on multi-byte-wide TypedArray input\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/crypto-browserify/cipher-base/compare/v1.0.4...v1.0.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~ljharb\"\u003eljharb\u003c/a\u003e, a new releaser for cipher-base since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepublish\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `follow-redirects` from 1.9.0 to 1.16.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/0c23a223067201c368035e82954c11eb2578a33b\"\u003e\u003ccode\u003e0c23a22\u003c/code\u003e\u003c/a\u003e Release version 1.16.0 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/844c4d302ac963d29bdb5dc1754ec7df3d70d7f9\"\u003e\u003ccode\u003e844c4d3\u003c/code\u003e\u003c/a\u003e Add sensitiveHeaders option.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5e8b8d024e2c76f804a284258e585ecb49a575be\"\u003e\u003ccode\u003e5e8b8d0\u003c/code\u003e\u003c/a\u003e ci: add Node.js 24.x to the CI matrix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7953e2255aa0b93602eed3804f3bc5e6923a03af\"\u003e\u003ccode\u003e7953e22\u003c/code\u003e\u003c/a\u003e ci: upgrade GitHub Actions to use setup-node@v6 and checkout@v6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/86dc1f86e4b56bcd642c78384d51f10f123aea75\"\u003e\u003ccode\u003e86dc1f8\u003c/code\u003e\u003c/a\u003e Sanitizing input.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/21ef28a544c5e57f4c34b8476d75f2144609a1eb\"\u003e\u003ccode\u003e21ef28a\u003c/code\u003e\u003c/a\u003e Release version 1.15.11 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7c88135da3bd0681a7e156ee66b16b2f6f98b480\"\u003e\u003ccode\u003e7c88135\u003c/code\u003e\u003c/a\u003e Roll back tree shaking.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/6e389ba094beec211a8847788a146917a16c1bdb\"\u003e\u003ccode\u003e6e389ba\u003c/code\u003e\u003c/a\u003e Release version 1.15.10 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5bc496e0229abda823221e0c6267926a3f93f262\"\u003e\u003ccode\u003e5bc496e\u003c/code\u003e\u003c/a\u003e Shake me up before you go-go.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/694d6b47a42bc8377e5ef1480394de451e16bd5b\"\u003e\u003ccode\u003e694d6b4\u003c/code\u003e\u003c/a\u003e Bump minimist from 1.2.5 to 1.2.8\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/follow-redirects/follow-redirects/compare/v1.9.0...v1.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `handlebars` from 4.5.3 to 4.7.9\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/handlebars-lang/handlebars.js/releases\"\u003ehandlebars's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.7.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: enable shell mode for spawn to resolve Windows EINVAL issue - e0137c2\u003c/li\u003e\n\u003cli\u003efix type \u0026quot;RuntimeOptions\u0026quot; also accepting string partials - eab1d14\u003c/li\u003e\n\u003cli\u003efeat(types): set \u003ccode\u003ehash\u003c/code\u003e to be a \u003ccode\u003eRecord\u0026lt;string, any\u0026gt;\u003c/code\u003e - de4414d\u003c/li\u003e\n\u003cli\u003efix non-contiguous program indices - 4512766\u003c/li\u003e\n\u003cli\u003erefactor: rename i to startPartIndex - e497a35\u003c/li\u003e\n\u003cli\u003esecurity: fix security issues - 68d8df5\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2w6w-674q-4c4q\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2w6w-674q-4c4q\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-3mfm-83xf-c92r\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-3mfm-83xf-c92r\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xhpv-hc6g-r9c6\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xhpv-hc6g-r9c6\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xjpj-3mr7-gcpf\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xjpj-3mr7-gcpf\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-9cx6-37pm-9jff\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-9cx6-37pm-9jff\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2qvq-rjwj-gvw9\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2qvq-rjwj-gvw9\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-7rx3-28cr-v5wh\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-7rx3-28cr-v5wh\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-442j-39wm-28r2\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-442j-39wm-28r2\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.8...v4.7.9\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.7.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMake library compatible with workers (\u003ca href=\"https://redirect.gi...\n\n_Description has been truncated_","html_url":"https://github.com/Surfndez/next.js/pull/12","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Surfndez%2Fnext.js/issues/12","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/12/packages"},{"uuid":"4447841666","node_id":"PR_kwDOGn7O-c7bnFib","number":12,"state":"closed","title":"Bump the npm_and_yarn group across 9 directories with 20 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-14T17:50:34.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-14T17:14:13.000Z","updated_at":"2026-05-14T17:50:36.000Z","time_to_close":2181,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":20,"packages":[{"name":"express","old_version":"4.17.0","new_version":"4.22.0","repository_url":"https://github.com/expressjs/express"},{"name":"minimatch","old_version":"3.0.4","new_version":"3.1.4","repository_url":"https://github.com/isaacs/minimatch"},{"name":"tar","old_version":"4.4.10","new_version":"7.5.11","repository_url":"https://github.com/isaacs/node-tar"},{"name":"devalue","old_version":"2.0.1","new_version":"5.6.4","repository_url":"https://github.com/sveltejs/devalue"},{"name":"@babel/plugin-transform-modules-systemjs","old_version":"7.12.1","new_version":"7.29.4","repository_url":"https://github.com/babel/babel"},{"name":"bn.js","old_version":"4.11.9","new_version":"5.2.3","repository_url":"https://github.com/indutny/bn.js"},{"name":"cipher-base","old_version":"1.0.4","new_version":"1.0.7","repository_url":"https://github.com/crypto-browserify/cipher-base"},{"name":"flatted","old_version":"3.1.1","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"follow-redirects","old_version":"1.9.0","new_version":"1.16.0","repository_url":"https://github.com/follow-redirects/follow-redirects"},{"name":"handlebars","old_version":"4.7.6","new_version":"4.7.9","repository_url":"https://github.com/handlebars-lang/handlebars.js"},{"name":"js-yaml","old_version":"3.13.1","new_version":"3.14.2","repository_url":"https://github.com/nodeca/js-yaml"},{"name":"jws","old_version":"3.2.2","new_version":"3.2.3","repository_url":"https://github.com/brianloveswords/node-jws"},{"name":"pbkdf2","old_version":"3.1.1","new_version":"3.1.5","repository_url":"https://github.com/browserify/pbkdf2"},{"name":"rollup","old_version":"2.35.1","new_version":"2.80.0","repository_url":"https://github.com/rollup/rollup"},{"name":"serialize-javascript","old_version":"3.1.0","new_version":"6.0.2","repository_url":"https://github.com/yahoo/serialize-javascript"},{"name":"sha.js","old_version":"2.4.11","new_version":"2.4.12","repository_url":"https://github.com/crypto-browserify/sha.js"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 16 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [express](https://github.com/expressjs/express) | `4.17.0` | `4.22.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.4` |\n| [tar](https://github.com/isaacs/node-tar) | `4.4.10` | `7.5.11` |\n| [devalue](https://github.com/sveltejs/devalue) | `2.0.1` | `5.6.4` |\n| [@babel/plugin-transform-modules-systemjs](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs) | `7.12.1` | `7.29.4` |\n| [bn.js](https://github.com/indutny/bn.js) | `4.11.9` | `5.2.3` |\n| [cipher-base](https://github.com/crypto-browserify/cipher-base) | `1.0.4` | `1.0.7` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.1.1` | `3.4.2` |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.9.0` | `1.16.0` |\n| [handlebars](https://github.com/handlebars-lang/handlebars.js) | `4.7.6` | `4.7.9` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.13.1` | `3.14.2` |\n| [jws](https://github.com/brianloveswords/node-jws) | `3.2.2` | `3.2.3` |\n| [pbkdf2](https://github.com/browserify/pbkdf2) | `3.1.1` | `3.1.5` |\n| [rollup](https://github.com/rollup/rollup) | `2.35.1` | `2.80.0` |\n| [serialize-javascript](https://github.com/yahoo/serialize-javascript) | `3.1.0` | `6.0.2` |\n| [sha.js](https://github.com/crypto-browserify/sha.js) | `2.4.11` | `2.4.12` |\n\nBumps the npm_and_yarn group with 1 update in the /examples/auth-with-stytch directory: [next](https://github.com/vercel/next.js).\nBumps the npm_and_yarn group with 1 update in the /examples/blog-with-comment directory: [next](https://github.com/vercel/next.js).\nBumps the npm_and_yarn group with 1 update in the /examples/styled-jsx-with-csp directory: [next](https://github.com/vercel/next.js).\nBumps the npm_and_yarn group with 1 update in the /examples/using-preact directory: [next](https://github.com/vercel/next.js).\nBumps the npm_and_yarn group with 1 update in the /examples/with-aws-amplify-typescript directory: [next](https://github.com/vercel/next.js).\nBumps the npm_and_yarn group with 1 update in the /examples/with-i18n-next-intl directory: [next-intl](https://github.com/amannn/next-intl).\nBumps the npm_and_yarn group with 1 update in the /examples/with-nhost-auth-realtime-graphql directory: [next](https://github.com/vercel/next.js).\nBumps the npm_and_yarn group with 1 update in the /examples/with-paste-typescript directory: [next](https://github.com/vercel/next.js).\n\nUpdates `express` from 4.17.0 to 4.22.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/expressjs/express/releases\"\u003eexpress's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.22.0\u003c/h2\u003e\n\u003ch2\u003eImportant: Security\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity fix for \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2024-51999\"\u003eCVE-2024-51999\u003c/a\u003e (\u003ca href=\"https://github.com/expressjs/express/security/advisories/GHSA-pj86-cfqh-vqx6\"\u003eGHSA-pj86-cfqh-vqx6\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRefactor: improve readability by \u003ca href=\"https://github.com/sazk07\"\u003e\u003ccode\u003e@​sazk07\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6190\"\u003eexpressjs/express#6190\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add support for Node.js@23.0 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6080\"\u003eexpressjs/express#6080\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMethod functions with no path should error by \u003ca href=\"https://github.com/wesleytodd\"\u003e\u003ccode\u003e@​wesleytodd\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/5957\"\u003eexpressjs/express#5957\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: updated github actions ci workflow by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6323\"\u003eexpressjs/express#6323\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: reorder \u003ccode\u003enpm i\u003c/code\u003e steps to fix ci for older node versions by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6336\"\u003eexpressjs/express#6336\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBackport: ci: add node.js 24 to test matrix by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6506\"\u003eexpressjs/express#6506\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(4.x): wider range for query test skip by \u003ca href=\"https://github.com/jonchurch\"\u003e\u003ccode\u003e@​jonchurch\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6513\"\u003eexpressjs/express#6513\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003euse tilde notation for certain dependencies by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6905\"\u003eexpressjs/express#6905\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeps: qs@6.14.0 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6909\"\u003eexpressjs/express#6909\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeps: use tilde notation for \u003ccode\u003eqs\u003c/code\u003e by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6919\"\u003eexpressjs/express#6919\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelease: 4.22.0 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6921\"\u003eexpressjs/express#6921\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/expressjs/express/compare/4.21.2...4.22.0\"\u003ehttps://github.com/expressjs/express/compare/4.21.2...4.22.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e4.21.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd funding field (v4) by \u003ca href=\"https://github.com/bjohansebas\"\u003e\u003ccode\u003e@​bjohansebas\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6065\"\u003eexpressjs/express#6065\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeps: path-to-regexp@0.1.11 by \u003ca href=\"https://github.com/blakeembrey\"\u003e\u003ccode\u003e@​blakeembrey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/5956\"\u003eexpressjs/express#5956\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeps: bump path-to-regexp@0.1.12 by \u003ca href=\"https://github.com/jonchurch\"\u003e\u003ccode\u003e@​jonchurch\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6209\"\u003eexpressjs/express#6209\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelease: 4.21.2 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6094\"\u003eexpressjs/express#6094\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/expressjs/express/compare/4.21.1...4.21.2\"\u003ehttps://github.com/expressjs/express/compare/4.21.1...4.21.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e4.21.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBackport a fix for CVE-2024-47764 to the 4.x branch by \u003ca href=\"https://github.com/joshbuker\"\u003e\u003ccode\u003e@​joshbuker\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6029\"\u003eexpressjs/express#6029\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelease: 4.21.1 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6031\"\u003eexpressjs/express#6031\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/expressjs/express/compare/4.21.0...4.21.1\"\u003ehttps://github.com/expressjs/express/compare/4.21.0...4.21.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e4.21.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate \u003ccode\u003e\u0026quot;back\u0026quot;\u003c/code\u003e magic string in redirects by \u003ca href=\"https://github.com/blakeembrey\"\u003e\u003ccode\u003e@​blakeembrey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/5935\"\u003eexpressjs/express#5935\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efinalhandler@1.3.1 by \u003ca href=\"https://github.com/wesleytodd\"\u003e\u003ccode\u003e@​wesleytodd\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/5954\"\u003eexpressjs/express#5954\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(deps): serve-static@1.16.2 by \u003ca href=\"https://github.com/wesleytodd\"\u003e\u003ccode\u003e@​wesleytodd\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/5951\"\u003eexpressjs/express#5951\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgraded dependency qs to 6.13.0 to match qs in body-parser by \u003ca href=\"https://github.com/agadzinski93\"\u003e\u003ccode\u003e@​agadzinski93\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/5946\"\u003eexpressjs/express#5946\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agadzinski93\"\u003e\u003ccode\u003e@​agadzinski93\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/5946\"\u003eexpressjs/express#5946\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/expressjs/express/blob/4.22.0/History.md\"\u003eexpress's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e4.22.0 / 2025-12-01\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity fix for \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2024-51999\"\u003eCVE-2024-51999\u003c/a\u003e (\u003ca href=\"https://github.com/expressjs/express/security/advisories/GHSA-pj86-cfqh-vqx6\"\u003eGHSA-pj86-cfqh-vqx6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edeps: use tilde notation for dependencies\u003c/li\u003e\n\u003cli\u003edeps: qs@6.14.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e4.21.2 / 2024-11-06\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003edeps: path-to-regexp@0.1.12\n\u003cul\u003e\n\u003cli\u003eFix backtracking protection\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003edeps: path-to-regexp@0.1.11\n\u003cul\u003e\n\u003cli\u003eThrows an error on invalid path values\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e4.21.1 / 2024-10-08\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eBackported a fix for \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2024-47764\"\u003eCVE-2024-47764\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e4.21.0 / 2024-09-11\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate \u003ccode\u003eres.location(\u0026quot;back\u0026quot;)\u003c/code\u003e and \u003ccode\u003eres.redirect(\u0026quot;back\u0026quot;)\u003c/code\u003e magic string\u003c/li\u003e\n\u003cli\u003edeps: serve-static@1.16.2\n\u003cul\u003e\n\u003cli\u003eincludes send@0.19.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003edeps: finalhandler@1.3.1\u003c/li\u003e\n\u003cli\u003edeps: qs@6.13.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e4.20.0 / 2024-09-10\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003edeps: serve-static@0.16.0\n\u003cul\u003e\n\u003cli\u003eRemove link renderization in html while redirecting\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003edeps: send@0.19.0\n\u003cul\u003e\n\u003cli\u003eRemove link renderization in html while redirecting\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003edeps: body-parser@0.6.0\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003edepth\u003c/code\u003e option to customize the depth level in the parser\u003c/li\u003e\n\u003cli\u003eIMPORTANT: The default \u003ccode\u003edepth\u003c/code\u003e level for parsing URL-encoded data is now \u003ccode\u003e32\u003c/code\u003e (previously was \u003ccode\u003eInfinity\u003c/code\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eRemove link renderization in html while using \u003ccode\u003eres.redirect\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003edeps: path-to-regexp@0.1.10\n\u003cul\u003e\n\u003cli\u003eAdds support for named matching groups in the routes using a regex\u003c/li\u003e\n\u003cli\u003eAdds backtracking protection to parameters without regexes defined\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003edeps: encodeurl@~2.0.0\n\u003cul\u003e\n\u003cli\u003eRemoves encoding of \u003ccode\u003e\\\u003c/code\u003e, \u003ccode\u003e|\u003c/code\u003e, and \u003ccode\u003e^\u003c/code\u003e to align better with URL spec\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eDeprecate passing \u003ccode\u003eoptions.maxAge\u003c/code\u003e and \u003ccode\u003eoptions.expires\u003c/code\u003e to \u003ccode\u003eres.clearCookie\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003eWill be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e4.19.2 / 2024-03-25\u003c/h1\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/49744abd1120484fe64d7bde1cd3197c32523b6e\"\u003e\u003ccode\u003e49744ab\u003c/code\u003e\u003c/a\u003e 4.22.0 (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6921\"\u003e#6921\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/6e97452f600a3b01719fbc5517d833c7646b0bb7\"\u003e\u003ccode\u003e6e97452\u003c/code\u003e\u003c/a\u003e sec: security patch for CVE-2024-51999\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/6a23d34d652b9e69a4486d2a2a0dea54b9685fa5\"\u003e\u003ccode\u003e6a23d34\u003c/code\u003e\u003c/a\u003e deps: use tilde notation for \u003ccode\u003eqs\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6919\"\u003e#6919\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/8c12cdf93b89a4628b59179e3cc0722fc517d6b3\"\u003e\u003ccode\u003e8c12cdf\u003c/code\u003e\u003c/a\u003e deps: qs@6.14.0 (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6909\"\u003e#6909\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/7fea74fcf02764580f38f2a7f1932dfa54cddd90\"\u003e\u003ccode\u003e7fea74f\u003c/code\u003e\u003c/a\u003e deps: use tilde notation for certain dependencies (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6905\"\u003e#6905\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/dac7a0475a99e9dfc57b3b8e6d5bdf52813f1944\"\u003e\u003ccode\u003edac7a04\u003c/code\u003e\u003c/a\u003e chore: wider range for query test skip (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6513\"\u003e#6513\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/997919b48879bbd53171c3b4e5dd1b04ad139241\"\u003e\u003ccode\u003e997919b\u003c/code\u003e\u003c/a\u003e ci: add node.js 24 to test matrix (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6506\"\u003e#6506\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/36fb59c6c7d9dfca0b08dfeafb5b6e4a249234a1\"\u003e\u003ccode\u003e36fb59c\u003c/code\u003e\u003c/a\u003e fix(ci): reorder \u003ccode\u003enpm i\u003c/code\u003e steps to fix ci for older node versions (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6336\"\u003e#6336\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/3a5edfaff06f1a2c7079b08d0635108b371eddfd\"\u003e\u003ccode\u003e3a5edfa\u003c/code\u003e\u003c/a\u003e fix(ci): updated github actions ci workflow (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6323\"\u003e#6323\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/52d978119a7af27667cce5d99ac0739dc269d818\"\u003e\u003ccode\u003e52d9781\u003c/code\u003e\u003c/a\u003e fix(test): add test for method routes without paths \u003ca href=\"https://redirect.github.com/expressjs/express/issues/5955\"\u003e#5955\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/expressjs/express/compare/4.17.0...4.22.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~ulisesgascon\"\u003eulisesgascon\u003c/a\u003e, a new releaser for express since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 3.0.4 to 3.1.4\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a2e084af579731af66c221214e3ca8222c9bf23\"\u003e\u003ccode\u003e1a2e084\u003c/code\u003e\u003c/a\u003e 3.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/ae24656237c3d58067442f790ce17eff84463a47\"\u003e\u003ccode\u003eae24656\u003c/code\u003e\u003c/a\u003e update lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/b1003749228b2a79e1f237963a0d559ef7a0941e\"\u003e\u003ccode\u003eb100374\u003c/code\u003e\u003c/a\u003e limit recursion for **, improve perf considerably\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/26ffeaa091b9f660833e23f42e07165b33e85c13\"\u003e\u003ccode\u003e26ffeaa\u003c/code\u003e\u003c/a\u003e lockfile update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/9eca892a4e5dbb20534f9f30483b85cdeee6c2eb\"\u003e\u003ccode\u003e9eca892\u003c/code\u003e\u003c/a\u003e lock node version to 14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/00c323b188b704e5d4bc534ecec2268cfa70a32a\"\u003e\u003ccode\u003e00c323b\u003c/code\u003e\u003c/a\u003e 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/30486b2048929264f44d18822891cfffa02af78b\"\u003e\u003ccode\u003e30486b2\u003c/code\u003e\u003c/a\u003e update CI matrix and actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/9c31b2d4e0af72a6c2d2d62c5dbc2247da669802\"\u003e\u003ccode\u003e9c31b2d\u003c/code\u003e\u003c/a\u003e update test expectations for coalesced consecutive stars\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/46fe687857cf02f6cf45469cc593b97e11b10c96\"\u003e\u003ccode\u003e46fe687\u003c/code\u003e\u003c/a\u003e coalesce consecutive non-globstar * characters\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/5a9ccbda64befc5d94b965534dbea2853c92aebd\"\u003e\u003ccode\u003e5a9ccbd\u003c/code\u003e\u003c/a\u003e [meta] update publishConfig.tag to legacy-v3\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v3.0.4...v3.1.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `tar` from 4.4.10 to 7.5.11\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/isaacs/node-tar/releases\"\u003etar's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.1.13\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/npm/node-tar/compare/v6.1.12...v6.1.13\"\u003e6.1.13\u003c/a\u003e (2022-12-07)\u003c/h2\u003e\n\u003ch3\u003eDependencies\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-tar/commit/cc4e0ddfe523a0bce383846a67442c637a65d486\"\u003e\u003ccode\u003ecc4e0dd\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-tar/pull/343\"\u003e#343\u003c/a\u003e bump minipass from 3.3.6 to 4.0.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.1.12\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/npm/node-tar/compare/v6.1.11...v6.1.12\"\u003e6.1.12\u003c/a\u003e (2022-10-31)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-tar/commit/57493ee66ece50d62114e02914282fc37be3a91a\"\u003e\u003ccode\u003e57493ee\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-tar/pull/332\"\u003e#332\u003c/a\u003e ensuring close event is emited after stream has ended (\u003ca href=\"https://github.com/webark\"\u003e\u003ccode\u003e@​webark\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-tar/commit/b003c64f624332e24e19b30dc011069bb6708680\"\u003e\u003ccode\u003eb003c64\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-tar/pull/314\"\u003e#314\u003c/a\u003e replace deprecated String.prototype.substr() (\u003ca href=\"https://redirect.github.com/isaacs/node-tar/issues/314\"\u003e#314\u003c/a\u003e) (\u003ca href=\"https://github.com/CommanderRoot\"\u003e\u003ccode\u003e@​CommanderRoot\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/lukekarrys\"\u003e\u003ccode\u003e@​lukekarrys\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-tar/commit/f12992932f171ea248b27fad95e7d489a56d31ed\"\u003e\u003ccode\u003ef129929\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-tar/pull/313\"\u003e#313\u003c/a\u003e remove dead link to benchmarks (\u003ca href=\"https://redirect.github.com/isaacs/node-tar/issues/313\"\u003e#313\u003c/a\u003e) (\u003ca href=\"https://github.com/yetzt\"\u003e\u003ccode\u003e@​yetzt\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-tar/commit/c1faa9f44001dfb0bc7638b2850eb6058bd56a4a\"\u003e\u003ccode\u003ec1faa9f\u003c/code\u003e\u003c/a\u003e add examples/explanation of using tar.t (\u003ca href=\"https://github.com/isaacs\"\u003e\u003ccode\u003e@​isaacs\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md\"\u003etar's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003e7.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003ezstd\u003c/code\u003e compression support.\u003c/li\u003e\n\u003cli\u003eConsistent TOCTOU behavior in sync t.list\u003c/li\u003e\n\u003cli\u003eOnly read from ustar block if not specified in Pax\u003c/li\u003e\n\u003cli\u003eFix sync tar.list when file size reduces while reading\u003c/li\u003e\n\u003cli\u003eSanitize absolute linkpaths properly\u003c/li\u003e\n\u003cli\u003ePrevent writing hardlink entries to the archive ahead of their\nfile target\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate \u003ccode\u003eonentry\u003c/code\u003e in favor of \u003ccode\u003eonReadEntry\u003c/code\u003e for clarity.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eonWriteEntry\u003c/code\u003e option\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDRY the command definitions into a single \u003ccode\u003emakeCommand\u003c/code\u003e method,\nand update the type signatures to more appropriately infer the\nreturn type from the options and arguments provided.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate minipass to v7.1.0\u003c/li\u003e\n\u003cli\u003eUpdate the type definitions of \u003ccode\u003ewrite()\u003c/code\u003e and \u003ccode\u003eend()\u003c/code\u003e methods on\n\u003ccode\u003eUnpack\u003c/code\u003e and \u003ccode\u003eParser\u003c/code\u003e classes to be compatible with the\nNodeJS.WritableStream type in the latest versions of\n\u003ccode\u003e@types/node\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for node \u0026lt;18\u003c/li\u003e\n\u003cli\u003eRewrite in TypeScript, provide ESM and CommonJS hybrid\ninterface\u003c/li\u003e\n\u003cli\u003eAdd tree-shake friendly exports, like \u003ccode\u003eimport('tar/create')\u003c/code\u003e\nand \u003ccode\u003eimport('tar/read-entry')\u003c/code\u003e to get individual functions or\nclasses.\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003echmod\u003c/code\u003e option that defaults to false, and deprecate\n\u003ccode\u003enoChmod\u003c/code\u003e. That is, reverse the default option regarding\nexplicitly setting file system modes to match tar entry\nsettings.\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eprocessUmask\u003c/code\u003e option to avoid having to call\n\u003ccode\u003eprocess.umask()\u003c/code\u003e when \u003ccode\u003echmod: true\u003c/code\u003e (or \u003ccode\u003enoChmod: false\u003c/code\u003e) is\nset.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/bf776f673164215074b62749e0fe80e5834588f4\"\u003e\u003ccode\u003ebf776f6\u003c/code\u003e\u003c/a\u003e 7.5.11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/f48b5fa3b7985ddab96dc0f2125a4ffc9911b6ad\"\u003e\u003ccode\u003ef48b5fa\u003c/code\u003e\u003c/a\u003e prevent escaping symlinks with drive-relative paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/97cff15d3539a37a4095eb3d287147d9d77c2dc3\"\u003e\u003ccode\u003e97cff15\u003c/code\u003e\u003c/a\u003e docs: more security info\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/2b72abc1d47c3570e1ad95c9ab557fc4c2e6e4b1\"\u003e\u003ccode\u003e2b72abc\u003c/code\u003e\u003c/a\u003e 7.5.10\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/7bc755dd85e623c0279e08eb3784909e6d7e4b9f\"\u003e\u003ccode\u003e7bc755d\u003c/code\u003e\u003c/a\u003e parse root off paths before sanitizing .. parts\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/c8cb84629dee649feedde03f2f4ea48f2e44e778\"\u003e\u003ccode\u003ec8cb846\u003c/code\u003e\u003c/a\u003e update deps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/1f0c2c9006b10199cf2686f8ef43e79a1773e1aa\"\u003e\u003ccode\u003e1f0c2c9\u003c/code\u003e\u003c/a\u003e 7.5.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/fbb08518bf290733b68ca4d4135f75becf73fd75\"\u003e\u003ccode\u003efbb0851\u003c/code\u003e\u003c/a\u003e build minified version as default export\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/6b8eba0ef367ac937e703238daa6df94ae6f823f\"\u003e\u003ccode\u003e6b8eba0\u003c/code\u003e\u003c/a\u003e 7.5.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/2cb1120bcefe28d7ecc719b41441ade59c52e384\"\u003e\u003ccode\u003e2cb1120\u003c/code\u003e\u003c/a\u003e fix(unpack): improve UnpackSync symlink error \u0026quot;into\u0026quot; path accuracy\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/node-tar/compare/v4.4.10...v7.5.11\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~isaacs\"\u003eisaacs\u003c/a\u003e, a new releaser for tar since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `devalue` from 2.0.1 to 5.6.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sveltejs/devalue/releases\"\u003edevalue's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.6.4\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e87c1f3c: fix: reject \u003ccode\u003e__proto__\u003c/code\u003e keys in malformed \u003ccode\u003eObject\u003c/code\u003e wrapper payloads\u003c/p\u003e\n\u003cp\u003eThis validates the \u003ccode\u003e\u0026quot;Object\u0026quot;\u003c/code\u003e parse path and throws when the wrapped value has an own \u003ccode\u003e__proto__\u003c/code\u003e key.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e40f1db1: fix: ensure sparse array indices are integers\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e87c1f3c: fix: disallow \u003ccode\u003e__proto__\u003c/code\u003e keys in null-prototype object parsing\u003c/p\u003e\n\u003cp\u003eThis disallows \u003ccode\u003e__proto__\u003c/code\u003e keys in the \u003ccode\u003e\u0026quot;null\u0026quot;\u003c/code\u003e parse path so null-prototype object hydration cannot carry that key through parse/unflatten.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.6.3\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e0f04d4d: fix: Properly handle \u003ccode\u003e__proto__\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e819f1ac: fix: better encoding for sparse arrays\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.6.2\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e1175584: fix: validate input for \u003ccode\u003eArrayBuffer\u003c/code\u003e parsing\u003c/li\u003e\n\u003cli\u003ee46afa6: fix: validate input for typed arrays\u003c/li\u003e\n\u003cli\u003e1175584: fix: more helpful errors for inputs causing stack overflows\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.6.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e2161d44: fix: add hasOwn check before calling reviver\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.6.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ea3d09d4: feat: expose \u003ccode\u003eDevalueError\u003c/code\u003e for \u003ccode\u003einstanceof\u003c/code\u003e checks in \u003ccode\u003ecatch\u003c/code\u003e clauses\u003c/li\u003e\n\u003cli\u003ea3d09d4: feat: add \u003ccode\u003evalue\u003c/code\u003e and \u003ccode\u003eroot\u003c/code\u003e properties in \u003ccode\u003eDevalueError\u003c/code\u003e instances\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.5.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e828fa1c: Enable support for custom reducer/reviver for \u0026quot;function\u0026quot; values\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.4.2\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e5c26c0d: fix: allow custom revivers to revive things serialized by builtin reducers\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.4.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sveltejs/devalue/blob/main/CHANGELOG.md\"\u003edevalue's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.6.4\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e87c1f3c: fix: reject \u003ccode\u003e__proto__\u003c/code\u003e keys in malformed \u003ccode\u003eObject\u003c/code\u003e wrapper payloads\u003c/p\u003e\n\u003cp\u003eThis validates the \u003ccode\u003e\u0026quot;Object\u0026quot;\u003c/code\u003e parse path and throws when the wrapped value has an own \u003ccode\u003e__proto__\u003c/code\u003e key.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e40f1db1: fix: ensure sparse array indices are integers\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e87c1f3c: fix: disallow \u003ccode\u003e__proto__\u003c/code\u003e keys in null-prototype object parsing\u003c/p\u003e\n\u003cp\u003eThis disallows \u003ccode\u003e__proto__\u003c/code\u003e keys in the \u003ccode\u003e\u0026quot;null\u0026quot;\u003c/code\u003e parse path so null-prototype object hydration cannot carry that key through parse/unflatten.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.6.3\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e0f04d4d: fix: Properly handle \u003ccode\u003e__proto__\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e819f1ac: fix: better encoding for sparse arrays\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.6.2\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e1175584: fix: validate input for \u003ccode\u003eArrayBuffer\u003c/code\u003e parsing\u003c/li\u003e\n\u003cli\u003ee46afa6: fix: validate input for typed arrays\u003c/li\u003e\n\u003cli\u003e1175584: fix: more helpful errors for inputs causing stack overflows\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.6.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e2161d44: fix: add hasOwn check before calling reviver\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.6.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ea3d09d4: feat: expose \u003ccode\u003eDevalueError\u003c/code\u003e for \u003ccode\u003einstanceof\u003c/code\u003e checks in \u003ccode\u003ecatch\u003c/code\u003e clauses\u003c/li\u003e\n\u003cli\u003ea3d09d4: feat: add \u003ccode\u003evalue\u003c/code\u003e and \u003ccode\u003eroot\u003c/code\u003e properties in \u003ccode\u003eDevalueError\u003c/code\u003e instances\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.5.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e828fa1c: Enable support for custom reducer/reviver for \u0026quot;function\u0026quot; values\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.4.2\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/devalue/commit/6cbb3f51258e01d7769e2b3d77b6ce9ed060804b\"\u003e\u003ccode\u003e6cbb3f5\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://redirect.github.com/sveltejs/devalue/issues/133\"\u003e#133\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/devalue/commit/40f1db13afdd65c8e2ebd02f684276c273ef81b0\"\u003e\u003ccode\u003e40f1db1\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/devalue/commit/87c1f3ce3759765a061cfe34843ecc4b0711ba8d\"\u003e\u003ccode\u003e87c1f3c\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/devalue/commit/a4a37d208a4d1bdd0d58c82e5644c87cab855259\"\u003e\u003ccode\u003ea4a37d2\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://redirect.github.com/sveltejs/devalue/issues/132\"\u003e#132\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/devalue/commit/819f1ac7475ab37547645cfb09bf2f678a799cf0\"\u003e\u003ccode\u003e819f1ac\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/devalue/commit/0f04d4d678eac39ad5d7a07d1956275d7874e81c\"\u003e\u003ccode\u003e0f04d4d\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/devalue/commit/fcf4e88275f2e2e45b9ea70ffaa5247c8f55f057\"\u003e\u003ccode\u003efcf4e88\u003c/code\u003e\u003c/a\u003e fix tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/devalue/commit/1d8a5ea5863bcd9992755ce5a3842265753cb4ab\"\u003e\u003ccode\u003e1d8a5ea\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://redirect.github.com/sveltejs/devalue/issues/131\"\u003e#131\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/devalue/commit/11755849fa0634ae294a15ec0aef2f43efcad7c4\"\u003e\u003ccode\u003e1175584\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/devalue/commit/e46afa64dd2b25aa35fb905ba5d20cea63aabbf7\"\u003e\u003ccode\u003ee46afa6\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sveltejs/devalue/compare/v2.0.1...v5.6.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for devalue since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@babel/plugin-transform-modules-systemjs` from 7.12.1 to 7.29.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/babel/babel/releases\"\u003e@​babel/plugin-transform-modules-systemjs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.29.4 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-plugin-transform-modules-systemjs\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17974\"\u003e#17974\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 1\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.3 (2026-04-30)\u003c/h2\u003e\n\u003ch4\u003e:eyeglasses: Spec Compliance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17923\"\u003e#17923\u003c/a\u003e Support flow extends bound (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helper-create-class-features-plugin\u003c/code\u003e, \u003ccode\u003ebabel-plugin-proposal-decorators\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17931\"\u003e#17931\u003c/a\u003e fix(decorators): replace super within all removed static elements (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-register\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17915\"\u003e#17915\u003c/a\u003e Fix thread synchronization issues in \u003ccode\u003e@babel/register\u003c/code\u003e (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-compat-data\u003c/code\u003e, \u003ccode\u003ebabel-plugin-bugfix-safari-rest-destructuring-rhs-array\u003c/code\u003e, \u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17788\"\u003e#17788\u003c/a\u003e Add bugfix plugin for Safari array rest destructuring bug (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:nail_care: Polish\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17782\"\u003e#17782\u003c/a\u003e Improve trailing comma comment handling (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:memo: Documentation\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17847\"\u003e#17847\u003c/a\u003e Replace npmjs.com links with npmx.dev (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:running_woman: Performance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helper-import-to-platform-api\u003c/code\u003e, \u003ccode\u003ebabel-plugin-proposal-import-wasm-source\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-json-modules\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17818\"\u003e#17818\u003c/a\u003e Load async Wasm and JSON imports in parallel (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 4\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eBabel Bot (\u003ca href=\"https://github.com/babel-bot\"\u003e\u003ccode\u003e@​babel-bot\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNicolò Ribaudo (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.2 (2026-03-16)\u003c/h2\u003e\n\u003ch4\u003e:eyeglasses: Spec Compliance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17840\"\u003e#17840\u003c/a\u003e [7.x backport] async x =\u0026gt; {} must be in leading pos (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helpers\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-async-generator-functions\u003c/code\u003e, \u003ccode\u003ebabel-preset-env\u003c/code\u003e, \u003ccode\u003ebabel-runtime-corejs3\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17805\"\u003e#17805\u003c/a\u003e [7.x backport] fix: Properly handle await in finally (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-preset-env\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/a458f66074b97d54773db8159af673d23b26079b\"\u003e\u003ccode\u003ea458f66\u003c/code\u003e\u003c/a\u003e v7.29.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/32ebd5aaf2526ddd176fd6a3d1e3dc594abdc8d9\"\u003e\u003ccode\u003e32ebd5a\u003c/code\u003e\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17974\"\u003e#17974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/aa8394e454337d118ac3d40bfa3ee1a3cb3f3ed2\"\u003e\u003ccode\u003eaa8394e\u003c/code\u003e\u003c/a\u003e v7.29.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/0053db620c05acf0036f593b5aaf4e372daa79d0\"\u003e\u003ccode\u003e0053db6\u003c/code\u003e\u003c/a\u003e Update polyfill packages (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17727\"\u003e#17727\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/61647ae2397c82c3c71f077b5ab109106a5cac0f\"\u003e\u003ccode\u003e61647ae\u003c/code\u003e\u003c/a\u003e v7.28.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/a177d551adba99773f4ff00ea9bf46550def6132\"\u003e\u003ccode\u003ea177d55\u003c/code\u003e\u003c/a\u003e [Babel 8] Use \u003ccode\u003et.traverseFast\u003c/code\u003e to replace some \u003ccode\u003epath.traverse\u003c/code\u003e (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17518\"\u003e#17518\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/eebd3a06021c13d335b5b0bd79734df3abbea678\"\u003e\u003ccode\u003eeebd3a0\u003c/code\u003e\u003c/a\u003e v7.27.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/317e332e650bc04907bc787ab79f930288a3e71e\"\u003e\u003ccode\u003e317e332\u003c/code\u003e\u003c/a\u003e Enforce node protocol import (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17207\"\u003e#17207\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/fdc0fb59e119ee0b38bced63867a344a5b4bc2f3\"\u003e\u003ccode\u003efdc0fb5\u003c/code\u003e\u003c/a\u003e [Babel 8] Bump nodejs requirements to \u003ccode\u003e^20.19.0 || \u0026gt;= 22.12.0\u003c/code\u003e (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17204\"\u003e#17204\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/cd24cc07ef6558b7f6510f9177f6393c91b0549f\"\u003e\u003ccode\u003ecd24cc0\u003c/code\u003e\u003c/a\u003e chore: Update TS 5.7 (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17053\"\u003e#17053\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/babel/babel/commits/v7.29.4/packages/babel-plugin-transform-modules-systemjs\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for \u003ccode\u003e@​babel/plugin-transform-modules-systemjs\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `bn.js` from 4.11.9 to 5.2.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/indutny/bn.js/releases\"\u003ebn.js's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: serious issue in \u003ccode\u003e.toString(16)\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/295\"\u003e#295\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: Buffer not using global in browser (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/260\"\u003e#260\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix: LE constructor for HEX (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/265\"\u003e#265\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.1.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for defined but not implemented Symbol.for (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/252\"\u003e#252\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.1.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix BN v5/v4 interoperability issue (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/249\"\u003e#249\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.1.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eTemporary workaround for BN#_move (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/236\"\u003e#236\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd eslintrc instead config in package.json (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/237\"\u003e#237\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.1.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBenchmark for BigInt (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/226\"\u003e#226\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd documentation for max/min (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/232\"\u003e#232\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate BN#inspect for Symbols (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/225\"\u003e#225\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove performance of toArrayLike (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/222\"\u003e#222\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etemporary disable jumboMulTo in BN#mulTo (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/221\"\u003e#221\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eoptimize toBitArray function (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/212\"\u003e#212\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix iaddn sign issue (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/216\"\u003e#216\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003etravis: update node versions (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/205\"\u003e#205\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRefactor buffer constructor (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/200\"\u003e#200\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003elib: fix for negative numbers: imuln, modrn, idivn (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/185\"\u003e#185\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebn: fix Red#imod (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/178\"\u003e#178\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echeck unexpected high bits for invalid characters (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/173\"\u003e#173\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edocument support very large integers (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/158\"\u003e#158\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eonly define toBuffer if Buffer is defined (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/172\"\u003e#172\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003elib: better validation of string input (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/151\"\u003e#151\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etests: reject decimal input in constructor (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/91\"\u003e#91\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebn: make .strip() an internal method (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/105\"\u003e#105\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003elib: deprecate \u003ccode\u003e.modn()\u003c/code\u003e introduce \u003ccode\u003e.modrn()\u003c/code\u003e  (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/112\"\u003e#112\u003c/a\u003e \u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/129\"\u003e#129\u003c/a\u003e \u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/130\"\u003e#130\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebn: don't accept invalid characters (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/141\"\u003e#141\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003epackage: use \u003ccode\u003efiles\u003c/code\u003e insteadof \u003ccode\u003e.npmignore\u003c/code\u003e  (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/152\"\u003e#152\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebn: improve allocation speed for buffers (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/167\"\u003e#167\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etoJSON to default to interoperable hex (length % 2) (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/164\"\u003e#164\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/indutny/bn.js/blob/master/CHANGELOG.md\"\u003ebn.js's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.2.3 / 2026-02-19\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: imaskn state (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/317\"\u003e#317\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.2 / 2025-04-25\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: imuln/muln with zero (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/313\"\u003e#313\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.1 / 2022-02-23\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: serious issue in \u003ccode\u003e.toString(16)\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/295\"\u003e#295\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.0 / 2021-02-23\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: Buffer not using global in browser (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/260\"\u003e#260\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix LE constructor for HEX (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/265\"\u003e#265\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.1.3 / 2020-08-14\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for defined but not implemented Symbol.for (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/252\"\u003e#252\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.1.2 / 2020-05-20\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix BN v5/v4 interoperability issue (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/249\"\u003e#249\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.1.1 / 2019-12-24\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eTemporary workaround for BN#_move (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/236\"\u003e#236\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd eslintrc instead config in package.json (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/237\"\u003e#237\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.1.0 / 2019-12-23\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBenchmark for BigInt (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/226\"\u003e#226\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd documentation for max/min (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/232\"\u003e#232\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate BN#inspect for Symbols (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/225\"\u003e#225\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove performance of toArrayLike (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/222\"\u003e#222\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etemporary disable jumboMulTo in BN#mulTo (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/221\"\u003e#221\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eoptimize toBitArray function (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/212\"\u003e#212\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix iaddn sign issue (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/216\"\u003e#216\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.0.0 / 2019-07-04\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/ea6c072a951493ca99e5cd5f8da3851b90116271\"\u003e\u003ccode\u003eea6c072\u003c/code\u003e\u003c/a\u003e 5.2.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/33df26b5771e824f303a79ec6407409376baa64b\"\u003e\u003ccode\u003e33df26b\u003c/code\u003e\u003c/a\u003e fix imaskn state (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/317\"\u003e#317\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/6db7c3818569423b94ebcf2bdff90fcfb9c47f6d\"\u003e\u003ccode\u003e6db7c38\u003c/code\u003e\u003c/a\u003e 5.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/c7e1a532566c83fd0297ff7669c227b824928bf4\"\u003e\u003ccode\u003ec7e1a53\u003c/code\u003e\u003c/a\u003e Fix imuln/muln with zero (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/313\"\u003e#313\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/4cc0bfa5195d54876a6b807827e582522c813019\"\u003e\u003ccode\u003e4cc0bfa\u003c/code\u003e\u003c/a\u003e docs: mention the max plain JS number argument value (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/307\"\u003e#307\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/5df40f81ea8afb835b909bb7c21e0833cdeb6a30\"\u003e\u003ccode\u003e5df40f8\u003c/code\u003e\u003c/a\u003e Document \u003ccode\u003elength\u003c/code\u003e unit in \u003ccode\u003etoBuffer(...)\u003c/code\u003e input (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/299\"\u003e#299\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/7078ea85082f2d14e6b315debec76b472b1d55fa\"\u003e\u003ccode\u003e7078ea8\u003c/code\u003e\u003c/a\u003e 5.2.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/042ab62e70418c15f189b45460709a51faf303cc\"\u003e\u003ccode\u003e042ab62\u003c/code\u003e\u003c/a\u003e Fix serious issue in \u003ccode\u003e.toString(16)\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/295\"\u003e#295\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/db57519421f0c47c9f68c05fa6fc12273dcca2c2\"\u003e\u003ccode\u003edb57519\u003c/code\u003e\u003c/a\u003e Fix a few typos in readme (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/285\"\u003e#285\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/4187ca213e91b41acf72be046072f2dc1f06d0de\"\u003e\u003ccode\u003e4187ca2\u003c/code\u003e\u003c/a\u003e readme: add Scout APM to new Sponsors section\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/indutny/bn.js/compare/v4.11.9...v5.2.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cipher-base` from 1.0.4 to 1.0.7\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/browserify/cipher-base/blob/master/CHANGELOG.md\"\u003ecipher-base's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/browserify/cipher-base/compare/v1.0.6...v1.0.7\"\u003ev1.0.7\u003c/a\u003e - 2025-09-24\u003c/h2\u003e\n\u003ch3\u003eCommits\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Refactor] use \u003ccode\u003eto-buffer\u003c/code\u003e \u003ca href=\"https://github.com/browserify/cipher-base/commit/fd1e5eeafccbc8eaa827ee6b9b60c14608aa784f\"\u003e\u003ccode\u003efd1e5ee\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e \u003ca href=\"https://github.com/browserify/cipher-base/commit/08ba8034223a53d300b7dccf33d8f14e52379a34\"\u003e\u003ccode\u003e08ba803\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/browserify/cipher-base/compare/v1.0.5...v1.0.6\"\u003ev1.0.6\u003c/a\u003e - 2024-11-26\u003c/h2\u003e\n\u003ch3\u003eCommits\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] io.js 3.0 - Node.js 5.3 typed array support \u003ca href=\"https://github.com/browserify/cipher-base/commit/b7ddd2ac24e65cc47befc1e0eb5026422f8ab037\"\u003e\u003ccode\u003eb7ddd2a\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/browserify/cipher-base/compare/v1.0.4...v1.0.5\"\u003ev1.0.5\u003c/a\u003e - 2024-11-17\u003c/h2\u003e\n\u003ch3\u003eCommits\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Tests] standard -\u0026gt; eslint, make test dir, etc \u003ca href=\"https://github.com/browserify/cipher-base/commit/ae02fd6624c41ac4ac18077be797111d1955bc76\"\u003e\u003ccode\u003eae02fd6\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] migrate from travis to GHA \u003ca href=\"https://github.com/browserify/cipher-base/commit/66387d71461287ad9067bb1bcbfdc47403a33ee7\"\u003e\u003ccode\u003e66387d7\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] fix package.json indentation \u003ca href=\"https://github.com/browserify/cipher-base/commit/5c02918ac58c875ed36913c2dc3e1043f4d1c99c\"\u003e\u003ccode\u003e5c02918\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] return valid values on multi-byte-wide TypedArray input \u003ca href=\"https://github.com/browserify/cipher-base/commit/8fd136432ca298a664f5637629cf2b42a6c7f294\"\u003e\u003ccode\u003e8fd1364\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] add \u003ccode\u003eauto-changelog\u003c/code\u003e \u003ca href=\"https://github.com/browserify/cipher-base/commit/88dc806806d3dc41444dbf639c87c00f82c949b3\"\u003e\u003ccode\u003e88dc806\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] add \u003ccode\u003enpmignore\u003c/code\u003e and \u003ccode\u003esafe-publish-latest\u003c/code\u003e \u003ca href=\"https://github.com/browserify/cipher-base/commit/7a137d749ce7ea7ea56b9c096844b1b8ab723f61\"\u003e\u003ccode\u003e7a137d7\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eOnly apps should have lockfiles \u003ca href=\"https://github.com/browserify/cipher-base/commit/42528f291db16bf2e7d5f831ebe2ad87fd0b1f42\"\u003e\u003ccode\u003e42528f2\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003einherits\u003c/code\u003e, \u003ccode\u003esafe-buffer\u003c/code\u003e \u003ca href=\"https://github.com/browserify/cipher-base/commit/0e7a2d9a33a391e82fa9cf512d6e25cc91ab8613\"\u003e\u003ccode\u003e0e7a2d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] add missing \u003ccode\u003eengines.node\u003c/code\u003e \u003ca href=\"https://github.com/browserify/cipher-base/commit/f2dc13e47bbcf3c873db9a9e0f83e5f29d0783fe\"\u003e\u003ccode\u003ef2dc13e\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/00567180c846dd3db3848c9223991c58a0d5490c\"\u003e\u003ccode\u003e0056718\u003c/code\u003e\u003c/a\u003e v1.0.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/fd1e5eeafccbc8eaa827ee6b9b60c14608aa784f\"\u003e\u003ccode\u003efd1e5ee\u003c/code\u003e\u003c/a\u003e [Refactor] use \u003ccode\u003eto-buffer\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/08ba8034223a53d300b7dccf33d8f14e52379a34\"\u003e\u003ccode\u003e08ba803\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/f5249f94611506ef35a8be4d48a3fc5ecf1fac63\"\u003e\u003ccode\u003ef5249f9\u003c/code\u003e\u003c/a\u003e v1.0.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/b7ddd2ac24e65cc47befc1e0eb5026422f8ab037\"\u003e\u003ccode\u003eb7ddd2a\u003c/code\u003e\u003c/a\u003e [Fix] io.js 3.0 - Node.js 5.3 typed array support\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/f03cebfdad1cba1d56614c58affa303b0fa2a43e\"\u003e\u003ccode\u003ef03cebf\u003c/code\u003e\u003c/a\u003e v1.0.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/88dc806806d3dc41444dbf639c87c00f82c949b3\"\u003e\u003ccode\u003e88dc806\u003c/code\u003e\u003c/a\u003e [meta] add \u003ccode\u003eauto-changelog\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/7a137d749ce7ea7ea56b9c096844b1b8ab723f61\"\u003e\u003ccode\u003e7a137d7\u003c/code\u003e\u003c/a\u003e [meta] add \u003ccode\u003enpmignore\u003c/code\u003e and \u003ccode\u003esafe-publish-latest\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/5c02918ac58c875ed36913c2dc3e1043f4d1c99c\"\u003e\u003ccode\u003e5c02918\u003c/code\u003e\u003c/a\u003e [meta] fix package.json indentation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/8fd136432ca298a664f5637629cf2b42a6c7f294\"\u003e\u003ccode\u003e8fd1364\u003c/code\u003e\u003c/a\u003e [Fix] return valid values on multi-byte-wide TypedArray input\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/crypto-browserify/cipher-base/compare/v1.0.4...v1.0.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~ljharb\"\u003eljharb\u003c/a\u003e, a new releaser for cipher-base since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepublish\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `flatted` from 3.1.1 to 3.4.2\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/3bf09091c3562e17a0647bc06710dd6097079cf7\"\u003e\u003ccode\u003e3bf0909\u003c/code\u003e\u003c/a\u003e 3.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/885ddcc33cf9657caf38c57c7be45ae1c5272802\"\u003e\u003ccode\u003e885ddcc\u003c/code\u003e\u003c/a\u003e fix CWE-1321\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/0bdba705d130f00892b1b8fcc80cf4cdea0631e3\"\u003e\u003ccode\u003e0bdba70\u003c/code\u003e\u003c/a\u003e added flatted-view to the benchmark\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/2a02dce7c641dec31194c67663f9b0b12e62da20\"\u003e\u003ccode\u003e2a02dce\u003c/code\u003e\u003c/a\u003e 3.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/fba4e8f2e113665da275b19cd0f695f3d98e9416\"\u003e\u003ccode\u003efba4e8f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/WebReflection/flatted/issues/89\"\u003e#89\u003c/a\u003e from WebReflection/python-fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/5fe86485e6df7f7f34a07a2a85498bd3e17384e7\"\u003e\u003ccode\u003e5fe8648\u003c/code\u003e\u003c/a\u003e added \u0026quot;when in Rome\u0026quot; also a test for PHP\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/53517adbefe724fe472b2f9ebcdb01910d0ae3f0\"\u003e\u003ccode\u003e53517ad\u003c/code\u003e\u003c/a\u003e some minor improvement\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/b3e2a0c387bf446435fec45ad7f05299f012346f\"\u003e\u003ccode\u003eb3e2a0c\u003c/code\u003e\u003c/a\u003e Fixing recursion issue in Python too\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/c4b46dbcbf782326e54ea1b65d3ebb1dc7a23fad\"\u003e\u003ccode\u003ec4b46db\u003c/code\u003e\u003c/a\u003e Add SECURITY.md for security policy and reporting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/f86d071e0f70de5a7d8200198824a3f07fc9c988\"\u003e\u003ccode\u003ef86d071\u003c/code\u003e\u003c/a\u003e Create dependabot.yml for version updates\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/WebReflection/flatted/compare/v3.1.1...v3.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `follow-redirects` from 1.9.0 to 1.16.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/0c23a223067201c368035e82954c11eb2578a33b\"\u003e\u003ccode\u003e0c23a22\u003c/code\u003e\u003c/a\u003e Release version 1.16.0 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/844c4d302ac963d29bdb5dc1754ec7df3d70d7f9\"\u003e\u003ccode\u003e844c4d3\u003c/code\u003e\u003c/a\u003e Add sensitiveHeaders option.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5e8b8d024e2c76f804a284258e585ecb49a575be\"\u003e\u003ccode\u003e5e8b8d0\u003c/code\u003e\u003c/a\u003e ci: add Node.js 24.x to the CI matrix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7953e2255aa0b93602eed3804f3bc5e6923a03af\"\u003e\u003ccode\u003e7953e22\u003c/code\u003e\u003c/a\u003e ci: upgrade GitHub Actions to use setup-node@v6 and checkout@v6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/86dc1f86e4b56bcd642c78384d51f10f123aea75\"\u003e\u003ccode\u003e86dc1f8\u003c/code\u003e\u003c/a\u003e Sanitizing input.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/21ef28a544c5e57f4c34b8476d75f2144609a1eb\"\u003e\u003ccode\u003e21ef28a\u003c/code\u003e\u003c/a\u003e Release version 1.15.11 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7c88135da3bd0681a7e156ee66b16b2f6f98b480\"\u003e\u003ccode\u003e7c88135\u003c/code\u003e\u003c/a\u003e Roll back tree shaking.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/6e389ba094beec211a8847788a146917a16c1bdb\"\u003e\u003ccode\u003e6e389ba\u003c/code\u003e\u003c/a\u003e Release version 1.15.10 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5bc496e0229abda823221e0c6267926a3f93f262\"\u003e\u003ccode\u003e5bc496e\u003c/code\u003e\u003c/a\u003e Shake me up before you go-go.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/694d6b47a42bc8377e5ef1480394de451e16bd5b\"\u003e\u003ccode\u003e694d6b4\u003c/code\u003e\u003c/a\u003e Bump minimist from 1.2.5 to 1.2.8\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/follow-redirects/follow-redirects/compare/v1.9.0...v1.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `handlebars` from 4.7.6 to 4.7.9\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/handlebars-lang/handlebars.js/releases\"\u003ehandlebars's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.7.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: enable shell mode for spawn to resolve Windows EINVAL issue - e0137c2\u003c/li\u003e\n\u003cli\u003efix type \u0026quot;RuntimeOptions\u0026quot; also accepting string partials - eab1d14\u003c/li\u003e\n\u003cli\u003efeat(types): set \u003ccode\u003ehash\u003c/code\u003e to be a \u003ccode\u003eRecord\u0026lt;string, any\u0026gt;\u003c/code\u003e - de4414d\u003c/li\u003e\n\u003cli\u003efix non-contiguous program indices - 4512766\u003c/li\u003e\n\u003cli\u003erefactor: rename i to startPartIndex - e497a35\u003c/li\u003e\n\u003cli\u003esecurity: fix security issues - 68d8df5\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2w6w-674q-4c4q\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2w6w-674q-4c4q\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-3mfm-83xf-c92r\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-3mfm-83xf-c92r\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xhpv-hc6g-r9c6\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xhpv-hc6g-r9c6\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xjpj-3mr7-gcpf\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xjpj-3mr7-gcpf\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-9cx6-37pm-9jff\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-9cx6-37pm-9jff\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2qvq-rjwj-gvw9\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2qvq-rjwj-gvw9\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-7rx3-28cr-v5wh\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-7rx3-28cr-v5wh\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-442j-39wm-28r2\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-442j-39wm-28r2\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.8...v4.7.9\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.7.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMake library compatible with workers (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1894\"\u003e#1894\u003c/a\u003e) - 3d3796c\u003c/li\u003e\n\u003cli\u003eDon't rely on Node.js global object (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1776\"\u003e#1776\u003c/a\u003e) - 2954e7e\u003c/li\u003e\n\u003cli\u003eFix compiling of each block params in strict mode (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1855\"\u003e#1855\u003c/a\u003e) - 30dbf04\u003c/li\u003e\n\u003cli\u003eFix rollup warning when importing Handlebars as ESM - 03d387b\u003c/li\u003e\n\u003cli\u003eFix bundler issue with webpack 5 (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1862\"\u003e#1862\u003c/a\u003e) - c6c6bbb\u003c/li\u003e\n\u003cli\u003eUse https instead of git for mustache submodule - 88ac068\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.7...v4.7.8\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/handlebars-lang/handlebars.js/blob/v4.7.9/release-notes.md\"\u003ehandlebars's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.7.9 - March 26th, 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: enable shell mode for spawn to resolve Windows EINVAL issue - e0137c2\u003c/li\u003e\n\u003cli\u003efix type \u0026quot;RuntimeOptions\u0026quot; also accepting string partials - eab1d14\u003c/li\u003e\n\u003cli\u003efeat(types): set \u003ccode\u003ehash\u003c/code\u003e to be a \u003ccode\u003eRecord\u0026lt;string, any\u0026gt;\u003c/code\u003e - de4414d\u003c/li\u003e\n\u003cli\u003efix non-contiguous program indices - 4512766\u003c/li\u003e\n\u003cli\u003erefactor: rename i to startPartIndex - e497a35\u003c/li\u003e\n\u003cli\u003esecurity: fix security issues - 68d8df5\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.8...v4.7.9\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.7.8 - July 27th, 2023\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMake library compatible with workers (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1894\"\u003e#1894\u003c/a\u003e) - 3d3796c\u003c/li\u003e\n\u003cli\u003eDon't rely on Node.js global object (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1776\"\u003e#1776\u003c/a\u003e) - 2954e7e\u003c/li\u003e\n\u003cli\u003eFix compiling of each block params in strict mode (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1855\"\u003e#1855\u003c/a\u003e) - 30dbf04\u003c/li\u003e\n\u003cli\u003eFix rollup warning when importing Handlebars as ESM - 03d387b\u003c/li\u003e\n\u003cli\u003eFix bundler issue with webpack 5 (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1862\"\u003e#1862\u003c/a\u003e) - c6c6bbb\u003c/li\u003e\n\u003cli\u003eUse https instead of git for mustache submodule - 88ac068\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.7...v4.7.8\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.7.7 - February 15th, 2021\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix weird error in integration tests - eb860c0\u003c/li\u003e\n\u003cli\u003efix: check prototype property access in strict-mode (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1736\"\u003e#1736\u003c/a\u003e) - b6d3de7\u003c/li\u003e\n\u003cli\u003efix: escape property names in compat mode (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1736\"\u003e#1736\u003c/a\u003e) - f058970\u003c/li\u003e\n\u003cli\u003erefactor: In spec tests, use expectTemplate over equals and shouldThrow (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1683\"\u003e#1683\u003c/a\u003e) - 77825f8\u003c/li\u003e\n\u003cli\u003echore: start testing on Node.js 12 and 13 - 3789a30\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e(POSSIBLY) BREAKING CHANGES:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ethe changes from version \u003ca href=\"https://github.com/handlebars-lang/handlebars.js/blob/master/release-notes.md#v460---january-8th-2020\"\u003e4.6.0\u003c/a\u003e now also apply\nin when using the compile-option \u0026quot;strict: true\u0026quot;. Access to prototype properties is forbidden completely by default, specific properties or methods\ncan be allowed via runtime-options. See \u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1633\"\u003e#1633\u003c/a\u003e for details. If you are using Handlebars as documented, you should not be accessing prototype properties\nfrom your template anyway, so the changes should not be a problem for you. Only the use of undocumented features can break your build.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThat is why we only bump the patch version despite mentioning breaking changes.\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/wycats/handlebars.js/compare/v4.7.6...v4.7.7\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/dce542c9a660048d31f0981ac8a45c08b919bddb\"\u003e\u003ccode\u003edce542c\u003c/code\u003e\u003c/a\u003e v4.7.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/8a41389ba5b2624b6f43a5463d8e2533b843a562\"\u003e\u003ccode\u003e8a41389\u003c/code\u003e\u003c/a\u003e Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/68d8df5a88e0a26fe9e6084c5c6aaebe67b07da2\"\u003e\u003ccode\u003e68d8df5\u003c/code\u003e\u003c/a\u003e Fix security issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/b2a083136b11e1da9f0f47a11f749a9830a49328\"\u003e\u003ccode\u003eb2a0831\u003c/code\u003e\u003c/a\u003e Fix browser tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/9f98c1629834abf8de5a127caff8a2eab03d2c12\"\u003e\u003ccode\u003e9f98c16\u003c/code\u003e\u003c/a\u003e Fix release script\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/45443b4290475dfb7cec32a85d344f12ab345eb9\"\u003e\u003ccode\u003e45443b4\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Improve partial indenting performance\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/8841a5f6d35096aee95d68e1e49636a4cb5c661e\"\u003e\u003ccode\u003e8841a5f\u003c/code\u003e\u003c/a\u003e Fix CI errors with linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/e0137c26f2202593bca7cc25184e733e87d54709\"\u003e\u003ccode\u003ee0137c2\u003c/code\u003e\u003c/a\u003e fix: enable shell mode for spawn to resolve Windows EINVAL issue\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/e914d6037ffb0dd371f7e4823cdb019732ae66d7\"\u003e\u003ccode\u003ee914d60\u003c/code\u003e\u003c/a\u003e Improve rendering performance\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/7de4b41c344a5d702edca93d1841b59642fa32bd\"\u003e\u003ccode\u003e7de4b41\u003c/code\u003e\u003c/a\u003e Upgrade GitHub Actions checkout and setup-node on 4.x branch\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.6...v4.7.9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~jaylinski\"\u003ejaylinski\u003c/a\u003e, a new releaser for handlebars since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `js-yaml` from 3.13.1 to 3.14.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md\"\u003ejs-yaml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[3.14.2] - 2025-11-15\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackported v4.1.1 fix to v3\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.1.1] - 2025-11-12\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix prototype pollution issue in yaml merge (\u0026lt;\u0026lt;) operator.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.1.0] - 2021-04-15\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eTypes are now exported as \u003ccode\u003eyaml.types.XXX\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eEvery type now has \u003ccode\u003eoptions\u003c/code\u003e property with original arguments kept as they were\n(see \u003ccode\u003eyaml.types.int.options\u003c/code\u003e as an example).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eSchema.extend()\u003c/code\u003e now keeps old type order in case of conflicts\n(e.g. Schema.extend([ a, b, c ]).extend([ b, a, d ]) is now ordered as \u003ccode\u003eabcd\u003c/code\u003e instead of \u003ccode\u003ecbad\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.0.0] - 2021-01-03\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCheck \u003ca href=\"https://github.com/nodeca/js-yaml/blob/master/migrate_v3_to_v4.md\"\u003emigration guide\u003c/a\u003e to see details for all breaking changes.\u003c/li\u003e\n\u003cli\u003eBreaking: \u0026quot;unsafe\u0026quot; tags \u003ccode\u003e!!js/function\u003c/code\u003e, \u003ccode\u003e!!js/regexp\u003c/code\u003e, \u003ccode\u003e!!js/undefined\u003c/code\u003e are\nmoved to \u003ca href=\"https://github.com/nodeca/js-yaml-js-types\"\u003ejs-yaml-js-types\u003c/a\u003e package.\u003c/li\u003e\n\u003cli\u003eBreaking: removed \u003ccode\u003esafe*\u003c/code\u003e functions. Use \u003ccode\u003eload\u003c/code\u003e, \u003ccode\u003eloadAll\u003c/code\u003e, \u003ccode\u003edump\u003c/code\u003e\ninstead which are all now safe by default.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eyaml.DEFAULT_SAFE_SCHEMA\u003c/code\u003e and \u003ccode\u003eyaml.DEFAULT_FULL_SCHEMA\u003c/code\u003e are removed, use\n\u003ccode\u003eyaml.DEFAULT_SCHEMA\u003c/code\u003e instead.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eyaml.Schema.create(schema, tags)\u003c/code\u003e is removed, use \u003ccode\u003eschema.extend(tags)\u003c/code\u003e instead.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e!!binary\u003c/code\u003e now always mapped to \u003ccode\u003eUint8Array\u003c/code\u003e on load.\u003c/li\u003e\n\u003cli\u003eReduced nesting of \u003ccode\u003e/lib\u003c/code\u003e folder.\u003c/li\u003e\n\u003cli\u003eParse numbers according to YAML 1.2 instead of YAML 1.1 (\u003ccode\u003e01234\u003c/code\u003e is now decimal,\n\u003ccode\u003e0o1234\u003c/code\u003e is octal, \u003ccode\u003e1:23\u003c/code\u003e is parsed as string instead of base60).\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edump()\u003c/code\u003e no longer quotes \u003ccode\u003e:\u003c/code\u003e, \u003ccode\u003e[\u003c/code\u003e, \u003ccode\u003e]\u003c/code\u003e, \u003ccode\u003e(\u003c/code\u003e, \u003ccode\u003e)\u003c/code\u003e except when necessary, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/470\"\u003e#470\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/557\"\u003e#557\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eLine and column in exceptions are now formatted as \u003ccode\u003e(X:Y)\u003c/code\u003e instead of\n\u003ccode\u003eat line X, column Y\u003c/code\u003e (also present in compact format), \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/332\"\u003e#332\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eCode snippet created in exceptions now contains multiple lines with line numbers.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edump()\u003c/code\u003e now serializes \u003ccode\u003eundefined\u003c/code\u003e as \u003ccode\u003enull\u003c/code\u003e in collections and removes keys with\n\u003ccode\u003eundefined\u003c/code\u003e in mappings, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/571\"\u003e#571\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edump()\u003c/code\u003e with \u003ccode\u003eskipInvalid=true\u003c/code\u003e now serializes invalid items in collections as null.\u003c/li\u003e\n\u003cli\u003eCustom tags starting with \u003ccode\u003e!\u003c/code\u003e are now dumped as \u003ccode\u003e!tag\u003c/code\u003e instead of \u003ccode\u003e!\u0026lt;!tag\u0026gt;\u003c/code\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/576\"\u003e#576\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eCustom tags starting with \u003ccode\u003etag:yaml.org,2002:\u003c/code\u003e are now shorthanded using \u003ccode\u003e!!\u003c/code\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/258\"\u003e#258\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003e.mjs\u003c/code\u003e (es modules) support.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003equotingType\u003c...\n\n_Description has been truncated_","html_url":"https://github.com/jcstein/next.js/pull/12","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/jcstein%2Fnext.js/issues/12","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/12/packages"},{"uuid":"4441970213","node_id":"PR_kwDOOeldyM7bUvF1","number":2,"state":"closed","title":"Bump the npm_and_yarn group across 1 directory with 22 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-05-14T04:39:27.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-13T23:56:19.000Z","updated_at":"2026-05-14T04:39:29.000Z","time_to_close":16988,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":22,"packages":[{"name":"@langchain/core","old_version":"0.3.7","new_version":"0.3.80","repository_url":"https://github.com/langchain-ai/langchainjs"},{"name":"@modelcontextprotocol/sdk","old_version":"1.9.0","new_version":"1.26.0","repository_url":"https://github.com/modelcontextprotocol/typescript-sdk"},{"name":"next","old_version":"14.2.25","new_version":"15.5.18","repository_url":"https://github.com/vercel/next.js"},{"name":"postcss","old_version":"8.4.49","new_version":"8.5.10","repository_url":"https://github.com/postcss/postcss"},{"name":"mdast-util-to-hast","old_version":"13.2.0","new_version":"13.2.1","repository_url":"https://github.com/syntax-tree/mdast-util-to-hast"},{"name":"undici","old_version":"6.20.1","new_version":"6.25.0","repository_url":"https://github.com/nodejs/undici"},{"name":"@smithy/config-resolver","old_version":"4.0.1","new_version":"4.5.1","repository_url":"https://github.com/smithy-lang/smithy-typescript"},{"name":"brace-expansion","old_version":"1.1.11","new_version":"1.1.14","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"axios","old_version":"1.8.1","new_version":"1.16.1","repository_url":"https://github.com/axios/axios"},{"name":"yaml","old_version":"2.4.5","new_version":"2.9.0","repository_url":"https://github.com/eemeli/yaml"},{"name":"yaml","old_version":"1.10.2","new_version":"1.10.3","repository_url":"https://github.com/eemeli/yaml"},{"name":"diff","old_version":"5.2.0","new_version":"5.2.2","repository_url":"https://github.com/kpdecker/jsdiff"},{"name":"fast-xml-parser","old_version":"4.4.1","new_version":"5.7.2","repository_url":"https://github.com/NaturalIntelligence/fast-xml-parser"},{"name":"flatted","old_version":"3.3.1","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"glob","old_version":"10.3.10","new_version":"10.5.0","repository_url":"https://github.com/isaacs/node-glob"},{"name":"js-yaml","old_version":"4.1.0","new_version":"4.1.1","repository_url":"https://github.com/nodeca/js-yaml"},{"name":"jws","old_version":"3.2.2","new_version":"3.2.3","repository_url":"https://github.com/brianloveswords/node-jws"},{"name":"lodash","old_version":"4.17.21","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 18 updates in the /apps/rowboat directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [@langchain/core](https://github.com/langchain-ai/langchainjs) | `0.3.7` | `0.3.80` |\n| [@modelcontextprotocol/sdk](https://github.com/modelcontextprotocol/typescript-sdk) | `1.9.0` | `1.26.0` |\n| [next](https://github.com/vercel/next.js) | `14.2.25` | `15.5.18` |\n| [postcss](https://github.com/postcss/postcss) | `8.4.49` | `8.5.10` |\n| [mdast-util-to-hast](https://github.com/syntax-tree/mdast-util-to-hast) | `13.2.0` | `13.2.1` |\n| [undici](https://github.com/nodejs/undici) | `6.20.1` | `6.25.0` |\n| [@smithy/config-resolver](https://github.com/smithy-lang/smithy-typescript/tree/HEAD/packages/config-resolver) | `4.0.1` | `4.5.1` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.14` |\n| [axios](https://github.com/axios/axios) | `1.8.1` | `1.16.1` |\n| [yaml](https://github.com/eemeli/yaml) | `2.4.5` | `2.9.0` |\n| [yaml](https://github.com/eemeli/yaml) | `1.10.2` | `1.10.3` |\n| [diff](https://github.com/kpdecker/jsdiff) | `5.2.0` | `5.2.2` |\n| [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) | `4.4.1` | `5.7.2` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.1` | `3.4.2` |\n| [glob](https://github.com/isaacs/node-glob) | `10.3.10` | `10.5.0` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `4.1.0` | `4.1.1` |\n| [jws](https://github.com/brianloveswords/node-jws) | `3.2.2` | `3.2.3` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n\n\nUpdates `@langchain/core` from 0.3.7 to 0.3.80\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchainjs/commit/2954498b052b3ebc30b8ff37a11db1953f4ae0f0\"\u003e\u003ccode\u003e2954498\u003c/code\u003e\u003c/a\u003e chore(docs): Update llms.text redirect (\u003ca href=\"https://redirect.github.com/langchain-ai/langchainjs/issues/9988\"\u003e#9988\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchainjs/commit/b2f3c2354edc8e9a0386f475839b0e40a21c3cc9\"\u003e\u003ccode\u003eb2f3c23\u003c/code\u003e\u003c/a\u003e fix(docs): v0.3 redirects fix (\u003ca href=\"https://redirect.github.com/langchain-ai/langchainjs/issues/9929\"\u003e#9929\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchainjs/commit/e8fbaf3131a8f5715516e50b92490941c7554abb\"\u003e\u003ccode\u003ee8fbaf3\u003c/code\u003e\u003c/a\u003e add core docs redir\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchainjs/commit/22c28eff1297cfbd1a8189bea9cdf9ad276777a5\"\u003e\u003ccode\u003e22c28ef\u003c/code\u003e\u003c/a\u003e fix(docs): Fix redirects (\u003ca href=\"https://redirect.github.com/langchain-ai/langchainjs/issues/9908\"\u003e#9908\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchainjs/commit/926dc85e9c9b020a80985c38fdee026d6a2b8bde\"\u003e\u003ccode\u003e926dc85\u003c/code\u003e\u003c/a\u003e x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchainjs/commit/dbf05fdc6577bb1e7e1b42d7b9fc293465021140\"\u003e\u003ccode\u003edbf05fd\u003c/code\u003e\u003c/a\u003e fix - sry for spam\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchainjs/commit/6854916777fb83547fdfa734e502e379df05fcb5\"\u003e\u003ccode\u003e6854916\u003c/code\u003e\u003c/a\u003e fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchainjs/commit/c869f64450dfc7fd1d883416d919533d1276eb6a\"\u003e\u003ccode\u003ec869f64\u003c/code\u003e\u003c/a\u003e add index\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchainjs/commit/b29d1940d00a5debb59660812637953ffe97fb12\"\u003e\u003ccode\u003eb29d194\u003c/code\u003e\u003c/a\u003e fix output dir\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchainjs/commit/3605e971bcee5288cf02316311727aae0985d718\"\u003e\u003ccode\u003e3605e97\u003c/code\u003e\u003c/a\u003e null framework\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/langchain-ai/langchainjs/compare/0.3.7...@langchain/core==0.3.80\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~hntrl\"\u003ehntrl\u003c/a\u003e, a new releaser for \u003ccode\u003e@​langchain/core\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@modelcontextprotocol/sdk` from 1.9.0 to 1.26.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/releases\"\u003e@​modelcontextprotocol/sdk's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.26.0\u003c/h2\u003e\n\u003cp\u003eAddresses \u0026quot;Sharing server/transport instances can leak cross-client response data\u0026quot; in this GHSA \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/security/advisories/GHSA-345p-7cg4-v4c7\"\u003ehttps://github.com/modelcontextprotocol/typescript-sdk/security/advisories/GHSA-345p-7cg4-v4c7\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore: bump v1.25.3 for backport fixes by \u003ca href=\"https://github.com/pcarleton\"\u003e\u003ccode\u003e@​pcarleton\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1412\"\u003emodelcontextprotocol/typescript-sdk#1412\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(deps): resolve npm audit vulnerabilities and bump dependencies (v1.x backport) by \u003ca href=\"https://github.com/samuv\"\u003e\u003ccode\u003e@​samuv\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1382\"\u003emodelcontextprotocol/typescript-sdk#1382\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1430\"\u003e#1430\u003c/a\u003e: Client Credentials providers scopes support (backported) by \u003ca href=\"https://github.com/NSeydoux\"\u003e\u003ccode\u003e@​NSeydoux\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1442\"\u003emodelcontextprotocol/typescript-sdk#1442\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: bump version to 1.26.0 by \u003ca href=\"https://github.com/pcarleton\"\u003e\u003ccode\u003e@​pcarleton\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1479\"\u003emodelcontextprotocol/typescript-sdk#1479\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/samuv\"\u003e\u003ccode\u003e@​samuv\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1382\"\u003emodelcontextprotocol/typescript-sdk#1382\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NSeydoux\"\u003e\u003ccode\u003e@​NSeydoux\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1442\"\u003emodelcontextprotocol/typescript-sdk#1442\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/v1.25.3...v1.26.0\"\u003ehttps://github.com/modelcontextprotocol/typescript-sdk/compare/v1.25.3...v1.26.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.25.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[v1.x backport] Use correct schema for client sampling validation when tools are present by \u003ca href=\"https://github.com/olaservo\"\u003e\u003ccode\u003e@​olaservo\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1407\"\u003emodelcontextprotocol/typescript-sdk#1407\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: prevent Hono from overriding global Response object (v1.x) by \u003ca href=\"https://github.com/mattzcarey\"\u003e\u003ccode\u003e@​mattzcarey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1411\"\u003emodelcontextprotocol/typescript-sdk#1411\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/v1.25.2...v1.25.3\"\u003ehttps://github.com/modelcontextprotocol/typescript-sdk/compare/v1.25.2...v1.25.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.25.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eci: trigger workflow on v1.x branch by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1319\"\u003emodelcontextprotocol/typescript-sdk#1319\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: README badges links destinations by \u003ca href=\"https://github.com/antonpk1\"\u003e\u003ccode\u003e@​antonpk1\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/907\"\u003emodelcontextprotocol/typescript-sdk#907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: prevent ReDoS in UriTemplate regex patterns (v1.x backport) by \u003ca href=\"https://github.com/pcarleton\"\u003e\u003ccode\u003e@​pcarleton\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1365\"\u003emodelcontextprotocol/typescript-sdk#1365\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/antonpk1\"\u003e\u003ccode\u003e@​antonpk1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/907\"\u003emodelcontextprotocol/typescript-sdk#907\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/1.25.1...v1.25.2\"\u003ehttps://github.com/modelcontextprotocol/typescript-sdk/compare/1.25.1...v1.25.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e1.25.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003espec types - backwards compatibility changes by \u003ca href=\"https://github.com/KKonstantinov\"\u003e\u003ccode\u003e@​KKonstantinov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1306\"\u003emodelcontextprotocol/typescript-sdk#1306\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: bump version for patch fix by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1307\"\u003emodelcontextprotocol/typescript-sdk#1307\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/1.25.0...1.25.1\"\u003ehttps://github.com/modelcontextprotocol/typescript-sdk/compare/1.25.0...1.25.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e1.25.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003elist changed handlers on client constructor by \u003ca href=\"https://github.com/mattzcarey\"\u003e\u003ccode\u003e@​mattzcarey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1206\"\u003emodelcontextprotocol/typescript-sdk#1206\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRole - moved from inline to reusable type by \u003ca href=\"https://github.com/KKonstantinov\"\u003e\u003ccode\u003e@​KKonstantinov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1221\"\u003emodelcontextprotocol/typescript-sdk#1221\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: use versioned npm tag for non-main branch releases by \u003ca href=\"https://github.com/pcarleton\"\u003e\u003ccode\u003e@​pcarleton\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1236\"\u003emodelcontextprotocol/typescript-sdk#1236\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNo automatic completion support unless needed - Revisited yet again by \u003ca href=\"https://github.com/cliffhall\"\u003e\u003ccode\u003e@​cliffhall\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1237\"\u003emodelcontextprotocol/typescript-sdk#1237\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Support updating output schema by \u003ca href=\"https://github.com/vincent0426\"\u003e\u003ccode\u003e@​vincent0426\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1048\"\u003emodelcontextprotocol/typescript-sdk#1048\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/fe9c07b465871394c7069207c86513df9c1194a4\"\u003e\u003ccode\u003efe9c07b\u003c/code\u003e\u003c/a\u003e chore: bump version to 1.26.0 (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1479\"\u003e#1479\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/4f01e7e0708e1a85ccc7dbf39e850005f2d9ff03\"\u003e\u003ccode\u003e4f01e7e\u003c/code\u003e\u003c/a\u003e fix: add non-null assertions for optional setupServer fields in stateful test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/a05be176cabeae1f933b676e3ce024bf02e2314d\"\u003e\u003ccode\u003ea05be17\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/50d9fa3cd12e807e7963bcb9e1548786d3d5d941\"\u003e\u003ccode\u003e50d9fa3\u003c/code\u003e\u003c/a\u003e Fix \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1430\"\u003e#1430\u003c/a\u003e: Client Credentials providers scopes support (backported) (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1442\"\u003e#1442\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/aa81a66556fb4434d8a6d1b70f7ac9fc40b5d325\"\u003e\u003ccode\u003eaa81a66\u003c/code\u003e\u003c/a\u003e fix(deps): resolve npm audit vulnerabilities and bump dependencies (v1.x back...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/6aba0659654e1ff0699844524595922a61e44cb9\"\u003e\u003ccode\u003e6aba065\u003c/code\u003e\u003c/a\u003e chore: bump v1.25.3 for backport fixes (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1412\"\u003e#1412\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/6e8f7e1a43a819ae230373c62b82228dafd892c6\"\u003e\u003ccode\u003e6e8f7e1\u003c/code\u003e\u003c/a\u003e fix: prevent Hono from overriding global Response object (v1.x) (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1411\"\u003e#1411\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/12ae856cee6ca58499cce24e80f650e78a0c7610\"\u003e\u003ccode\u003e12ae856\u003c/code\u003e\u003c/a\u003e [v1.x backport] Use correct schema for client sampling validation when tools ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/b392f02ffcf37c088dbd114fedf25026ec3913d3\"\u003e\u003ccode\u003eb392f02\u003c/code\u003e\u003c/a\u003e fix: prevent ReDoS in UriTemplate regex patterns (v1.x backport) (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1365\"\u003e#1365\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/a0c9b13484748acab9e5dc8317a7e89c06b52e37\"\u003e\u003ccode\u003ea0c9b13\u003c/code\u003e\u003c/a\u003e fix: README badges links destinations (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/907\"\u003e#907\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/1.9.0...v1.26.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~pcarleton\"\u003epcarleton\u003c/a\u003e, a new releaser for \u003ccode\u003e@​modelcontextprotocol/sdk\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `next` from 14.2.25 to 15.5.18\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vercel/next.js/releases\"\u003enext's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev15.5.18\u003c/h2\u003e\n\u003cp\u003eThis release contains security fixes for the following advisories:\u003c/p\u003e\n\u003cp\u003eHigh:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-8h8q-6873-q5fj\"\u003eGHSA-8h8q-6873-q5fj: Denial of Service with Server Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-267c-6grr-h53f\"\u003eGHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-26hh-7cqf-hhc6\"\u003eGHSA-26hh-7cqf-hhc6: Middleware / Proxy bypass in App Router applications via segment-prefetch routes - Incomplete Fix Follow-Up\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-mg66-mrh9-m8jx\"\u003eGHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-492v-c6pp-mqqv\"\u003eGHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-c4j6-fc7j-m34r\"\u003eGHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-36qx-fr4f-26g5\"\u003eGHSA-36qx-fr4f-26g5: Middleware / Proxy bypass in Pages Router applications using i18n\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eModerate:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-ffhc-5mcf-pf4q\"\u003eGHSA-ffhc-5mcf-pf4q: Cross-site scripting in App Router applications using CSP nonces\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-gx5p-jg67-6x7h\"\u003eGHSA-gx5p-jg67-6x7h: Cross-site scripting in beforeInteractive scripts with untrusted input\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-h64f-5h5j-jqjh\"\u003eGHSA-h64f-5h5j-jqjh: Denial of Service in the Image Optimization API\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-wfc6-r584-vfw7\"\u003eGHSA-wfc6-r584-vfw7: Cache poisoning in React Server Component responses\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eLow:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-vfv6-92ff-j949\"\u003eGHSA-vfv6-92ff-j949: Cache poisoning via collisions in React Server Component cache-busting\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-3g8h-86w9-wvmq\"\u003eGHSA-3g8h-86w9-wvmq: Middleware / Proxy redirects can be cache-poisoned\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev15.5.16\u003c/h2\u003e\n\u003cp\u003eThis release contains security fixes for the following advisories:\u003c/p\u003e\n\u003cp\u003eHigh:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-8h8q-6873-q5fj\"\u003eGHSA-8h8q-6873-q5fj: Denial of Service with Server Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-267c-6grr-h53f\"\u003eGHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-mg66-mrh9-m8jx\"\u003eGHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-492v-c6pp-mqqv\"\u003eGHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-c4j6-fc7j-m34r\"\u003eGHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-36qx-fr4f-26g5\"\u003eGHSA-36qx-fr4f-26g5: Middleware / Proxy bypass in Pages Router applications using i18n\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eModerate:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-ffhc-5mcf-pf4q\"\u003eGHSA-ffhc-5mcf-pf4q: Cross-site scripting in App Router applications using CSP nonces\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-gx5p-jg67-6x7h\"\u003eGHSA-gx5p-jg67-6x7h: Cross-site scripting in beforeInteractive scripts with untrusted input\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-h64f-5h5j-jqjh\"\u003eGHSA-h64f-5h5j-jqjh: Denial of Service in the Image Optimization API\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-wfc6-r584-vfw7\"\u003eGHSA-wfc6-r584-vfw7: Cache poisoning in React Server Component responses\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eLow:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-vfv6-92ff-j949\"\u003eGHSA-vfv6-92ff-j949: Cache poisoning via collisions in React Server Component cache-busting\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-3g8h-86w9-wvmq\"\u003eGHSA-3g8h-86w9-wvmq: Middleware / Proxy redirects can be cache-poisoned\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev15.5.15\u003c/h2\u003e\n\u003cp\u003ePlease refer the following changelogs for more information about this security release:\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://vercel.com/changelog/summary-of-cve-2026-23869\"\u003ehttps://vercel.com/changelog/summary-of-cve-2026-23869\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev15.5.14\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/9ff92cebcaa6ba4e7463b6fd037a8510ba9b81ec\"\u003e\u003ccode\u003e9ff92ce\u003c/code\u003e\u003c/a\u003e v15.5.18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/00ebe23562bd7eb32dd78730984bfadb47138bcf\"\u003e\u003ccode\u003e00ebe23\u003c/code\u003e\u003c/a\u003e [backport] Disable build caches for production/staging/force-preview deploys ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/62c97ab0b5825e2cbc15f6b682d8286a8dd6a038\"\u003e\u003ccode\u003e62c97ab\u003c/code\u003e\u003c/a\u003e v15.5.17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/423623ae38c106273085b66946ee5bf9aab77f2c\"\u003e\u003ccode\u003e423623a\u003c/code\u003e\u003c/a\u003e Turbopack: Match proxy matchers with webpack implementation (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93594\"\u003e#93594\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/fa787399b38d9aa702118f9bd23a8315b9f0ecc6\"\u003e\u003ccode\u003efa78739\u003c/code\u003e\u003c/a\u003e Turbopack: Fix middleware matcher suffix (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93590\"\u003e#93590\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/36e62c6eb7813e42d409eb487f93b829f4ad77e8\"\u003e\u003ccode\u003e36e62c6\u003c/code\u003e\u003c/a\u003e [backport] Turbopack: more strict vergen setup (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93588\"\u003e#93588\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/36589b5db512b7704cdadd873cbe49b6dbcc9261\"\u003e\u003ccode\u003e36589b5\u003c/code\u003e\u003c/a\u003e [backport][test] Pin package manager to patch versions (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93596\"\u003e#93596\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/ad6fd4e50e5aba20b60d283c42b89273a3167ccd\"\u003e\u003ccode\u003ead6fd4e\u003c/code\u003e\u003c/a\u003e v15.5.16\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/79d7dff1448483f0c8f187f98887b31019f6e494\"\u003e\u003ccode\u003e79d7dff\u003c/code\u003e\u003c/a\u003e Ignore malformed CSP nonce headers (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/c4f69086cc8dcbd81b1dbc321c98ea874d90d6f8\"\u003e\u003ccode\u003ec4f6908\u003c/code\u003e\u003c/a\u003e router-server: guard upgrade proxy against absolute-url SSRF (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/77\"\u003e#77\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vercel/next.js/compare/v14.2.25...v15.5.18\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for next since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `postcss` from 8.4.49 to 8.5.10\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/releases\"\u003epostcss's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcessor#version\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map annotation cleaning performance (by CodeAnt AI).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eContainerWithChildren\u003c/code\u003e type discriminating (by \u003ca href=\"https://github.com/Goodwine\"\u003e\u003ccode\u003e@​Goodwine\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epackage.json\u003c/code\u003e→\u003ccode\u003eexports\u003c/code\u003e compatibility with some tools (by \u003ca href=\"https://github.com/JounQin\"\u003e\u003ccode\u003e@​JounQin\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed Parcel compatibility issue (by \u003ca href=\"https://github.com/git-sumitchaudhary\"\u003e\u003ccode\u003e@​git-sumitchaudhary\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded more details to \u003ccode\u003eUnknown word\u003c/code\u003e error (by \u003ca href=\"https://github.com/hiepxanh\"\u003e\u003ccode\u003e@​hiepxanh\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFixed types (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFixed docs (by \u003ca href=\"https://github.com/catnipan\"\u003e\u003ccode\u003e@​catnipan\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed end position of rules with semicolon (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed backwards compatibility for complex cases (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5 “Duke Alloces”\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003ePostCSS 8.5 brought API to work better with non-CSS sources like HTML, Vue.js/Svelte sources or CSS-in-JS.\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e during \u003ca href=\"https://redirect.github.com/postcss/postcss/issues/1995\"\u003ehis work\u003c/a\u003e on \u003ca href=\"https://stylelint.io\"\u003eStylelint\u003c/a\u003e added \u003ccode\u003eInput#document\u003c/code\u003e in additional to \u003ccode\u003eInput#css\u003c/code\u003e.\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003eroot.source.input.document //=\u0026gt; \u0026quot;\u0026lt;p\u0026gt;Hello\u0026lt;/p\u0026gt;\r\n                           //    \u0026lt;style\u0026gt;\r\n                           //    p {\r\n                           //      color: green;\r\n                           //    }\r\n                           //    \u0026lt;/style\u0026gt;\u0026quot;\r\nroot.source.input.css      //=\u0026gt; \u0026quot;p {\r\n                           //      color: green;\r\n                           //    }\u0026quot;\r\n\u003cp\u003e\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt;\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/blob/main/CHANGELOG.md\"\u003epostcss's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcessor#version\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map annotation cleaning performance (by CodeAnt AI).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eContainerWithChildren\u003c/code\u003e type discriminating (by \u003ca href=\"https://github.com/Goodwine\"\u003e\u003ccode\u003e@​Goodwine\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epackage.json\u003c/code\u003e→\u003ccode\u003eexports\u003c/code\u003e compatibility with some tools (by \u003ca href=\"https://github.com/JounQin\"\u003e\u003ccode\u003e@​JounQin\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed Parcel compatibility issue (by \u003ca href=\"https://github.com/git-sumitchaudhary\"\u003e\u003ccode\u003e@​git-sumitchaudhary\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded more details to \u003ccode\u003eUnknown word\u003c/code\u003e error (by \u003ca href=\"https://github.com/hiepxanh\"\u003e\u003ccode\u003e@​hiepxanh\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFixed types (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFixed docs (by \u003ca href=\"https://github.com/catnipan\"\u003e\u003ccode\u003e@​catnipan\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed end position of rules with semicolon (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed backwards compatibility for complex cases (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5 “Duke Alloces”\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003eInput#document\u003c/code\u003e for sources like CSS-in-JS or HTML (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/33b9790263dc1562a46ce45d9532bd63e95b7986\"\u003e\u003ccode\u003e33b9790\u003c/code\u003e\u003c/a\u003e Release 8.5.10 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/536c79e4b01e58a3a56b09c3c0cf2323f4b9a28b\"\u003e\u003ccode\u003e536c79e\u003c/code\u003e\u003c/a\u003e Escape \u0026lt;/style\u0026gt; in CSS output (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2074\"\u003e#2074\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/afa96b2a139ce625c4d27973313479c7c85f39d4\"\u003e\u003ccode\u003eafa96b2\u003c/code\u003e\u003c/a\u003e Update dependencies (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2073\"\u003e#2073\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/effe88bb87cabdc1876e02adbdd30f392f19f40d\"\u003e\u003ccode\u003eeffe88b\u003c/code\u003e\u003c/a\u003e Typo (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2072\"\u003e#2072\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/3ee79a2c4a11e41d52db50b444eebe38299495ad\"\u003e\u003ccode\u003e3ee79a2\u003c/code\u003e\u003c/a\u003e Thread model (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2071\"\u003e#2071\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/2e0683daca4dc2919211b03774f6b2d137136c01\"\u003e\u003ccode\u003e2e0683d\u003c/code\u003e\u003c/a\u003e Create incident response docs (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/fe88ac29c06b7b218be32994cdc6ca1525bdf2c9\"\u003e\u003ccode\u003efe88ac2\u003c/code\u003e\u003c/a\u003e Release 8.5.9 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/c551632496b87ab3f1965bfda5dc386b6c71963e\"\u003e\u003ccode\u003ec551632\u003c/code\u003e\u003c/a\u003e Avoid RegExp when we can use simple JS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/89a6b744060eb8dee743351c785a9fbe37d4525a\"\u003e\u003ccode\u003e89a6b74\u003c/code\u003e\u003c/a\u003e Move SECURITY.txt for docs folder to keep GitHub page cleaner\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/6ceb8a46af9f9de821faee98f861bdf84617347b\"\u003e\u003ccode\u003e6ceb8a4\u003c/code\u003e\u003c/a\u003e Create SECURITY.md\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/postcss/postcss/compare/8.4.49...8.5.10\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `mdast-util-to-hast` from 13.2.0 to 13.2.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/syntax-tree/mdast-util-to-hast/releases\"\u003emdast-util-to-hast's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e13.2.1\u003c/h2\u003e\n\u003ch4\u003eFix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eab3a795 Fix support for spaces in class names\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eTypes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eefb5312 Refactor to use \u003ccode\u003e@import\u003c/code\u003es\u003c/li\u003e\n\u003cli\u003ea5bc210 Add declaration maps\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/syntax-tree/mdast-util-to-hast/compare/13.2.0...13.2.1\"\u003ehttps://github.com/syntax-tree/mdast-util-to-hast/compare/13.2.0...13.2.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/syntax-tree/mdast-util-to-hast/commit/174795b21f7757fffb54dd8d5fb4012f4751f791\"\u003e\u003ccode\u003e174795b\u003c/code\u003e\u003c/a\u003e 13.2.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/syntax-tree/mdast-util-to-hast/commit/3d05b3a715133df55689fe3753c2e47101315b4e\"\u003e\u003ccode\u003e3d05b3a\u003c/code\u003e\u003c/a\u003e Update Node in Actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/syntax-tree/mdast-util-to-hast/commit/ab3a79570a1afbfa7efef5d4a0cd9b5caafbc5d7\"\u003e\u003ccode\u003eab3a795\u003c/code\u003e\u003c/a\u003e Fix support for spaces in class names\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/syntax-tree/mdast-util-to-hast/commit/efb531231020055e0dab7b39a18d80b569d5b566\"\u003e\u003ccode\u003eefb5312\u003c/code\u003e\u003c/a\u003e Refactor to use \u003ccode\u003e@import\u003c/code\u003es\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/syntax-tree/mdast-util-to-hast/commit/a5bc210f1aa308e4c6141ac374893c9237fcd746\"\u003e\u003ccode\u003ea5bc210\u003c/code\u003e\u003c/a\u003e Add declaration maps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/syntax-tree/mdast-util-to-hast/commit/b54955d4e123b0167eac13646333c809bb8f301c\"\u003e\u003ccode\u003eb54955d\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003e.tsbuildinfo\u003c/code\u003e to \u003ccode\u003e.gitignore\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/syntax-tree/mdast-util-to-hast/compare/13.2.0...13.2.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `undici` from 6.20.1 to 6.25.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodejs/undici/releases\"\u003eundici's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.25.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v6.24.1...v6.25.0\"\u003ehttps://github.com/nodejs/undici/compare/v6.24.1...v6.25.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.24.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v6.24.0...v6.24.1\"\u003ehttps://github.com/nodejs/undici/compare/v6.24.0...v6.24.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.24.0\u003c/h2\u003e\n\u003ch1\u003eUndici v6.24.0 Security Release Notes (LTS)\u003c/h1\u003e\n\u003cp\u003eThis release backports fixes for security vulnerabilities affecting the v6 line.\u003c/p\u003e\n\u003ch2\u003eUpgrade guidance\u003c/h2\u003e\n\u003cp\u003eAll users on v6 should upgrade to \u003cstrong\u003ev6.24.0\u003c/strong\u003e or later.\u003c/p\u003e\n\u003ch2\u003eFixed advisories\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-6q6p-2qxm\"\u003eGHSA-2mjp-6q6p-2qxm\u003c/a\u003e / CVE-2026-1525 (Medium)\u003cbr /\u003e\nInconsistent interpretation of HTTP requests (request/response smuggling class issue).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj\"\u003eGHSA-f269-vfmq-vjvj\u003c/a\u003e / CVE-2026-1528 (High)\u003cbr /\u003e\nMalicious WebSocket 64-bit frame length handling could crash the client.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-4992-7rv2-5pvq\"\u003eGHSA-4992-7rv2-5pvq\u003c/a\u003e / CVE-2026-1527 (Medium)\u003cbr /\u003e\nCRLF injection via the \u003ccode\u003eupgrade\u003c/code\u003e option.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8\"\u003eGHSA-v9p9-hfj2-hcw8\u003c/a\u003e / CVE-2026-2229 (High)\u003cbr /\u003e\nUnhandled exception from invalid \u003ccode\u003eserver_max_window_bits\u003c/code\u003e in WebSocket permessage-deflate negotiation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q\"\u003eGHSA-vrm6-8vpv-qv8q\u003c/a\u003e / CVE-2026-1526 (High)\u003cbr /\u003e\nUnbounded memory consumption in WebSocket permessage-deflate decompression.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNot applicable to v6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-phc3-fgpg-7m6h\"\u003eGHSA-phc3-fgpg-7m6h\u003c/a\u003e / CVE-2026-2581 affects \u003ccode\u003e\u0026gt;= 7.17.0 \u0026lt; 7.24.0\u003c/code\u003e only.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAffected and patched ranges (v6)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-1525: affected \u003ccode\u003e\u0026lt; 6.24.0\u003c/code\u003e, patched \u003ccode\u003e6.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1528: affected \u003ccode\u003e\u0026gt;= 6.0.0 \u0026lt; 6.24.0\u003c/code\u003e, patched \u003ccode\u003e6.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1527: affected \u003ccode\u003e\u0026lt; 6.24.0\u003c/code\u003e, patched \u003ccode\u003e6.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-2229: affected \u003ccode\u003e\u0026lt; 6.24.0\u003c/code\u003e, patched \u003ccode\u003e6.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1526: affected \u003ccode\u003e\u0026lt; 6.24.0\u003c/code\u003e, patched \u003ccode\u003e6.24.0\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eReferences\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eGitHub Security Advisories: \u003ca href=\"https://github.com/nodejs/undici/security/advisories\"\u003ehttps://github.com/nodejs/undici/security/advisories\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/3420499cad88e72e04972b7bb28dd9f2ec2638ac\"\u003e\u003ccode\u003e3420499\u003c/code\u003e\u003c/a\u003e Bumped v6.25.0 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/5029\"\u003e#5029\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/d7a1e55fbe9607e8b56a10b4be129ca63d16014b\"\u003e\u003ccode\u003ed7a1e55\u003c/code\u003e\u003c/a\u003e feat: add configurable maxPayloadSize for WebSocket (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4955\"\u003e#4955\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/a9d1848fa18d351813e9563bb7653acf1e3c60ad\"\u003e\u003ccode\u003ea9d1848\u003c/code\u003e\u003c/a\u003e Do not mark v6.x releases as latest\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/01265866974369f75f939109969097e45e72b1e1\"\u003e\u003ccode\u003e0126586\u003c/code\u003e\u003c/a\u003e Ignore local agent configuration files\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/c0cf656ef5e66f7372a7e57d08c6cbdd5b127e82\"\u003e\u003ccode\u003ec0cf656\u003c/code\u003e\u003c/a\u003e Bumped v6.24.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/f5a9f0ccbe958e7d0cfd7b63a9a8d195378ac6f6\"\u003e\u003ccode\u003ef5a9f0c\u003c/code\u003e\u003c/a\u003e Fix v6 release workflow branch targeting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/af2cb8fe01320f189394bef193c2d5b441fcfe6f\"\u003e\u003ccode\u003eaf2cb8f\u003c/code\u003e\u003c/a\u003e wqremove maxDecompressedMessageSize (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4891\"\u003e#4891\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/8873c947271faf1ebc455bdc6158ecbc022ecfa9\"\u003e\u003ccode\u003e8873c94\u003c/code\u003e\u003c/a\u003e Bumped v6.24.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/411bd01a42e7917009bbf686f7628b99d67bbce9\"\u003e\u003ccode\u003e411bd01\u003c/code\u003e\u003c/a\u003e test(websocket): use node:assert for Node 18 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/844bf59699d778944f78a24ae819c0e8f295766e\"\u003e\u003ccode\u003e844bf59\u003c/code\u003e\u003c/a\u003e test: fix http2 lint regressions in backport\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nodejs/undici/compare/v6.20.1...v6.25.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for undici since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@smithy/config-resolver` from 4.0.1 to 4.5.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/smithy-lang/smithy-typescript/releases\"\u003e@​smithy/config-resolver's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ccode\u003e@​smithy/config-resolver\u003c/code\u003e\u003ca href=\"https://github.com/4\"\u003e\u003ccode\u003e@​4\u003c/code\u003e\u003c/a\u003e.5.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated dependencies [2dc5cf6]\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [1d0ff86]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​smithy/core\u003c/code\u003e\u003ca href=\"https://github.com/3\"\u003e\u003ccode\u003e@​3\u003c/code\u003e\u003c/a\u003e.24.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/smithy-lang/smithy-typescript/blob/main/packages/config-resolver/CHANGELOG.md\"\u003e@​smithy/config-resolver's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.5.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated dependencies [2dc5cf6]\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [1d0ff86]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​smithy/core\u003c/code\u003e\u003ca href=\"https://github.com/3\"\u003e\u003ccode\u003e@​3\u003c/code\u003e\u003c/a\u003e.24.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.5.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e540aeb4: consolidate core/retry and related cleanup\u003c/li\u003e\n\u003cli\u003e4f30af1: consolidation for core/protocols\u003c/li\u003e\n\u003cli\u003e62fed78: package consolidation for core/config\u003c/li\u003e\n\u003cli\u003ef21bf6b: consolidate packages into core/client\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e0be0b36: clean up exported API surface\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [ee92b6b]\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [540aeb4]\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [0be0b36]\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [4f30af1]\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [8963b91]\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [fb323fb]\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [9194e9f]\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [7ec62a0]\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [62fed78]\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [cad44fc]\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [545589a]\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [f21bf6b]\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [7fd6ac0]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​smithy/core\u003c/code\u003e\u003ca href=\"https://github.com/3\"\u003e\u003ccode\u003e@​3\u003c/code\u003e\u003c/a\u003e.24.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/smithy-lang/smithy-typescript/commit/6b733627f88522b81d2f264a25967752d516b872\"\u003e\u003ccode\u003e6b73362\u003c/code\u003e\u003c/a\u003e Version NPM packages\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/smithy-lang/smithy-typescript/commit/bf13524f10a780d7404e16686d439caf9ee871f0\"\u003e\u003ccode\u003ebf13524\u003c/code\u003e\u003c/a\u003e chore(packages): add build:types standalone script to stub packages (\u003ca href=\"https://github.com/smithy-lang/smithy-typescript/tree/HEAD/packages/config-resolver/issues/2019\"\u003e#2019\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/smithy-lang/smithy-typescript/commit/e1bede0f47296cdd8d93a715304979a63b51ec8c\"\u003e\u003ccode\u003ee1bede0\u003c/code\u003e\u003c/a\u003e Version NPM packages\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/smithy-lang/smithy-typescript/commit/0be0b361fa588240e7c8998046385963d391030a\"\u003e\u003ccode\u003e0be0b36\u003c/code\u003e\u003c/a\u003e chore(scripts): add type symbols to api snapshot (\u003ca href=\"https://github.com/smithy-lang/smithy-typescript/tree/HEAD/packages/config-resolver/issues/2004\"\u003e#2004\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/smithy-lang/smithy-typescript/commit/540aeb4a66e9a7cfe14dde87a14c6557580a6974\"\u003e\u003ccode\u003e540aeb4\u003c/code\u003e\u003c/a\u003e chore(core/retry): consolidate packages (\u003ca href=\"https://github.com/smithy-lang/smithy-typescript/tree/HEAD/packages/config-resolver/issues/2002\"\u003e#2002\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/smithy-lang/smithy-typescript/commit/62fed781fa0fdfca43b02b7ab5031be52545e3e0\"\u003e\u003ccode\u003e62fed78\u003c/code\u003e\u003c/a\u003e chore(core/config): consolidate packages (\u003ca href=\"https://github.com/smithy-lang/smithy-typescript/tree/HEAD/packages/config-resolver/issues/1992\"\u003e#1992\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/smithy-lang/smithy-typescript/commit/f21bf6b04e98711aae56aa497e956a4f7c579a12\"\u003e\u003ccode\u003ef21bf6b\u003c/code\u003e\u003c/a\u003e chore(core/client): package consolidation (\u003ca href=\"https://github.com/smithy-lang/smithy-typescript/tree/HEAD/packages/config-resolver/issues/1991\"\u003e#1991\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/smithy-lang/smithy-typescript/commit/c077b47b045f90382003cab83b3bec14cbc1ec29\"\u003e\u003ccode\u003ec077b47\u003c/code\u003e\u003c/a\u003e Version NPM packages\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/smithy-lang/smithy-typescript/commit/a5194303d19d5b5e4a7e3f08374768f3a507f800\"\u003e\u003ccode\u003ea519430\u003c/code\u003e\u003c/a\u003e Version NPM packages\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/smithy-lang/smithy-typescript/commit/77e352f51cba8f14e98b55fe6527457776649f75\"\u003e\u003ccode\u003e77e352f\u003c/code\u003e\u003c/a\u003e Version NPM packages\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/smithy-lang/smithy-typescript/commits/@smithy/config-resolver@4.5.1/packages/config-resolver\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `brace-expansion` from 1.1.11 to 1.1.14\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/juliangruber/brace-expansion/releases\"\u003ebrace-expansion's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.1.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003epkg: publish on tag 1.x  c460dbd\u003c/li\u003e\n\u003cli\u003efmt  ccb8ac6\u003c/li\u003e\n\u003cli\u003eFix potential ReDoS Vulnerability or Inefficient Regular Expression (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/65\"\u003e#65\u003c/a\u003e)  c3c73c8\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v1.1.11...v1.1.12\"\u003ehttps://github.com/juliangruber/brace-expansion/compare/v1.1.11...v1.1.12\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/10c05fcf3699b1a29ef5e611c011af3d3c97e6e3\"\u003e\u003ccode\u003e10c05fc\u003c/code\u003e\u003c/a\u003e 1.1.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/1afa1b22ead12f6a7a02f25bf0f7d64c2439b007\"\u003e\u003ccode\u003e1afa1b2\u003c/code\u003e\u003c/a\u003e Add opt-in { max } mitigation to v1 legacy line (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/2fbb6a2aa0f984bb2fb5f60252ca6cba3e1368ec\"\u003e\u003ccode\u003e2fbb6a2\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/0d7652e3093d3273151729812f9b0b79a17ecba6\"\u003e\u003ccode\u003e0d7652e\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/6c353caf23beb9644f858eb3fe38d43a68b82898\"\u003e\u003ccode\u003e6c353ca\u003c/code\u003e\u003c/a\u003e 1.1.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2\"\u003e\u003ccode\u003e7fd684f\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-f886-m6hf-6m8v (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/95\"\u003e#95\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/44f33b47c5c6a965d507421af43e86cf5971d711\"\u003e\u003ccode\u003e44f33b4\u003c/code\u003e\u003c/a\u003e 1.1.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/c460dbd68e428d147b2080622d8ce126c7a08570\"\u003e\u003ccode\u003ec460dbd\u003c/code\u003e\u003c/a\u003e pkg: publish on tag 1.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/ccb8ac6d4292b7661b677fe048ba6690c877f51f\"\u003e\u003ccode\u003eccb8ac6\u003c/code\u003e\u003c/a\u003e fmt\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/c3c73c8b088defc70851843be88ccc3af08e7217\"\u003e\u003ccode\u003ec3c73c8\u003c/code\u003e\u003c/a\u003e Fix potential ReDoS Vulnerability or Inefficient Regular Expression (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/65\"\u003e#65\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/1.1.11...v1.1.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `axios` from 1.8.1 to 1.16.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/releases\"\u003eaxios's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.16.1 — May 13, 2026\u003c/h2\u003e\n\u003cp\u003eThis release ships a defence-in-depth fix for prototype pollution in \u003ccode\u003eformDataToJSON\u003c/code\u003e, hardens proxy and CI workflows, restores Webpack 4 compatibility for the fetch adapter, and includes several small bug fixes and maintenance improvements.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution Defence-in-Depth:\u003c/strong\u003e Hardened \u003ccode\u003eformDataToJSON\u003c/code\u003e against already-polluted \u003ccode\u003eObject.prototype\u003c/code\u003e by walking own properties only, so attacker-controlled keys inherited from a poisoned prototype cannot propagate through deserialization. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7413\"\u003e#7413\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProxy Cleartext Leak:\u003c/strong\u003e Fixed an issue where HTTPS request data could be transmitted in cleartext to an HTTP proxy under certain configurations. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10858\"\u003e#10858\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eCI Cache Removal:\u003c/strong\u003e Removed all GitHub Actions caches as a defence-in-depth measure against cache poisoning vectors in the build pipeline. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10882\"\u003e#10882\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eData URI Parsing:\u003c/strong\u003e Updated the \u003ccode\u003efromDataURI\u003c/code\u003e regex to match RFC 2397 more strictly, fixing edge cases in \u003ccode\u003edata:\u003c/code\u003e URL handling. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10829\"\u003e#10829\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUnicode Headers:\u003c/strong\u003e Preserved Unicode header values when running through request interceptors, so non-ASCII header content is no longer corrupted before dispatch. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10850\"\u003e#10850\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eXHR Upload Progress:\u003c/strong\u003e Guarded against malformed \u003ccode\u003eProgressEvent\u003c/code\u003e payloads emitted by some environments during XHR upload, preventing crashes when \u003ccode\u003eloaded\u003c/code\u003e / \u003ccode\u003etotal\u003c/code\u003e are missing or invalid. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10868\"\u003e#10868\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eWebpack 4 Fetch Adapter:\u003c/strong\u003e Fixed an \u0026quot;unexpected token\u0026quot; error caused by syntax in the fetch adapter that Webpack 4 could not parse, restoring compatibility for legacy bundler users. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10864\"\u003e#10864\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eType Definitions:\u003c/strong\u003e Made \u003ccode\u003eparseReviver\u003c/code\u003e \u003ccode\u003econtext.source\u003c/code\u003e optional in the type definitions to align with the ES2023 specification. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10837\"\u003e#10837\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eURL Object Support Reverted:\u003c/strong\u003e Reverted the change that allowed passing a \u003ccode\u003eURL\u003c/code\u003e object as \u003ccode\u003econfig.url\u003c/code\u003e (originally \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e\u003c/strong\u003e) due to regressions; this support will be reintroduced in a later release once the underlying issues are addressed. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10874\"\u003e#10874\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eCycle Detection Refactor:\u003c/strong\u003e Replaced the array-based cycle tracker in \u003ccode\u003etoJSONObject\u003c/code\u003e with a \u003ccode\u003eWeakSet\u003c/code\u003e, improving performance and memory behaviour on large nested structures. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10832\"\u003e#10832\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecomposeSignals Cleanup:\u003c/strong\u003e Refactored \u003ccode\u003ecomposeSignals\u003c/code\u003e to use a clearer early-return structure, simplifying the cancellation/abort composition path. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10844\"\u003e#10844\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eAI Readiness \u0026amp; Repo Docs:\u003c/strong\u003e Added \u003ccode\u003eAGENTS.md\u003c/code\u003e and related contributor-guide updates for both human and AI agents, plus post-release documentation improvements. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10835\"\u003e#10835\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10841\"\u003e#10841\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDocs Improvements:\u003c/strong\u003e Clarified the GET request example, fixed the interceptor \u003ccode\u003eeject\u003c/code\u003e example to reference the correct instance, and corrected the Buzzoid sponsor description in the README. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10836\"\u003e#10836\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10853\"\u003e#10853\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10856\"\u003e#10856\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSponsorship Tooling:\u003c/strong\u003e Fixed empty sponsor arrays in the sponsor processing script, added the ability to inject additional sponsors, updated the sponsorship link, and added a Twicsy advertisement entry. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10843\"\u003e#10843\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10859\"\u003e#10859\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10869\"\u003e#10869\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDependencies:\u003c/strong\u003e Bumped \u003ccode\u003e@commitlint/cli\u003c/code\u003e from 20.5.0 to 20.5.2. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10846\"\u003e#10846\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🌟 New Contributors\u003c/h2\u003e\n\u003cp\u003eWe are thrilled to welcome our new contributors. Thank you for helping improve axios:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/hpinmetaverse\"\u003e\u003ccode\u003e@​hpinmetaverse\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10836\"\u003e#10836\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/tommyhgunz14\"\u003e\u003ccode\u003e@​tommyhgunz14\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7413\"\u003e#7413\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/abhu85\"\u003e\u003ccode\u003e@​abhu85\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10829\"\u003e#10829\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/divyanshuraj1095\"\u003e\u003ccode\u003e@​divyanshuraj1095\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10853\"\u003e#10853\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/sagodi97\"\u003e\u003ccode\u003e@​sagodi97\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10856\"\u003e#10856\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/rkdfx\"\u003e\u003ccode\u003e@​rkdfx\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10868\"\u003e#10868\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/Liuwei1125\"\u003e\u003ccode\u003e@​Liuwei1125\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/axios/axios/compare/v1.16.0...v1.16.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.16.0 — May 2, 2026\u003c/h2\u003e\n\u003cp\u003eThis release adds support for the QUERY HTTP method and a new \u003ccode\u003eECONNREFUSED\u003c/code\u003e error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.\u003c/p\u003e\n\u003ch2\u003e⚠️ Notable Changes\u003c/h2\u003e\n\u003cp\u003eA handful of fixes in this release are either security-adjacent or change observable behaviour. Please review before upgrading:\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/blob/v1.x/CHANGELOG.md\"\u003eaxios's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003ev1.16.0 — May 2, 2026\u003c/h2\u003e\n\u003cp\u003eThis release adds support for the QUERY HTTP method and a new \u003ccode\u003eECONNREFUSED\u003c/code\u003e error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.\u003c/p\u003e\n\u003ch2\u003e⚠️ Notable Changes\u003c/h2\u003e\n\u003cp\u003eA handful of fixes in this release are either security-adjacent or change observable behaviour. Please review before upgrading:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFetch adapter now enforces \u003ccode\u003emaxBodyLength\u003c/code\u003e and \u003ccode\u003emaxContentLength\u003c/code\u003e.\u003c/strong\u003e These limits were silently ignored on the fetch adapter prior to 1.16.0 — anyone relying on them as a safety net (DoS protection, accidental large uploads) had no protection. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10795\"\u003e#10795\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProxy requests now preserve user-supplied \u003ccode\u003eHost\u003c/code\u003e headers.\u003c/strong\u003e Previously, the proxy path could overwrite a custom \u003ccode\u003eHost\u003c/code\u003e. Virtual-host-style routing through a proxy will now behave correctly. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10822\"\u003e#10822\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBasic auth credentials embedded in URLs are now URL-decoded.\u003c/strong\u003e If you have percent-encoded credentials in a URL (e.g. \u003ccode\u003ehttps://user:p%40ss@host\u003c/code\u003e), the decoded value is what now goes on the wire. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10825\"\u003e#10825\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eparseProtocol\u003c/code\u003e now strictly requires a colon in the protocol separator.\u003c/strong\u003e Strings that loosely parsed as protocols before may no longer match. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10729\"\u003e#10729\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDeprecated \u003ccode\u003eunescape()\u003c/code\u003e replaced with modern UTF-8 encoding.\u003c/strong\u003e Non-ASCII URL handling is now spec-correct; consumers depending on legacy \u003ccode\u003eunescape()\u003c/code\u003e quirks may see different output bytes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7378\"\u003e#7378\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003etransformRequest\u003c/code\u003e input typing change was reverted.\u003c/strong\u003e The typing change introduced in \u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e was reverted in \u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e after follow-up review — net behavior is unchanged from 1.15.2. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eQUERY HTTP Method:\u003c/strong\u003e Added support for the QUERY HTTP method across adapters and type definitions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10802\"\u003e#10802\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eECONNREFUSED Error Constant:\u003c/strong\u003e Exposed \u003ccode\u003eECONNREFUSED\u003c/code\u003e as a constant on \u003ccode\u003eAxiosError\u003c/code\u003e so callers can match connection-refused failures without comparing string literals (closes \u003ca href=\"https://redirect.github.com/axios/axios/issues/6485\"\u003e#6485\u003c/a\u003e). (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10680\"\u003e#10680\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eEncode Helper Export:\u003c/strong\u003e Exported the internal \u003ccode\u003eencode\u003c/code\u003e helper from \u003ccode\u003ebuildURL\u003c/code\u003e so userland param serializers can reuse the same encoding logic that axios uses internally. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6897\"\u003e#6897\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP Adapter — Redirects \u0026amp; Headers:\u003c/strong\u003e Cleared stale headers when a redirect targets a no-proxy host, fixed the redirect listener chain so listeners no longer stack across hops, restored the missing \u003ccode\u003erequestDetails\u003c/code\u003e argument on \u003ccode\u003ebeforeRedirect\u003c/code\u003e, preserved user-supplied \u003ccode\u003eHost\u003c/code\u003e headers when forwarding through a proxy, and properly URL-decoded basic auth credentials. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10794\"\u003e#10794\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10800\"\u003e#10800\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6241\"\u003e#6241\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10822\"\u003e#10822\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10825\"\u003e#10825\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP Adapter — Streams \u0026amp; Timeouts:\u003c/strong\u003e Preserved the partial response object on \u003ccode\u003eAxiosError\u003c/code\u003e when a stream is aborted after headers arrive, honoured the \u003ccode\u003etimeout\u003c/code\u003e option during the connect phase when redirects are disabled, and resolved an unsettled-promise hang when an aborted request was combined with compression and \u003ccode\u003emaxRedirects: 0\u003c/code\u003e. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10708\"\u003e#10708\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10819\"\u003e#10819\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7149\"\u003e#7149\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eFetch Adapter:\u003c/strong\u003e Enforced \u003ccode\u003emaxBodyLength\u003c/code\u003e / \u003ccode\u003emaxContentLength\u003c/code\u003e in the fetch adapter, set the \u003ccode\u003eUser-Agent\u003c/code\u003e header to match the HTTP adapter, preserved the original abort reason instead of replacing it with a generic error, and deferred global access so importing the module no longer throws a \u003ccode\u003eTypeError\u003c/code\u003e in restricted environments. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10795\"\u003e#10795\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10772\"\u003e#10772\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10806\"\u003e#10806\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7260\"\u003e#7260\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eXHR Adapter:\u003c/strong\u003e Unsubscribed the \u003ccode\u003ecancelToken\u003c/code\u003e and \u003ccode\u003eAbortSignal\u003c/code\u003e listeners on the error, timeout, and abort code paths to prevent leaked subscriptions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10787\"\u003e#10787\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eError Handling:\u003c/strong\u003e Attached the parsed response to \u003ccode\u003eAxiosError\u003c/code\u003e when \u003ccode\u003eJSON.parse\u003c/code\u003e fails inside \u003ccode\u003edispatchRequest\u003c/code\u003e, prevented \u003ccode\u003esettle\u003c/code\u003e from emitting \u003ccode\u003eundefined\u003c/code\u003e error codes, and tightened the \u003ccode\u003eparseProtocol\u003c/code\u003e regex to require a colon in the protocol separator. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10724\"\u003e#10724\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7276\"\u003e#7276\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10729\"\u003e#10729\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTypes \u0026amp; Exports:\u003c/strong\u003e Aligned the CommonJS \u003ccode\u003eCancelToken\u003c/code\u003e typings with the ESM build, fixed a compiler error caused by \u003ccode\u003eRawAxiosHeaders\u003c/code\u003e, and re-exported \u003ccode\u003ecreate\u003c/code\u003e from the package index. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7414\"\u003e#7414\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6389\"\u003e#6389\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6460\"\u003e#6460\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUTF-8 Encoding:\u003c/strong\u003e Replaced the deprecated \u003ccode\u003eunescape()\u003c/code\u003e call with a modern UTF-8 encoding implementation. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7378\"\u003e#7378\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eMisc Cleanup:\u003c/strong\u003e Resolved a batch of small inconsistencies and gadget-level issues across the codebase. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10833\"\u003e#10833\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRefactor — ES6 Modernisation:\u003c/strong\u003e Modernised the \u003ccode\u003eutils\u003c/code\u003e module and XHR adapter to use ES6 features, and tidied the multipart boundary error message. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10588\"\u003e#10588\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7419\"\u003e#7419\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTests:\u003c/strong\u003e Hardened the HTTP test server lifecycle to fix flaky \u003ccode\u003eFormData\u003c/code\u003e EPIPE failures, fixed Win32 platform support for the pipe tests, and corrected an incorrect test assumption. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10820\"\u003e#10820\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10791\"\u003e#10791\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10796\"\u003e#10796\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDocs:\u003c/strong\u003e Documented \u003ccode\u003eparamsSerializer.encode\u003c/code\u003e for strict RFC 3986 query encoding, updated the \u003ccode\u003eparseReviver\u003c/code\u003e TypeScript definitions and configuration docs for ES2023, added timeout guidance to the README's first async example, and expanded notes around the recent type changes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10821\"\u003e#10821\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10782\"\u003e#10782\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10759\"\u003e#10759\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10804\"\u003e#10804\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eReverted:\u003c/strong\u003e Reverted the \u003ccode\u003etransformRequest\u003c/code\u003e input typing change from \u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e after follow-up review. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDependencies:\u003c/strong\u003e Bumped \u003ccode\u003eactions/setup-node\u003c/code\u003e, the \u003ccode\u003egithub-actions\u003c/code\u003e group, and \u003ccode\u003epostcss\u003c/code\u003e (in \u003ccode\u003e/docs\u003c/code\u003e) to their latest versions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10785\"\u003e#10785\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10813\"\u003e#10813\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10814\"\u003e#10814\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRelease:\u003c/strong\u003e Updated changelog and packages, and prepared the 1.16.0 release. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10790\"\u003e#10790\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10834\"\u003e#10834\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🌟 New Contributors\u003c/h2\u003e\n\u003cp\u003eWe are thrilled to welcome our new contributors. Thank you for helping improve axios:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/singhankit001\"\u003e\u003ccode\u003e@​singhankit001\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10588\"\u003e#10588\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/cuiweixie\"\u003e\u003ccode\u003e@​cuiweixie\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7419\"\u003e#7419\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/iruizsalinas\"\u003e\u003ccode\u003e@​iruizsalinas\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10787\"\u003e#10787\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/1337d6b537afb2d3f501074c8ac4ef4308221197\"\u003e\u003ccode\u003e1337d6b\u003c/code\u003e\u003c/a\u003e chore(release): prepare release 1.16.1 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10877\"\u003e#10877\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/858a790cec06054547d0d3f941916d6fb2a4d18e\"\u003e\u003ccode\u003e858a790\u003c/code\u003e\u003c/a\u003e fix: remove all caches (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10882\"\u003e#10882\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/34adfd90efc9c145488399e1cf7fa96de67080fa\"\u003e\u003ccode\u003e34adfd9\u003c/code\u003e\u003c/a\u003e revert: \u0026quot;fix: support URL object as config.url input (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10874\"\u003e#10874\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/847d89b43654405d9a231e0b669832c2092b621f\"\u003e\u003ccode\u003e847d89b\u003c/code\u003e\u003c/a\u003e fix: support URL object as config.url input (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/40948863677bb793bfff0293cce7e7b4f8a1b212\"\u003e\u003ccode\u003e4094886\u003c/code\u003e\u003c/a\u003e fix(progress): guard malformed XHR upload events (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10868\"\u003e#10868\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/44f0c5bf73c45df6009365141faa394d73596bd7\"\u003e\u003ccode\u003e44f0c5b\u003c/code\u003e\u003c/a\u003e chore: change sponsorship link and add Twicsy advertisement (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10869\"\u003e#10869\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/64e1095efedc64c9fecf5176bd9cf2e5e93140d6\"\u003e\u003ccode\u003e64e1095\u003c/code\u003e\u003c/a\u003e chore: update PR and issue template to use h2 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10865\"\u003e#10865\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/3e6b4e1f311b43aa1dc77d78150a601d9fe4b280\"\u003e\u003ccode\u003e3e6b4e1\u003c/code\u003e\u003c/a\u003e fix: error unexpected token in fetch JS compatibility issue with Webpack 4 (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/c4453bab70f53575175903aee60810c821f72129\"\u003e\u003ccode\u003ec4453ba\u003c/code\u003e\u003c/a\u003e fix: add t...\n\n_Description has been truncated_","html_url":"https://github.com/HarleyCoops/rowboat/pull/2","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/HarleyCoops%2Frowboat/issues/2","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2/packages"},{"uuid":"4437096936","node_id":"PR_kwDOQ1tNM87bEwVq","number":15,"state":"closed","title":"chore(deps): bump the npm_and_yarn group across 2 directories with 22 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-22T10:42:06.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-13T10:33:31.000Z","updated_at":"2026-05-22T10:42:08.000Z","time_to_close":778115,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"npm_and_yarn","update_count":22,"packages":[{"name":"simple-git","old_version":"3.28.0","new_version":"3.36.0","repository_url":"https://github.com/steveukx/git-js"},{"name":"tar","old_version":"7.5.2","new_version":"7.5.11","repository_url":"https://github.com/isaacs/node-tar"},{"name":"uuid","old_version":"13.0.0","new_version":"14.0.0","repository_url":"https://github.com/uuidjs/uuid"},{"name":"@modelcontextprotocol/sdk","old_version":"1.23.0","new_version":"1.29.0","repository_url":"https://github.com/modelcontextprotocol/typescript-sdk"},{"name":"diff","old_version":"7.0.0","new_version":"9.0.0","repository_url":"https://github.com/kpdecker/jsdiff"},{"name":"undici","old_version":"7.15.0","new_version":"7.25.0","repository_url":"https://github.com/nodejs/undici"},{"name":"ajv","old_version":"8.17.1","new_version":"8.18.0","repository_url":"https://github.com/ajv-validator/ajv"},{"name":"picomatch","old_version":"4.0.3","new_version":"4.0.4","repository_url":"https://github.com/micromatch/picomatch"},{"name":"@isaacs/brace-expansion","old_version":"5.0.0","new_version":"5.0.1"},{"name":"brace-expansion","old_version":"1.1.12","new_version":"1.1.14","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"minimatch","old_version":"3.1.2","new_version":"3.1.5","repository_url":"https://github.com/isaacs/minimatch"},{"name":"fast-uri","old_version":"3.0.6","new_version":"3.1.2","repository_url":"https://github.com/fastify/fast-uri"},{"name":"fast-xml-parser","old_version":"4.5.3","new_version":"5.8.0","repository_url":"https://github.com/NaturalIntelligence/fast-xml-parser"},{"name":"flatted","old_version":"3.3.3","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"jws","old_version":"4.0.0","new_version":"4.0.1","repository_url":"https://github.com/brianloveswords/node-jws"},{"name":"jws","old_version":"3.2.2","new_version":"3.2.3","repository_url":"https://github.com/brianloveswords/node-jws"},{"name":"lodash","old_version":"4.17.21","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"rollup","old_version":"4.53.2","new_version":"4.60.3","repository_url":"https://github.com/rollup/rollup"},{"name":"vite","old_version":"7.2.2","new_version":"7.3.3","repository_url":"https://github.com/vitejs/vite"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 18 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [simple-git](https://github.com/steveukx/git-js/tree/HEAD/simple-git) | `3.28.0` | `3.36.0` |\n| [tar](https://github.com/isaacs/node-tar) | `7.5.2` | `7.5.11` |\n| [uuid](https://github.com/uuidjs/uuid) | `13.0.0` | `14.0.0` |\n| [@modelcontextprotocol/sdk](https://github.com/modelcontextprotocol/typescript-sdk) | `1.23.0` | `1.29.0` |\n| [diff](https://github.com/kpdecker/jsdiff) | `7.0.0` | `9.0.0` |\n| [undici](https://github.com/nodejs/undici) | `7.15.0` | `7.25.0` |\n| [ajv](https://github.com/ajv-validator/ajv) | `8.17.1` | `8.18.0` |\n| [picomatch](https://github.com/micromatch/picomatch) | `4.0.3` | `4.0.4` |\n| @isaacs/brace-expansion | `5.0.0` | `5.0.1` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.12` | `1.1.14` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [fast-uri](https://github.com/fastify/fast-uri) | `3.0.6` | `3.1.2` |\n| [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) | `4.5.3` | `5.8.0` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` |\n| [jws](https://github.com/brianloveswords/node-jws) | `4.0.0` | `4.0.1` |\n| [jws](https://github.com/brianloveswords/node-jws) | `3.2.2` | `3.2.3` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [rollup](https://github.com/rollup/rollup) | `4.53.2` | `4.60.3` |\n| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `7.2.2` | `7.3.3` |\n\nBumps the npm_and_yarn group with 2 updates in the /packages/core directory: [uuid](https://github.com/uuidjs/uuid) and [diff](https://github.com/kpdecker/jsdiff).\n\nUpdates `simple-git` from 3.28.0 to 3.36.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/steveukx/git-js/releases\"\u003esimple-git's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003esimple-git@3.36.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e89a2294: Extend known exploitable configuration keys and per-task environment variables.\u003c/p\u003e\n\u003cp\u003eNote - \u003ccode\u003eParsedVulnerabilities\u003c/code\u003e from \u003ccode\u003eargv-parser\u003c/code\u003e is removed in favour of a readonly array of \u003ccode\u003eVulnerability\u003c/code\u003e to match usage in \u003ccode\u003esimple-git\u003c/code\u003e, rolled into the new \u003ccode\u003evulnerabilityCheck\u003c/code\u003e for simpler access to the identified issues.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/zebbern\"\u003e\u003ccode\u003e@​zebbern\u003c/code\u003e\u003c/a\u003e for identifying the need to block \u003ccode\u003ecore.fsmonitor\u003c/code\u003e.\nThanks to \u003ca href=\"https://github.com/kodareef5\"\u003e\u003ccode\u003e@​kodareef5\u003c/code\u003e\u003c/a\u003e for identifying the need to block \u003ccode\u003eGIT_CONFIG_COUNT\u003c/code\u003e environment variables and \u003ccode\u003e--template\u003c/code\u003e / \u003ccode\u003emerge\u003c/code\u003e related config.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e1ad57e8: Remove conflicting node:buffer import\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [89a2294]\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [675570a]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/argv-parser\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.1.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/args-pathspec\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esimple-git@3.35.2\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e0cf9d8c: Improvements for mono-repo publishing pipeline\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [0cf9d8c]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/args-pathspec\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.2\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/argv-parser\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esimple-git@3.35.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e0de400e: Update monorepo version handling during publish\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [0de400e]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/argv-parser\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.2\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esimple-git@3.33.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ea263635: Use \u003ccode\u003epathspec\u003c/code\u003e wrappers for remote and local paths when running either \u003ccode\u003egit.clone\u003c/code\u003e or \u003ccode\u003egit.mirror\u003c/code\u003e to\navoid leaving them less open for unexpected outcomes when passing unsanitised data into these tasks.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003ee253a0d: Enhanced \u003ccode\u003egit -c\u003c/code\u003e checks in \u003ccode\u003eunsafe\u003c/code\u003e plugin.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/JohannesLks\"\u003e\u003ccode\u003e@​JohannesLks\u003c/code\u003e\u003c/a\u003e for identifying the issue\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esimple-git@3.32.3\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ef704208: Enhanced \u003ccode\u003eprotocol.allow\u003c/code\u003e checks in \u003ccode\u003eallowUnsafeExtProtocol\u003c/code\u003e handling.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/steveukx/git-js/blob/main/simple-git/CHANGELOG.md\"\u003esimple-git's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.36.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e89a2294: Extend known exploitable configuration keys and per-task environment variables.\u003c/p\u003e\n\u003cp\u003eNote - \u003ccode\u003eParsedVulnerabilities\u003c/code\u003e from \u003ccode\u003eargv-parser\u003c/code\u003e is removed in favour of a readonly array of \u003ccode\u003eVulnerability\u003c/code\u003e to match usage in \u003ccode\u003esimple-git\u003c/code\u003e, rolled into the new \u003ccode\u003evulnerabilityCheck\u003c/code\u003e for simpler access to the identified issues.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/zebbern\"\u003e\u003ccode\u003e@​zebbern\u003c/code\u003e\u003c/a\u003e for identifying the need to block \u003ccode\u003ecore.fsmonitor\u003c/code\u003e.\nThanks to \u003ca href=\"https://github.com/kodareef5\"\u003e\u003ccode\u003e@​kodareef5\u003c/code\u003e\u003c/a\u003e for identifying the need to block \u003ccode\u003eGIT_CONFIG_COUNT\u003c/code\u003e environment variables and \u003ccode\u003e--template\u003c/code\u003e / \u003ccode\u003emerge\u003c/code\u003e related config.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e1ad57e8: Remove conflicting node:buffer import\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [89a2294]\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [675570a]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/argv-parser\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.1.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/args-pathspec\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.35.2\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e0cf9d8c: Improvements for mono-repo publishing pipeline\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [0cf9d8c]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/args-pathspec\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.2\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/argv-parser\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.35.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e0de400e: Update monorepo version handling during publish\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [0de400e]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/argv-parser\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.2\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.35.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e3d8708b: Updating publish config\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated dependencies [3d8708b]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/args-pathspec\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.1\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/argv-parser\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.34.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/7dc1a532a9ec92fb08c93202954be73175b07d83\"\u003e\u003ccode\u003e7dc1a53\u003c/code\u003e\u003c/a\u003e Version Packages\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/76f5376bd418cb8baf5ec32757af442d47128e22\"\u003e\u003ccode\u003e76f5376\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://github.com/steveukx/git-js/tree/HEAD/simple-git/issues/1061\"\u003e#1061\u003c/a\u003e from Vinzent03/fix/buffer-import\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/89a2294febed5dfe737c4c735d936bb6018746a8\"\u003e\u003ccode\u003e89a2294\u003c/code\u003e\u003c/a\u003e Environment Parsing (\u003ca href=\"https://github.com/steveukx/git-js/tree/HEAD/simple-git/issues/1156\"\u003e#1156\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/1b91b762f047777ca6686f34ac3f7b8a543a4780\"\u003e\u003ccode\u003e1b91b76\u003c/code\u003e\u003c/a\u003e fix: remove explicit node:buffer import\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/e390685960a3461875dce89d87ab80e3143d79fe\"\u003e\u003ccode\u003ee390685\u003c/code\u003e\u003c/a\u003e Version Packages\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/3c9e4b8309667d0cb4102cda770f92075fc781dd\"\u003e\u003ccode\u003e3c9e4b8\u003c/code\u003e\u003c/a\u003e Pin version of \u003ccode\u003e@​simple-git/args-pathspec\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/94ee21fd5a2a6182fbf0f218a5efca2057b567cd\"\u003e\u003ccode\u003e94ee21f\u003c/code\u003e\u003c/a\u003e Export \u003ccode\u003epathspec\u003c/code\u003e types through \u003ccode\u003esimple-git\u003c/code\u003e for backward compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/6d7cb5174273aa33d131172d3770cb386e795171\"\u003e\u003ccode\u003e6d7cb51\u003c/code\u003e\u003c/a\u003e Version Packages\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/0de400e7b014a48113acf673b3409a95b9c87a15\"\u003e\u003ccode\u003e0de400e\u003c/code\u003e\u003c/a\u003e Switch to semver from workspace revisions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/2264722abcb637042dd4cc50d903d69e4ee14b38\"\u003e\u003ccode\u003e2264722\u003c/code\u003e\u003c/a\u003e Version Packages\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/steveukx/git-js/commits/simple-git@3.36.0/simple-git\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for simple-git since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `tar` from 7.5.2 to 7.5.11\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/bf776f673164215074b62749e0fe80e5834588f4\"\u003e\u003ccode\u003ebf776f6\u003c/code\u003e\u003c/a\u003e 7.5.11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/f48b5fa3b7985ddab96dc0f2125a4ffc9911b6ad\"\u003e\u003ccode\u003ef48b5fa\u003c/code\u003e\u003c/a\u003e prevent escaping symlinks with drive-relative paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/97cff15d3539a37a4095eb3d287147d9d77c2dc3\"\u003e\u003ccode\u003e97cff15\u003c/code\u003e\u003c/a\u003e docs: more security info\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/2b72abc1d47c3570e1ad95c9ab557fc4c2e6e4b1\"\u003e\u003ccode\u003e2b72abc\u003c/code\u003e\u003c/a\u003e 7.5.10\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/7bc755dd85e623c0279e08eb3784909e6d7e4b9f\"\u003e\u003ccode\u003e7bc755d\u003c/code\u003e\u003c/a\u003e parse root off paths before sanitizing .. parts\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/c8cb84629dee649feedde03f2f4ea48f2e44e778\"\u003e\u003ccode\u003ec8cb846\u003c/code\u003e\u003c/a\u003e update deps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/1f0c2c9006b10199cf2686f8ef43e79a1773e1aa\"\u003e\u003ccode\u003e1f0c2c9\u003c/code\u003e\u003c/a\u003e 7.5.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/fbb08518bf290733b68ca4d4135f75becf73fd75\"\u003e\u003ccode\u003efbb0851\u003c/code\u003e\u003c/a\u003e build minified version as default export\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/6b8eba0ef367ac937e703238daa6df94ae6f823f\"\u003e\u003ccode\u003e6b8eba0\u003c/code\u003e\u003c/a\u003e 7.5.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/2cb1120bcefe28d7ecc719b41441ade59c52e384\"\u003e\u003ccode\u003e2cb1120\u003c/code\u003e\u003c/a\u003e fix(unpack): improve UnpackSync symlink error \u0026quot;into\u0026quot; path accuracy\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/node-tar/compare/v7.5.2...v7.5.11\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~isaacs\"\u003eisaacs\u003c/a\u003e, a new releaser for tar since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `uuid` from 13.0.0 to 14.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/uuidjs/uuid/releases\"\u003euuid's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev14.0.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v14.0.0\"\u003e14.0.0\u003c/a\u003e (2026-04-19)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eexpect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/dc4ddb87272ed2843faccd130bcc41d492688bd3\"\u003edc4ddb8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eexpect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/f2c235f93059325fa43e1106e624b5291bb523c4\"\u003ef2c235f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse GITHUB_TOKEN for release-please and enable npm provenance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/925\"\u003e#925\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/ffa31383e8e4e1f0b4e22e504561272041b8738c\"\u003effa3138\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.2\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.1...v13.0.2\"\u003e13.0.2\u003c/a\u003e (2026-05-04)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ererelease to fix provenance. (\u003ca href=\"https://github.com/uuidjs/uuid/commit/49ccb35f78c0c4ce1409dd2f1d89f83caadba10b\"\u003e49ccb35\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v13.0.1\"\u003e13.0.1\u003c/a\u003e (2026-04-27)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebackport fix for GHSA-w5hq-g745-h8pq (\u003ca href=\"https://github.com/uuidjs/uuid/commit/9d27ddf7046ce496ef39569ff84d948eeff9cb2a\"\u003e9d27ddf\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md\"\u003euuid's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v14.0.0\"\u003e14.0.0\u003c/a\u003e (2026-04-19)\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixes \u003ca href=\"https://github.com/uuidjs/uuid/security/advisories/GHSA-w5hq-g745-h8pq\"\u003eGHSA-w5hq-g745-h8pq\u003c/a\u003e: \u003ccode\u003ev3()\u003c/code\u003e, \u003ccode\u003ev5()\u003c/code\u003e, and \u003ccode\u003ev6()\u003c/code\u003e did not validate that writes would remain within the bounds of a caller-supplied buffer, allowing out-of-bounds writes when an invalid \u003ccode\u003eoffset\u003c/code\u003e was provided. A \u003ccode\u003eRangeError\u003c/code\u003e is now thrown if \u003ccode\u003eoffset \u0026lt; 0\u003c/code\u003e or \u003ccode\u003eoffset + 16 \u0026gt; buf.length\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ecrypto\u003c/code\u003e is now expected to be globally defined (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade minimum supported TypeScript version to 5.4.3, in keeping with the project's policy of supporting TypeScript versions released within the last two years\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/7c1ea087a8149b57380fc8bb7f68c3a215cb6e4b\"\u003e\u003ccode\u003e7c1ea08\u003c/code\u003e\u003c/a\u003e chore(main): release 14.0.0 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/926\"\u003e#926\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/3d2c5b0342f0fcb52a5ac681c3d47c13e7444b34\"\u003e\u003ccode\u003e3d2c5b0\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/f2c235f93059325fa43e1106e624b5291bb523c4\"\u003e\u003ccode\u003ef2c235f\u003c/code\u003e\u003c/a\u003e fix!: expect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/529ef0899f5dd503d2ee90d690585d63d78bc212\"\u003e\u003ccode\u003e529ef08\u003c/code\u003e\u003c/a\u003e chore: upgrade TypeScript and fixup types (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/927\"\u003e#927\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/086fd7976f11433edf9ac80be876b3ad243fe087\"\u003e\u003ccode\u003e086fd79\u003c/code\u003e\u003c/a\u003e chore: update dependencies (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/933\"\u003e#933\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/dc4ddb87272ed2843faccd130bcc41d492688bd3\"\u003e\u003ccode\u003edc4ddb8\u003c/code\u003e\u003c/a\u003e feat!: drop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/0f1f9c9c9cedbae5a1d363d5406c5dfbabe81404\"\u003e\u003ccode\u003e0f1f9c9\u003c/code\u003e\u003c/a\u003e chore: switch to Biome for parsing and linting (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/932\"\u003e#932\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/e2879e64bf125add903c1eff6e0860542c605013\"\u003e\u003ccode\u003ee2879e6\u003c/code\u003e\u003c/a\u003e chore: use maintained version of npm-run-all (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/930\"\u003e#930\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/ffa31383e8e4e1f0b4e22e504561272041b8738c\"\u003e\u003ccode\u003effa3138\u003c/code\u003e\u003c/a\u003e fix: Use GITHUB_TOKEN for release-please and enable npm provenance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/925\"\u003e#925\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/0423d49df2dc8efc300c804731d25f4d7e0fccc4\"\u003e\u003ccode\u003e0423d49\u003c/code\u003e\u003c/a\u003e docs: remove obsolete v1 option notes (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/915\"\u003e#915\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v14.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for uuid since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@modelcontextprotocol/sdk` from 1.23.0 to 1.29.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/releases\"\u003e@​modelcontextprotocol/sdk's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.29.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: treat v1.x as primary branch for npm latest tag (backport \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1577\"\u003e#1577\u003c/a\u003e) by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1749\"\u003emodelcontextprotocol/typescript-sdk#1749\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[v1.x] fix: disallow null (infinite) requested TTL by \u003ca href=\"https://github.com/LucaButBoring\"\u003e\u003ccode\u003e@​LucaButBoring\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1339\"\u003emodelcontextprotocol/typescript-sdk#1339\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[v1.x] fix: add missing size field to ResourceSchema by \u003ca href=\"https://github.com/olaservo\"\u003e\u003ccode\u003e@​olaservo\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1575\"\u003emodelcontextprotocol/typescript-sdk#1575\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd typings exports by \u003ca href=\"https://github.com/tdraier\"\u003e\u003ccode\u003e@​tdraier\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1623\"\u003emodelcontextprotocol/typescript-sdk#1623\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev1.x npm audit fix by \u003ca href=\"https://github.com/KKonstantinov\"\u003e\u003ccode\u003e@​KKonstantinov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1780\"\u003emodelcontextprotocol/typescript-sdk#1780\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev1.x \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1623\"\u003e#1623\u003c/a\u003e follow up -add missing types to package.json by \u003ca href=\"https://github.com/KKonstantinov\"\u003e\u003ccode\u003e@​KKonstantinov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1773\"\u003emodelcontextprotocol/typescript-sdk#1773\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[v1.x backport] Allow servers / clients to advertise extensions in the capability object by \u003ca href=\"https://github.com/localden\"\u003e\u003ccode\u003e@​localden\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1811\"\u003emodelcontextprotocol/typescript-sdk#1811\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(stdio): always set windowsHide on Windows, not just in Electron by \u003ca href=\"https://github.com/jnMetaCode\"\u003e\u003ccode\u003e@​jnMetaCode\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1640\"\u003emodelcontextprotocol/typescript-sdk#1640\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: bump version to 1.29.0 by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1820\"\u003emodelcontextprotocol/typescript-sdk#1820\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tdraier\"\u003e\u003ccode\u003e@​tdraier\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1623\"\u003emodelcontextprotocol/typescript-sdk#1623\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jnMetaCode\"\u003e\u003ccode\u003e@​jnMetaCode\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1640\"\u003emodelcontextprotocol/typescript-sdk#1640\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/v1.28.0...v1.29.0\"\u003ehttps://github.com/modelcontextprotocol/typescript-sdk/compare/v1.28.0...v1.29.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.28.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: use scopes_supported from resource metadata by default (fixes \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/580\"\u003e#580\u003c/a\u003e) by \u003ca href=\"https://github.com/antogyn\"\u003e\u003ccode\u003e@​antogyn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/757\"\u003emodelcontextprotocol/typescript-sdk#757\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[v1.x backport] Default to client_secret_basic when server omits token_endpoint_auth_methods_supported by \u003ca href=\"https://github.com/pcarleton\"\u003e\u003ccode\u003e@​pcarleton\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1611\"\u003emodelcontextprotocol/typescript-sdk#1611\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: reject plain JSON Schema objects passed as inputSchema by \u003ca href=\"https://github.com/tiluckdave\"\u003e\u003ccode\u003e@​tiluckdave\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1596\"\u003emodelcontextprotocol/typescript-sdk#1596\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: clear _timeoutInfo in _onclose() and scope .finally() abort controller cleanup by \u003ca href=\"https://github.com/pcarleton\"\u003e\u003ccode\u003e@​pcarleton\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1462\"\u003emodelcontextprotocol/typescript-sdk#1462\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(server/auth): RFC 8252 loopback port relaxation by \u003ca href=\"https://github.com/poteat\"\u003e\u003ccode\u003e@​poteat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1738\"\u003emodelcontextprotocol/typescript-sdk#1738\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: bump version to 1.28.0 by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1746\"\u003emodelcontextprotocol/typescript-sdk#1746\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/antogyn\"\u003e\u003ccode\u003e@​antogyn\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/757\"\u003emodelcontextprotocol/typescript-sdk#757\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tiluckdave\"\u003e\u003ccode\u003e@​tiluckdave\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1596\"\u003emodelcontextprotocol/typescript-sdk#1596\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/poteat\"\u003e\u003ccode\u003e@​poteat\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1738\"\u003emodelcontextprotocol/typescript-sdk#1738\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/v1.27.1...v1.28.0\"\u003ehttps://github.com/modelcontextprotocol/typescript-sdk/compare/v1.27.1...v1.28.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.27.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: implement auth/pre-registration conformance scenario by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1545\"\u003emodelcontextprotocol/typescript-sdk#1545\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: add governance documentation for SEP-1730 by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1547\"\u003emodelcontextprotocol/typescript-sdk#1547\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: comprehensive feature documentation for SEP-1730 Tier 1 by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1548\"\u003emodelcontextprotocol/typescript-sdk#1548\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: prevent command injection in example URL opening (v1.x backport) by \u003ca href=\"https://github.com/maxisbey\"\u003e\u003ccode\u003e@​maxisbey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1579\"\u003emodelcontextprotocol/typescript-sdk#1579\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: call onerror for silently swallowed transport errors by \u003ca href=\"https://github.com/qing-ant\"\u003e\u003ccode\u003e@​qing-ant\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1580\"\u003emodelcontextprotocol/typescript-sdk#1580\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: bump version to 1.27.1 by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1581\"\u003emodelcontextprotocol/typescript-sdk#1581\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qing-ant\"\u003e\u003ccode\u003e@​qing-ant\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1580\"\u003emodelcontextprotocol/typescript-sdk#1580\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/v1.27.0...v1.27.1\"\u003ehttps://github.com/modelcontextprotocol/typescript-sdk/compare/v1.27.0...v1.27.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.27.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/e12cbd7078db388152f6e839abdbe09ba01f3f32\"\u003e\u003ccode\u003ee12cbd7\u003c/code\u003e\u003c/a\u003e chore: bump version to 1.29.0 (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1820\"\u003e#1820\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/3913fd4443a86536155e3ebef9edd2045c372c1e\"\u003e\u003ccode\u003e3913fd4\u003c/code\u003e\u003c/a\u003e fix(stdio): always set windowsHide on Windows, not just in Electron (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1640\"\u003e#1640\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/5608e78dd0d4ca6cd7dd03278419578f1780365a\"\u003e\u003ccode\u003e5608e78\u003c/code\u003e\u003c/a\u003e [v1.x backport] Allow servers / clients to advertise extensions in the capabi...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/7213816788e634ffb9d09affe50f0295093bfb73\"\u003e\u003ccode\u003e7213816\u003c/code\u003e\u003c/a\u003e v1.x \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1623\"\u003e#1623\u003c/a\u003e follow up -add missing types to package.json (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1773\"\u003e#1773\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/364f38ca2d8895aed7c37b7a0a1031bb7ae4841c\"\u003e\u003ccode\u003e364f38c\u003c/code\u003e\u003c/a\u003e v1.x npm audit fix (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1780\"\u003e#1780\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/c95cc0943b045517e4cc414baf1f168b216c3142\"\u003e\u003ccode\u003ec95cc09\u003c/code\u003e\u003c/a\u003e Add typings exports (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1623\"\u003e#1623\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/ddadaa6cc633fb5db0c094bf031b15b68a357820\"\u003e\u003ccode\u003eddadaa6\u003c/code\u003e\u003c/a\u003e [v1.x] fix: add missing size field to ResourceSchema (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1575\"\u003e#1575\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/2a158513028d9f862c4188b6957e78cd5663f26b\"\u003e\u003ccode\u003e2a15851\u003c/code\u003e\u003c/a\u003e [v1.x] fix: disallow null (infinite) requested TTL (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1339\"\u003e#1339\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/13e30f1d36de8442417fec695983bdb155c00768\"\u003e\u003ccode\u003e13e30f1\u003c/code\u003e\u003c/a\u003e fix: treat v1.x as primary branch for npm latest tag (backport \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1577\"\u003e#1577\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1749\"\u003e#1749\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/a0565695218544fc53e99bf5b544a887d373cefa\"\u003e\u003ccode\u003ea056569\u003c/code\u003e\u003c/a\u003e chore: bump version to 1.28.0 (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1746\"\u003e#1746\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/1.23.0...v1.29.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `diff` from 7.0.0 to 9.0.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kpdecker/jsdiff/blob/master/release-notes.md\"\u003ediff's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e9.0.0\u003c/h2\u003e\n\u003cp\u003e(All changes part of PR \u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/672\"\u003e#672\u003c/a\u003e.)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eES5 support is dropped\u003c/strong\u003e. \u003ccode\u003eparsePatch\u003c/code\u003e now uses \u003ccode\u003eTextDecoder\u003c/code\u003e and \u003ccode\u003eUint8Array\u003c/code\u003e, which are not available in ES5, and TypeScript is now compiled with the \u0026quot;es6\u0026quot; \u003ccode\u003etarget\u003c/code\u003e. From now on, I intend to freely use any features that are deemed \u0026quot;Widely available\u0026quot; by \u003ca href=\"https://web.dev/baseline\"\u003eBaseline\u003c/a\u003e. Users who need ES5 support should stick to version 8.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eC-style quoted strings in filename headers are now properly supported\u003c/strong\u003e.\u003c/p\u003e\n\u003cp\u003eWhen the name of either the old or new file in a patch contains \u0026quot;special characters\u0026quot;, both GNU \u003ccode\u003ediff\u003c/code\u003e and Git quote the filename in the patch's headers and escape special characters using the same escape sequences that are used in string literals in C, including octal escapes for all non-ASCII characters. Previously, jsdiff had very little support for this; \u003ccode\u003eparsePatch\u003c/code\u003e would remove the quotes, and unescape any escaped backslashes, but would not unescape other escape sequences. \u003ccode\u003eformatPatch\u003c/code\u003e, meanwhile, did not quote or escape special characters at all.\u003c/p\u003e\n\u003cp\u003eNow, \u003ccode\u003eparsePatch\u003c/code\u003e parses all the possible escape sequences that GNU diff (or Git) ever output, and \u003ccode\u003eformatPatch\u003c/code\u003e quotes and escapes filenames containing special characters in the same way GNU diff does.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003eformatPatch\u003c/code\u003e now omits file headers when \u003ccode\u003eoldFileName\u003c/code\u003e or \u003ccode\u003enewFileName\u003c/code\u003e in the provided patch object are \u003ccode\u003eundefined\u003c/code\u003e\u003c/strong\u003e, regardless of the \u003ccode\u003eheaderOptions\u003c/code\u003e parameter. (Previously, it would treat the absence of \u003ccode\u003eoldFileName\u003c/code\u003e or \u003ccode\u003enewFileName\u003c/code\u003e as indicating the filename was the word \u0026quot;undefined\u0026quot; and emit headers \u003ccode\u003e--- undefined\u003c/code\u003e / \u003ccode\u003e+++ undefined\u003c/code\u003e.)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003eformatPatch\u003c/code\u003e no longer outputs trailing tab characters at the end of \u003ccode\u003e---\u003c/code\u003e/\u003ccode\u003e+++\u003c/code\u003e headers.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003ePreviously, if \u003ccode\u003eformatPatch\u003c/code\u003e was passed a patch object to serialize that had empty strings for the \u003ccode\u003eoldHeader\u003c/code\u003e or \u003ccode\u003enewHeader\u003c/code\u003e property, it would include a trailing tab character after the filename in the \u003ccode\u003e---\u003c/code\u003e and/or \u003ccode\u003e+++\u003c/code\u003e file header. Now, this scenario is treated the same as when \u003ccode\u003eoldHeader\u003c/code\u003e/\u003ccode\u003enewHeader\u003c/code\u003e is \u003ccode\u003eundefined\u003c/code\u003e - i.e. the trailing tab is omitted.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003eformatPatch\u003c/code\u003e no longer mutates its input\u003c/strong\u003e when serializing a patch containing a hunk where either the old or new content contained zero lines. (Such a hunk occurs only when the hunk has no context lines and represents a pure insertion or pure deletion, which for instance will occur whenever one of the two files being diffed is completely empty.) Previously \u003ccode\u003eformatPatch\u003c/code\u003e would provide the correct output but also mutate the \u003ccode\u003eoldLines\u003c/code\u003e or \u003ccode\u003enewLines\u003c/code\u003e property on the hunk, changing the meaning of the underlying patch.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eGit-style patches are now supported by \u003ccode\u003eparsePatch\u003c/code\u003e, \u003ccode\u003eformatPatch\u003c/code\u003e, and \u003ccode\u003ereversePatch\u003c/code\u003e\u003c/strong\u003e.\u003c/p\u003e\n\u003cp\u003ePatches output by \u003ccode\u003egit diff\u003c/code\u003e can include some features that are unlike those output by GNU \u003ccode\u003ediff\u003c/code\u003e, and therefore not handled by an ordinary unified diff format parser. An ordinary diff simply describes the differences between the \u003cem\u003econtent\u003c/em\u003e of two files, but Git diffs can also indicate, via \u0026quot;extended headers\u0026quot;, the creation or deletion of (potentially empty) files, indicate that a file was renamed, and contain information about file mode changes. Furthermore, when these changes appear in a diff in the absence of a content change (e.g. when an empty file is created, or a file is renamed without content changes), the patch will contain no associated \u003ccode\u003e---\u003c/code\u003e/\u003ccode\u003e+++\u003c/code\u003e file headers nor any hunks.\u003c/p\u003e\n\u003cp\u003ejsdiff previously did not support parsing Git's extended headers, nor hunkless patches. Now \u003ccode\u003eparsePatch\u003c/code\u003e parses some of the extended headers, parses hunkless Git patches, and can determine filenames (e.g. from the extended headers) when parsing a patch that includes no \u003ccode\u003e---\u003c/code\u003e or \u003ccode\u003e+++\u003c/code\u003e file headers. The additional information conveyed by the extended headers we support is recorded on new fields on the result object returned by \u003ccode\u003eparsePatch\u003c/code\u003e. See \u003ccode\u003eisGit\u003c/code\u003e and subsequent properties in the docs in the README.md file.\u003c/p\u003e\n\u003cp\u003e\u003ccode\u003eformatPatch\u003c/code\u003e now outputs extended headers based on these new Git-specific properties, and \u003ccode\u003ereversePatch\u003c/code\u003e respects them as far as possible (with one unavoidable caveat noted in the README.md file).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eUnpaired file headers now cause \u003ccode\u003eparsePatch\u003c/code\u003e to throw\u003c/strong\u003e.\u003c/p\u003e\n\u003cp\u003eIt remains acceptable to have a patch with no file headers whatsoever (e.g. one that begins with a \u003ccode\u003e@@\u003c/code\u003e hunk header on the very first line), but a patch with \u003cem\u003eonly\u003c/em\u003e a \u003ccode\u003e---\u003c/code\u003e header or only a \u003ccode\u003e+++\u003c/code\u003e header is now considered an error.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003eparsePatch\u003c/code\u003e is now more tolerant of \u0026quot;trailing garbage\u0026quot;\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eThat is: after a patch, or between files/indexes in a patch, it is now acceptable to have arbitrary lines of \u0026quot;garbage\u0026quot; (so long as they unambiguously have no syntactic meaning - e.g. trailing garbage that leads with a \u003ccode\u003e+\u003c/code\u003e, \u003ccode\u003e-\u003c/code\u003e, or \u003ccode\u003e \u003c/code\u003e and thus is interpretable as part of a hunk still triggers a throw).\u003c/p\u003e\n\u003cp\u003eThis means we no longer reject patches output by tools that include extra data in \u0026quot;garbage\u0026quot; lines not understood by generic unified diff parsers. (For example, SVN patches can include \u0026quot;Property changes on:\u0026quot; lines that generic unified diff parsers should discard as garbage; jsdiff previously threw errors when encountering them.)\u003c/p\u003e\n\u003cp\u003eThis change brings jsdiff's behaviour more in line with GNU \u003ccode\u003epatch\u003c/code\u003e, which is highly permissive of \u0026quot;garbage\u0026quot;.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eThe \u003ccode\u003eoldFileName\u003c/code\u003e and \u003ccode\u003enewFileName\u003c/code\u003e fields of \u003ccode\u003eStructuredPatch\u003c/code\u003e are now typed as \u003ccode\u003estring | undefined\u003c/code\u003e instead of \u003ccode\u003estring\u003c/code\u003e\u003c/strong\u003e. This type change reflects the (pre-existing) reality that \u003ccode\u003eparsePatch\u003c/code\u003e can produce patches without filenames (e.g. when parsing a patch that simply contains hunks with no file headers).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.0.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/667\"\u003e#667\u003c/a\u003e - \u003cstrong\u003efix another bug in \u003ccode\u003ediffWords\u003c/code\u003e when used with an \u003ccode\u003eIntl.Segmenter\u003c/code\u003e\u003c/strong\u003e. If the text to be diffed included a combining mark after a whitespace character (i.e. roughly speaking, an accented space), \u003ccode\u003ediffWords\u003c/code\u003e would previously crash. Now this case is handled correctly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.0.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/631\"\u003e#631\u003c/a\u003e - \u003cstrong\u003efix support for using an \u003ccode\u003eIntl.Segmenter\u003c/code\u003e with \u003ccode\u003ediffWords\u003c/code\u003e\u003c/strong\u003e. This has been almost completely broken since the feature was added in v6.0.0, since it would outright crash on any text that featured two consecutive newlines between a pair of words (a very common case).\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/635\"\u003e#635\u003c/a\u003e - \u003cstrong\u003esmall tweaks to tokenization behaviour of \u003ccode\u003ediffWords\u003c/code\u003e\u003c/strong\u003e when used \u003cem\u003ewithout\u003c/em\u003e an \u003ccode\u003eIntl.Segmenter\u003c/code\u003e. Specifically, the soft hyphen (U+00AD) is no longer considered to be a word break, and the multiplication and division signs (\u003ccode\u003e×\u003c/code\u003e and \u003ccode\u003e÷\u003c/code\u003e) are now treated as punctuation instead of as letters / word characters.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/ed13aca03aa25735fafc0645d1185e7a1c68fd8c\"\u003e\u003ccode\u003eed13aca\u003c/code\u003e\u003c/a\u003e Update version in package.json and in release notes (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/683\"\u003e#683\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/7a49317b503a932b88fc72ad9c57a481df038e24\"\u003e\u003ccode\u003e7a49317\u003c/code\u003e\u003c/a\u003e Bump dependencies again (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/682\"\u003e#682\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/afe5aecad189c9f5941ad3feb3c94c46b32ecb0a\"\u003e\u003ccode\u003eafe5aec\u003c/code\u003e\u003c/a\u003e Add Git support, and otherwise variously improve \u0026amp; fix parsePatch (and other ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/2e46779d8866ce7da1303a03db33ed038590c6f6\"\u003e\u003ccode\u003e2e46779\u003c/code\u003e\u003c/a\u003e Fix a typo (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/679\"\u003e#679\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/dd2f99497703a1540b2ae406b51c49b74b5fc1a1\"\u003e\u003ccode\u003edd2f994\u003c/code\u003e\u003c/a\u003e 8.0.4 release (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/678\"\u003e#678\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/3cc438434db53c5d1c40412b727ea7650f6f145a\"\u003e\u003ccode\u003e3cc4384\u003c/code\u003e\u003c/a\u003e Update docs on releasing to reflect migration to yarn berry (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/677\"\u003e#677\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/6fc2aa6b7672af08774b50aae00d97b99c5b5715\"\u003e\u003ccode\u003e6fc2aa6\u003c/code\u003e\u003c/a\u003e yarn up '*' \u0026amp;\u0026amp; yarn up -R '**' (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/676\"\u003e#676\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/af7393ac3404565dc8da655c2e7aeeed28c01ff7\"\u003e\u003ccode\u003eaf7393a\u003c/code\u003e\u003c/a\u003e yarn up '*' \u0026amp;\u0026amp; yarn up -R '**' (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/670\"\u003e#670\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/4b5d1800370bf29b61a3378fb8086aeb231d3ef7\"\u003e\u003ccode\u003e4b5d180\u003c/code\u003e\u003c/a\u003e Fix another bug in diffWords's \u0026quot;intlSegmenter\u0026quot; mode (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/667\"\u003e#667\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/10da50c466709e7bd4b192dac96af0af46f8b7bd\"\u003e\u003ccode\u003e10da50c\u003c/code\u003e\u003c/a\u003e yarn up '*' \u0026amp;\u0026amp; yarn up -R '**' (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/666\"\u003e#666\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kpdecker/jsdiff/compare/7.0.0...v9.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `undici` from 7.15.0 to 7.25.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodejs/undici/releases\"\u003eundici's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.25.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.24.8...v7.25.0\"\u003ehttps://github.com/nodejs/undici/compare/v7.24.8...v7.25.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.24.8\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: backport 401 stream-backed body fix to v7.x by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/5006\"\u003enodejs/undici#5006\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.24.7...v7.24.8\"\u003ehttps://github.com/nodejs/undici/compare/v7.24.7...v7.24.8\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.24.7\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: update broken links in file \u0026quot;Dispatcher.md\u0026quot; by \u003ca href=\"https://github.com/samuel871211\"\u003e\u003ccode\u003e@​samuel871211\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4924\"\u003enodejs/undici#4924\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edoc: remove unused parameter \u003ccode\u003eredirectionLimitReached\u003c/code\u003e by \u003ca href=\"https://github.com/samuel871211\"\u003e\u003ccode\u003e@​samuel871211\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4933\"\u003enodejs/undici#4933\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: skip flaky macOS Node 20 cookie fetch cases by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4932\"\u003enodejs/undici#4932\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(types): align Response with DOM fetch types by \u003ca href=\"https://github.com/theamodhshetty\"\u003e\u003ccode\u003e@​theamodhshetty\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4867\"\u003enodejs/undici#4867\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(types): Fix clone method type declaration to be an instance method rather than instance property by \u003ca href=\"https://github.com/mistval\"\u003e\u003ccode\u003e@​mistval\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4925\"\u003enodejs/undici#4925\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: skip IPv6 tests when IPv6 is not available by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4939\"\u003enodejs/undici#4939\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: correctly handle multi-value rawHeaders in fetch by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4938\"\u003enodejs/undici#4938\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eignore AGENTS.md by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4942\"\u003enodejs/undici#4942\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/samuel871211\"\u003e\u003ccode\u003e@​samuel871211\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4924\"\u003enodejs/undici#4924\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mistval\"\u003e\u003ccode\u003e@​mistval\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4925\"\u003enodejs/undici#4925\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.24.6...v7.24.7\"\u003ehttps://github.com/nodejs/undici/compare/v7.24.6...v7.24.7\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.24.6\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(test): client wasm compatible with clang 22 by \u003ca href=\"https://github.com/rozzilla\"\u003e\u003ccode\u003e@​rozzilla\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4909\"\u003enodejs/undici#4909\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(mock): improve error message when intercepts are exhausted by \u003ca href=\"https://github.com/travisbreaks\"\u003e\u003ccode\u003e@​travisbreaks\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4912\"\u003enodejs/undici#4912\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(websocket): support open diagnostics over h2 by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4921\"\u003enodejs/undici#4921\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: assume http/https scheme for scheme-less proxy env vars by \u003ca href=\"https://github.com/travisbreaks\"\u003e\u003ccode\u003e@​travisbreaks\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4914\"\u003enodejs/undici#4914\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(cache): check Authorization on request headers per RFC 9111 §3.5 by \u003ca href=\"https://github.com/metalix2\"\u003e\u003ccode\u003e@​metalix2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4911\"\u003enodejs/undici#4911\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: wrap kConnector call in try/catch to prevent client hang by \u003ca href=\"https://github.com/veeceey\"\u003e\u003ccode\u003e@​veeceey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4834\"\u003enodejs/undici#4834\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: clarify fetch and FormData pairing by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4922\"\u003enodejs/undici#4922\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: support Connection header with connection-specific header names per RFC 7230 by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4775\"\u003enodejs/undici#4775\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: avoid prototype collisions in parseHeaders by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4923\"\u003enodejs/undici#4923\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump typescript from 5.9.3 to 6.0.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4926\"\u003enodejs/undici#4926\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: auto-init WPT submodule by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4930\"\u003enodejs/undici#4930\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rozzilla\"\u003e\u003ccode\u003e@​rozzilla\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4909\"\u003enodejs/undici#4909\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/veeceey\"\u003e\u003ccode\u003e@​veeceey\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4834\"\u003enodejs/undici#4834\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.24.5...v7.24.6\"\u003ehttps://github.com/nodejs/undici/compare/v7.24.5...v7.24.6\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/12d9045923b7caebb1ae6975ef34c29dbcfd95d0\"\u003e\u003ccode\u003e12d9045\u003c/code\u003e\u003c/a\u003e Bumped v7.25.0 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/5025\"\u003e#5025\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/7a6f7febb30a30748a04f38c21e3641c77d21b0e\"\u003e\u003ccode\u003e7a6f7fe\u003c/code\u003e\u003c/a\u003e Bumped v7.24.8 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/5020\"\u003e#5020\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/1f85ae4b27ed6401e7ccc35eb546ad2e5976121f\"\u003e\u003ccode\u003e1f85ae4\u003c/code\u003e\u003c/a\u003e fix: avoid 401 failures for stream-backed request bodies (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4941\"\u003e#4941\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/5006\"\u003e#5006\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/c6610674dfad7c205ddf0f27831133973ad7894e\"\u003e\u003ccode\u003ec661067\u003c/code\u003e\u003c/a\u003e chore: update v7.x maintenance release flow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/84f23e2a19cd0f585579c4257d801e4ec2d65dbd\"\u003e\u003ccode\u003e84f23e2\u003c/code\u003e\u003c/a\u003e Bumped v7.24.7 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4947\"\u003e#4947\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/a770b1033201984b9e8082a9bf955414bff5dc2e\"\u003e\u003ccode\u003ea770b10\u003c/code\u003e\u003c/a\u003e ignore AGENTS.md (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4942\"\u003e#4942\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/6acd19beaf67c1a2d07bcd38f40d0b751a81e7cc\"\u003e\u003ccode\u003e6acd19b\u003c/code\u003e\u003c/a\u003e fix: correctly handle multi-value rawHeaders in fetch (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4938\"\u003e#4938\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/1da1c747c7d6e01b93ab295e0efb86623f3c8e06\"\u003e\u003ccode\u003e1da1c74\u003c/code\u003e\u003c/a\u003e test: skip IPv6 tests when IPv6 is not available (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4939\"\u003e#4939\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/04cb77327f7ada95c2e5b67424cddcb22d7bf882\"\u003e\u003ccode\u003e04cb773\u003c/code\u003e\u003c/a\u003e fix(types): Fix clone method type declaration to be an instance method rather...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/5145a7c47080d1715b2723591def3a75b0c3ba63\"\u003e\u003ccode\u003e5145a7c\u003c/code\u003e\u003c/a\u003e fix(types): align Response with DOM fetch types (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4867\"\u003e#4867\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nodejs/undici/compare/v7.15.0...v7.25.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for undici since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ajv` from 8.17.1 to 8.18.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ajv-validator/ajv/releases\"\u003eajv's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.18.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: allow tree-shaking by adding \u003ccode\u003e\u0026quot;sideEffects\u0026quot;: false\u003c/code\u003e to \u003ccode\u003epackage.json\u003c/code\u003e by \u003ca href=\"https://github.com/josdejong\"\u003e\u003ccode\u003e@​josdejong\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2480\"\u003eajv-validator/ajv#2480\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2482\"\u003e#2482\u003c/a\u003e Infinity and NaN serialise to null by \u003ca href=\"https://github.com/jasoniangreen\"\u003e\u003ccode\u003e@​jasoniangreen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2487\"\u003eajv-validator/ajv#2487\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: small grammatical error in managing-schemas.md by \u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2508\"\u003eajv-validator/ajv#2508\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: typos in schema-language.md by \u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2507\"\u003eajv-validator/ajv#2507\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(pattern): use configured RegExp engine with $data keyword to mitigate ReDoS attacks (CVE-2025-69873) by \u003ca href=\"https://github.com/epoberezkin\"\u003e\u003ccode\u003e@​epoberezkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2586\"\u003eajv-validator/ajv#2586\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/josdejong\"\u003e\u003ccode\u003e@​josdejong\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2480\"\u003eajv-validator/ajv#2480\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2508\"\u003eajv-validator/ajv#2508\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0\"\u003ehttps://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/142ce84b807c4fe66e619c22480a28d0e4bd50fa\"\u003e\u003ccode\u003e142ce84\u003c/code\u003e\u003c/a\u003e 8.18.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/720a23fa453ffae8340e92c9b0fe886c54cfe0d5\"\u003e\u003ccode\u003e720a23f\u003c/code\u003e\u003c/a\u003e fix(pattern): use configured RegExp engine with $data keyword to mitigate ReD...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/82735a15826a30cc51e97a1bbfb59b3d388e4b98\"\u003e\u003ccode\u003e82735a1\u003c/code\u003e\u003c/a\u003e fix: typos in schema-language.md (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2507\"\u003e#2507\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/b17ec32cd97542e90ae27231d8a8bce88b9e53b6\"\u003e\u003ccode\u003eb17ec32\u003c/code\u003e\u003c/a\u003e fix: small grammatical error in managing-schemas.md (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2508\"\u003e#2508\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/69568d08564303e2c32a2de61feb833b41075f96\"\u003e\u003ccode\u003e69568d0\u003c/code\u003e\u003c/a\u003e fix: \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2482\"\u003e#2482\u003c/a\u003e Infinity and NaN serialise to null (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2487\"\u003e#2487\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/f06766f33ed7291f84c19f22a1286a34475fbdaf\"\u003e\u003ccode\u003ef06766f\u003c/code\u003e\u003c/a\u003e feat: allow tree-shaking by adding ``\u0026quot;sideEffects\u0026quot;: false\u003ccode\u003eto\u003c/code\u003epackage.json` ...\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `picomatch` from 4.0.3 to 4.0.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/releases\"\u003epicomatch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.0.4\u003c/h2\u003e\n\u003cp\u003eThis is a security release fixing several security relevant issues.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj\"\u003eCVE-2026-33671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p\"\u003eCVE-2026-33672\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/micromatch/picomatch/compare/4.0.3...4.0.4\"\u003ehttps://github.com/micromatch/picomatch/compare/4.0.3...4.0.4\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/e5474fc1a4d7991870058170407dda8a42be5334\"\u003e\u003ccode\u003ee5474fc\u003c/code\u003e\u003c/a\u003e Publish 4.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/4516eb521f13a46b2fe1a1d2c9ef6b20ddc0e903\"\u003e\u003ccode\u003e4516eb5\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/5eceecd27543b8e056b9307d69e105ea03618a7d\"\u003e\u003ccode\u003e5eceecd\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/0db7dd70651ca7c8265601c0442a996ed32e3238\"\u003e\u003ccode\u003e0db7dd7\u003c/code\u003e\u003c/a\u003e Run benchmark again against latest minimatch version (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/161\"\u003e#161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/95003777eb1c60dec09495a8231fa2ba4054d76a\"\u003e\u003ccode\u003e9500377\u003c/code\u003e\u003c/a\u003e docs: clarify what brace expansion syntax is and isn't supported (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/134\"\u003e#134\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/2661f23eca86c8b4a2b14815b9b2b3b74bd5a171\"\u003e\u003ccode\u003e2661f23\u003c/code\u003e\u003c/a\u003e fix typo in globstars.js test name (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/138\"\u003e#138\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/1798b07e9df59500b9cf567294d44d559032f4c7\"\u003e\u003ccode\u003e1798b07\u003c/code\u003e\u003c/a\u003e docs: fix \u003ccode\u003emakeRe\u003c/code\u003e example (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/143\"\u003e#143\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/9d76bc57a03b7f57cc4ca516c8071daf632bafd8\"\u003e\u003ccode\u003e9d76bc5\u003c/code\u003e\u003c/a\u003e chore: undocument removed options (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/146\"\u003e#146\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/e4d718bbfb47e4f030ab2612b5b04a9297fe272d\"\u003e\u003ccode\u003ee4d718b\u003c/code\u003e\u003c/a\u003e Remove unused time-require (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/160\"\u003e#160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/38dffeb16221cc8eb8981524fb6895dd2aaaba76\"\u003e\u003ccode\u003e38dffeb\u003c/code\u003e\u003c/a\u003e chore(deps): pin dependencies (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/158\"\u003e#158\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/micromatch/picomatch/compare/4.0.3...4.0.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@isaacs/brace-expansion` from 5.0.0 to 5.0.1\n\nUpdates `qs` from 6.13.0 to 6.15.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ljharb/qs/blob/main/CHANGELOG.md\"\u003eqs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.1\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: \u003ccode\u003eparameterLimit: Infinity\u003c/code\u003e with \u003ccode\u003ethrowOnLimitExceeded: true\u003c/code\u003e silently drops all parameters\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eiconv-lite\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] increase coverage\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.0\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[New] \u003ccode\u003eparse\u003c/code\u003e: add \u003ccode\u003estrictMerge\u003c/code\u003e option to wrap object/primitive conflicts in an array (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/425\"\u003e#425\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/ljharb/qs/issues/122\"\u003e#122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eduplicates\u003c/code\u003e option should not apply to bracket notation keys (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/514\"\u003e#514\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.14.2\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: mark overflow objects for indexed notation exceeding \u003ccode\u003earrayLimit\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/546\"\u003e#546\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003earrayLimit\u003c/code\u003e means max count, not max index, in \u003ccode\u003ecombine\u003c/code\u003e/\u003ccode\u003emerge\u003c/code\u003e/\u003ccode\u003eparseArrayValue\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: throw on \u003ccode\u003earrayLimit\u003c/code\u003e exceeded with indexed notation when \u003ccode\u003ethrowOnLimitExceeded\u003c/code\u003e is true (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/529\"\u003e#529\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: enforce \u003ccode\u003earrayLimit\u003c/code\u003e on \u003ccode\u003ecomma\u003c/code\u003e-parsed values\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: fix error message to reflect arrayLimit as max index; remove extraneous comments (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/545\"\u003e#545\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Robustness] avoid \u003ccode\u003e.push\u003c/code\u003e, use \u003ccode\u003evoid\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[readme] document that \u003ccode\u003eaddQueryPrefix\u003c/code\u003e does not add \u003ccode\u003e?\u003c/code\u003e to empty output (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/418\"\u003e#418\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] clarify \u003ccode\u003eparseArrays\u003c/code\u003e and \u003ccode\u003earrayLimit\u003c/code\u003e documentation (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/543\"\u003e#543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] replace runkit CI badge with shields.io check-runs badge\u003c/li\u003e\n\u003cli\u003e[meta] fix changelog typo (\u003ccode\u003earrayLength\u003c/code\u003e → \u003ccode\u003earrayLimit\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e[actions] fix rebase workflow permissions\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.14.1\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] ensure \u003ccode\u003earrayLimit\u003c/code\u003e applies to \u003ccode\u003e[]\u003c/code\u003e notation as well\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: when a custom decoder returns \u003ccode\u003enull\u003c/code\u003e for a key, ignore that key\u003c/li\u003e\n\u003cli\u003e[Refactor] \u003ccode\u003eparse\u003c/code\u003e: extract key segment splitting helper\u003c/li\u003e\n\u003cli\u003e[meta] add threat model\u003c/li\u003e\n\u003cli\u003e[actions] add workflow permissions\u003c/li\u003e\n\u003cli\u003e[Tests] \u003ccode\u003estringify\u003c/code\u003e: increase coverage\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003eeslint\u003c/code\u003e, \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003enpmignore\u003c/code\u003e, \u003ccode\u003ees-value-fixtures\u003c/code\u003e, \u003ccode\u003efor-each\u003c/code\u003e, \u003ccode\u003eobject-inspect\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.14.0\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[New] \u003ccode\u003eparse\u003c/code\u003e: add \u003ccode\u003ethrowOnParameterLimitExceeded\u003c/code\u003e option (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/517\"\u003e#517\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Refactor] \u003ccode\u003eparse\u003c/code\u003e: use \u003ccode\u003eutils.combine\u003c/code\u003e more\u003c/li\u003e\n\u003cli\u003e[patch] \u003ccode\u003eparse\u003c/code\u003e: add explicit \u003ccode\u003ethrowOnLimitExceeded\u003c/code\u003e default\u003c/li\u003e\n\u003cli\u003e[actions] use shared action; re-add finishers\u003c/li\u003e\n\u003cli\u003e[meta] Fix changelog formatting bug\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003eside-channel\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003ees-value-fixtures\u003c/code\u003e, \u003ccode\u003ehas-bigints\u003c/code\u003e, \u003ccode\u003ehas-proto\u003c/code\u003e, \u003ccode\u003ehas-symbols\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] increase coverage\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.13.3\u003c/strong\u003e\u003c/h2\u003e\n\u003cp\u003e[Fix] fix regressions from robustness refactor\n[actions] update reusable workflows\u003c/p\u003e\n\u003ch2\u003e\u003cstrong\u003e6.13.2\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Robustness] avoid \u003ccode\u003e.push\u003c/code\u003e, use \u003ccode\u003evoid\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[readme] clarify \u003ccode\u003eparseArrays\u003c/code\u003e and \u003ccode\u003earrayLimit\u003c/code\u003e documentation (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/543\"\u003e#543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] document that \u003ccode\u003eaddQueryPrefix\u003c/code\u003e does not add \u003ccode\u003e?\u003c/code\u003e to empty output (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/418\"\u003e#418\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/3f5e1c528c967d915096787efbffa73cf6044170\"\u003e\u003ccode\u003e3f5e1c5\u003c/code\u003e\u003c/a\u003e v6.15.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/c85b67f0a35897c2d3d1dd2766a3c8f1bd9b371f\"\u003e\u003ccode\u003ec85b67f\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003eparse\u003c/code\u003e: \u003ccode\u003eparameterLimit: Infinity\u003c/code\u003e with \u003ccode\u003ethrowOnLimitExceeded: true\u003c/code\u003e s...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/4dfa0f09798f79b08c9727fde391b1aa4ec8572d\"\u003e\u003ccode\u003e4dfa0f0\u003c/code\u003e\u003c/a\u003e [Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/dbb05d7bd9a86b9125dd8e1e0d3dcae62abe106b\"\u003e\u003ccode\u003edbb05d7\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eiconv-lite\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/b0cfe7cc01f3f7241c1d5cb444c99c0e87b68961\"\u003e\u003ccode\u003eb0cfe7c\u003c/code\u003e\u003c/a\u003e [Tests] increase coverage\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/d9b4c66303375493c68c42d68e363e50b1753771\"\u003e\u003ccode\u003ed9b4c66\u003c/code\u003e\u003c/a\u003e v6.15.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/cb41a545a32422ad3044584d3c4fa8f953552605\"\u003e\u003ccode\u003ecb41a54\u003c/code\u003e\u003c/a\u003e [New] \u003ccode\u003eparse\u003c/code\u003e: add \u003ccode\u003estrictMerge\u003c/code\u003e option to wrap object/primitive conflicts in...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/88e15636da953397262bd3014ab8b0d17d5c8039\"\u003e\u003ccode\u003e88e1563\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003eduplicates\u003c/code\u003e option should not apply to bracket notation keys\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/9d441d270486c3cc77f17289a9e0921c0f742aff\"\u003e\u003ccode\u003e9d441d2\u003c/code\u003e\u003c/a\u003e Merge backport release tags v6.0.6–v6.13.3 into main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/85cc8cac6b444c9b4cb1172a151ac8fdee0a0301\"\u003e\u003ccode\u003e85cc8ca\u003c/code\u003e\u003c/a\u003e v6.12.5\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ljharb/qs/compare/v6.13.0...v6.15.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@opentelemetry/exporter-prometheus` from 0.203.0 to 0.218.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/releases\"\u003e@​opentelemetry/exporter-prometheus's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eexperimental/v0.218.0\u003c/h2\u003e\n\u003ch2\u003e0.218.0\u003c/h2\u003e\n\u003ch3\u003e:rocket: Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat(otlp-transformer): replace protobufjs metrics serialization with custom implementation \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6629\"\u003e#6625\u003c/a\u003e \u003ca href=\"https://github.com/pichlermarc\"\u003e\u003ccode\u003e@​pichlermarc\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(configuration): show all config validation errors, if there are multiple \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6683\"\u003e#6683\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(sdk-node): allow startNodeSDK() without an arg \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6688\"\u003e#6688\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e:house: Internal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003erefactor(sdk-logs): alias \u003ccode\u003eLoggerProviderConfig\u003c/code\u003e to \u003ccode\u003eLoggerProviderOptions\u003c/code\u003e \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6691\"\u003e#6691\u003c/a\u003e \u003ca href=\"https://github.com/david-luna\"\u003e\u003ccode\u003e@​david-luna\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erefactor(sdk-logs): use \u003ccode\u003eLogger.enabled()\u003c/code\u003e within \u003ccode\u003eLogger.emit()\u003c/code\u003e implementation \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6680\"\u003e#6680\u003c/a\u003e \u003ca href=\"https://github.com/david-luna\"\u003e\u003ccode\u003e@​david-luna\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eexperimental/v0.217.0\u003c/h2\u003e\n\u003ch2\u003e0.217.0\u003c/h2\u003e\n\u003ch3\u003e:rocket: Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat(otlp-transformer): replace protobufjs trace serialization with custom implementation \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6625\"\u003e#6625\u003c/a\u003e \u003ca href=\"https://github.com/pichlermarc\"\u003e\u003ccode\u003e@​pichlermarc\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(configuration): auto-generate TypeScript types from OTel declarative config JSON schema (stable v1.0.0) using \u003ccode\u003ejson-schema-to-typescript\u003c/code\u003e and \u003ccode\u003eajv\u003c/code\u003e \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6533\"\u003e#6533\u003c/a\u003e \u003ca href=\"https://github.com/MikeGoldsmith\"\u003e\u003ccode\u003e@​MikeGoldsmith\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(configuration, sdk-node): \u003ccode\u003estartNodeSDK()\u003c/code\u003e code path now uses \u003ccode\u003elog_level\u003c...\n\n_Description has been truncated_","html_url":"https://github.com/dinohatibovic/gemini-cli/pull/15","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/dinohatibovic%2Fgemini-cli/issues/15","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/15/packages"},{"uuid":"4436552200","node_id":"PR_kwDOPJD-Qc7bC8Yb","number":14,"state":"closed","title":"chore(deps): bump the npm_and_yarn group across 3 directories with 21 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-23T09:54:01.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-13T09:18:12.000Z","updated_at":"2026-05-23T09:54:02.000Z","time_to_close":866149,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"npm_and_yarn","update_count":21,"packages":[{"name":"glob","old_version":"10.4.5","new_version":"10.5.0","repository_url":"https://github.com/isaacs/node-glob"},{"name":"lodash","old_version":"4.17.21","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"diff","old_version":"7.0.0","new_version":"9.0.0","repository_url":"https://github.com/kpdecker/jsdiff"},{"name":"@modelcontextprotocol/sdk","old_version":"1.15.1","new_version":"1.29.0","repository_url":"https://github.com/modelcontextprotocol/typescript-sdk"},{"name":"@opentelemetry/sdk-node","old_version":"0.52.1","new_version":"0.218.0","repository_url":"https://github.com/open-telemetry/opentelemetry-js"},{"name":"ajv","old_version":"8.17.1","new_version":"8.18.0","repository_url":"https://github.com/ajv-validator/ajv"},{"name":"simple-git","old_version":"3.28.0","new_version":"3.36.0","repository_url":"https://github.com/steveukx/git-js"},{"name":"undici","old_version":"7.10.0","new_version":"7.25.0","repository_url":"https://github.com/nodejs/undici"},{"name":"brace-expansion","old_version":"1.1.12","new_version":"1.1.14","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"minimatch","old_version":"3.1.2","new_version":"3.1.5","repository_url":"https://github.com/isaacs/minimatch"},{"name":"fast-uri","old_version":"3.0.6","new_version":"3.1.2","repository_url":"https://github.com/fastify/fast-uri"},{"name":"flatted","old_version":"3.3.3","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"js-yaml","old_version":"4.1.0","new_version":"4.1.1","repository_url":"https://github.com/nodeca/js-yaml"},{"name":"jws","old_version":"4.0.0","new_version":"4.0.1","repository_url":"https://github.com/brianloveswords/node-jws"},{"name":"path-to-regexp","old_version":"8.2.0","new_version":"8.4.2","repository_url":"https://github.com/pillarjs/path-to-regexp"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"picomatch","old_version":"4.0.2","new_version":"4.0.4","repository_url":"https://github.com/micromatch/picomatch"},{"name":"rollup","old_version":"4.44.0","new_version":"4.60.3","repository_url":"https://github.com/rollup/rollup"},{"name":"vite","old_version":"7.0.0","new_version":"7.3.3","repository_url":"https://github.com/vitejs/vite"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 18 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [glob](https://github.com/isaacs/node-glob) | `10.4.5` | `10.5.0` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [diff](https://github.com/kpdecker/jsdiff) | `7.0.0` | `9.0.0` |\n| [@modelcontextprotocol/sdk](https://github.com/modelcontextprotocol/typescript-sdk) | `1.15.1` | `1.29.0` |\n| [@opentelemetry/sdk-node](https://github.com/open-telemetry/opentelemetry-js) | `0.52.1` | `0.218.0` |\n| [ajv](https://github.com/ajv-validator/ajv) | `8.17.1` | `8.18.0` |\n| [simple-git](https://github.com/steveukx/git-js/tree/HEAD/simple-git) | `3.28.0` | `3.36.0` |\n| [undici](https://github.com/nodejs/undici) | `7.10.0` | `7.25.0` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.12` | `1.1.14` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [fast-uri](https://github.com/fastify/fast-uri) | `3.0.6` | `3.1.2` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `4.1.0` | `4.1.1` |\n| [jws](https://github.com/brianloveswords/node-jws) | `4.0.0` | `4.0.1` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `8.2.0` | `8.4.2` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [picomatch](https://github.com/micromatch/picomatch) | `4.0.2` | `4.0.4` |\n| [rollup](https://github.com/rollup/rollup) | `4.44.0` | `4.60.3` |\n| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `7.0.0` | `7.3.3` |\n\nBumps the npm_and_yarn group with 10 updates in the /packages/core directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [glob](https://github.com/isaacs/node-glob) | `10.4.5` | `12.0.0` |\n| [diff](https://github.com/kpdecker/jsdiff) | `7.0.0` | `8.0.3` |\n| [@modelcontextprotocol/sdk](https://github.com/modelcontextprotocol/typescript-sdk) | `1.12.3` | `1.29.0` |\n| [@opentelemetry/sdk-node](https://github.com/open-telemetry/opentelemetry-js) | `0.52.1` | `0.217.0` |\n| [simple-git](https://github.com/steveukx/git-js/tree/HEAD/simple-git) | `3.28.0` | `3.36.0` |\n| [undici](https://github.com/nodejs/undici) | `7.10.0` | `7.24.0` |\n| [jws](https://github.com/brianloveswords/node-jws) | `4.0.0` | `4.0.1` |\n| [protobufjs](https://github.com/protobufjs/protobuf.js) | `7.5.3` | `7.5.8` |\n| [rollup](https://github.com/rollup/rollup) | `4.43.0` | `4.60.3` |\n| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `6.3.5` | `7.3.3` |\n\nBumps the npm_and_yarn group with 8 updates in the /packages/vscode-ide-companion directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [@modelcontextprotocol/sdk](https://github.com/modelcontextprotocol/typescript-sdk) | `1.15.1` | `1.26.0` |\n| [ajv](https://github.com/ajv-validator/ajv) | `6.12.6` | `6.15.0` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.12` | `1.1.14` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `2.0.2` | `2.1.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [minimatch](https://github.com/isaacs/minimatch) | `9.0.5` | `9.0.9` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `4.1.0` | `4.1.1` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `8.2.0` | `8.4.2` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n\n\nUpdates `glob` from 10.4.5 to 10.5.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-glob/commit/56774ef73b495eb0b17cdd0f42921f5ef62297c1\"\u003e\u003ccode\u003e56774ef\u003c/code\u003e\u003c/a\u003e 10.5.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-glob/commit/1e4e297342a09f2aa0ced87fcd4a70ddc325d75f\"\u003e\u003ccode\u003e1e4e297\u003c/code\u003e\u003c/a\u003e bin: Do not expose filenames to shell expansion\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/isaacs/node-glob/compare/v10.4.5...v10.5.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lodash` from 4.17.21 to 4.18.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lodash/lodash/releases\"\u003elodash's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.18.1\u003c/h2\u003e\n\u003ch2\u003eBugs\u003c/h2\u003e\n\u003cp\u003eFixes a \u003ccode\u003eReferenceError\u003c/code\u003e issue in \u003ccode\u003elodash\u003c/code\u003e \u003ccode\u003elodash-es\u003c/code\u003e \u003ccode\u003elodash-amd\u003c/code\u003e and \u003ccode\u003elodash.template\u003c/code\u003e when using the \u003ccode\u003etemplate\u003c/code\u003e and \u003ccode\u003efromPairs\u003c/code\u003e functions from the modular builds. See \u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6167#issuecomment-4165269769\"\u003elodash/lodash#6167\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThese defects were related to how lodash distributions are built from the main branch using \u003ca href=\"https://github.com/lodash-archive/lodash-cli\"\u003ehttps://github.com/lodash-archive/lodash-cli\u003c/a\u003e. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.\u003c/p\u003e\n\u003cp\u003eThere is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003elodash\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-es\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-amd\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash.template\u003c/code\u003e\u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.18.0\u003c/h2\u003e\n\u003ch2\u003ev4.18.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.23...4.18.0\"\u003ehttps://github.com/lodash/lodash/compare/4.17.23...4.18.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.unset\u003c/code\u003e / \u003ccode\u003e_.omit\u003c/code\u003e\u003c/strong\u003e: Fixed prototype pollution via \u003ccode\u003econstructor\u003c/code\u003e/\u003ccode\u003eprototype\u003c/code\u003e path traversal (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-f23m-r3pf-42rh\"\u003eGHSA-f23m-r3pf-42rh\u003c/a\u003e, \u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003efe8d32e\u003c/a\u003e). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now \u003ccode\u003econstructor\u003c/code\u003e and \u003ccode\u003eprototype\u003c/code\u003e are blocked unconditionally as non-terminal path keys, matching \u003ccode\u003ebaseSet\u003c/code\u003e. Calls that previously returned \u003ccode\u003etrue\u003c/code\u003e and deleted the property now return \u003ccode\u003efalse\u003c/code\u003e and leave the target untouched.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.template\u003c/code\u003e\u003c/strong\u003e: Fixed code injection via \u003ccode\u003eimports\u003c/code\u003e keys (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-r5fr-rjxr-66jc\"\u003eGHSA-r5fr-rjxr-66jc\u003c/a\u003e, CVE-2026-4800, \u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e879aaa9\u003c/a\u003e). Fixes an incomplete patch for CVE-2021-23337. The \u003ccode\u003evariable\u003c/code\u003e option was validated against \u003ccode\u003ereForbiddenIdentifierChars\u003c/code\u003e but \u003ccode\u003eimportsKeys\u003c/code\u003e was left unguarded, allowing code injection via the same \u003ccode\u003eFunction()\u003c/code\u003e constructor sink. \u003ccode\u003eimports\u003c/code\u003e keys containing forbidden identifier characters now throw \u003ccode\u003e\u0026quot;Invalid imports option passed into _.template\u0026quot;\u003c/code\u003e.\u003c/p\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd security notice for \u003ccode\u003e_.template\u003c/code\u003e in threat model and API docs (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6099\"\u003e#6099\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDocument \u003ccode\u003elower \u0026gt; upper\u003c/code\u003e behavior in \u003ccode\u003e_.random\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6115\"\u003e#6115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix quotes in \u003ccode\u003e_.compact\u003c/code\u003e jsdoc (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6090\"\u003e#6090\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ccode\u003elodash.*\u003c/code\u003e modular packages\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6157\"\u003eDiff\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eWe have also regenerated and published a select number of the \u003ccode\u003elodash.*\u003c/code\u003e modular packages.\u003c/p\u003e\n\u003cp\u003eThese modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.orderby\"\u003elodash.orderby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.tonumber\"\u003elodash.tonumber\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trim\"\u003elodash.trim\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trimend\"\u003elodash.trimend\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.sortedindexby\"\u003elodash.sortedindexby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.zipobjectdeep\"\u003elodash.zipobjectdeep\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.unset\"\u003elodash.unset\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.omit\"\u003elodash.omit\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.template\"\u003elodash.template\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/cb0b9b9212521c08e3eafe7c8cb0af1b42b6649e\"\u003e\u003ccode\u003ecb0b9b9\u003c/code\u003e\u003c/a\u003e release(patch): bump main to 4.18.1 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6177\"\u003e#6177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/75535f57883b7225adb96de1cfc1cd4169cfcb51\"\u003e\u003ccode\u003e75535f5\u003c/code\u003e\u003c/a\u003e chore: prune stale advisory refs (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6170\"\u003e#6170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/62e91bc6a39c98d85b9ada8c44d40593deaf82a4\"\u003e\u003ccode\u003e62e91bc\u003c/code\u003e\u003c/a\u003e docs: remove n_ Node.js \u0026lt; 6 REPL note from README (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6165\"\u003e#6165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/59be2de61f8aa9461c7856533b51d31b7d8babc4\"\u003e\u003ccode\u003e59be2de\u003c/code\u003e\u003c/a\u003e release(minor): bump to 4.18.0 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6161\"\u003e#6161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/af634573030f979194871da7c68f79420992f53d\"\u003e\u003ccode\u003eaf63457\u003c/code\u003e\u003c/a\u003e fix: broken tests for _.template 879aaa9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/1073a7693e1727e0cf3641e5f71f75ddcf8de7c0\"\u003e\u003ccode\u003e1073a76\u003c/code\u003e\u003c/a\u003e fix: linting issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e\u003ccode\u003e879aaa9\u003c/code\u003e\u003c/a\u003e fix: validate imports keys in _.template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003e\u003ccode\u003efe8d32e\u003c/code\u003e\u003c/a\u003e fix: block prototype pollution in baseUnset via constructor/prototype traversal\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/18ba0a32f42fd02117f096b032f89c984173462d\"\u003e\u003ccode\u003e18ba0a3\u003c/code\u003e\u003c/a\u003e refactor(fromPairs): use baseAssignValue for consistent assignment (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6153\"\u003e#6153\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/b8190803d48d60b8c80ad45d39125f32fa618cb2\"\u003e\u003ccode\u003eb819080\u003c/code\u003e\u003c/a\u003e ci: add dist sync validation workflow (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6137\"\u003e#6137\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.21...4.18.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `diff` from 7.0.0 to 9.0.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kpdecker/jsdiff/blob/master/release-notes.md\"\u003ediff's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e9.0.0\u003c/h2\u003e\n\u003cp\u003e(All changes part of PR \u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/672\"\u003e#672\u003c/a\u003e.)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eES5 support is dropped\u003c/strong\u003e. \u003ccode\u003eparsePatch\u003c/code\u003e now uses \u003ccode\u003eTextDecoder\u003c/code\u003e and \u003ccode\u003eUint8Array\u003c/code\u003e, which are not available in ES5, and TypeScript is now compiled with the \u0026quot;es6\u0026quot; \u003ccode\u003etarget\u003c/code\u003e. From now on, I intend to freely use any features that are deemed \u0026quot;Widely available\u0026quot; by \u003ca href=\"https://web.dev/baseline\"\u003eBaseline\u003c/a\u003e. Users who need ES5 support should stick to version 8.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eC-style quoted strings in filename headers are now properly supported\u003c/strong\u003e.\u003c/p\u003e\n\u003cp\u003eWhen the name of either the old or new file in a patch contains \u0026quot;special characters\u0026quot;, both GNU \u003ccode\u003ediff\u003c/code\u003e and Git quote the filename in the patch's headers and escape special characters using the same escape sequences that are used in string literals in C, including octal escapes for all non-ASCII characters. Previously, jsdiff had very little support for this; \u003ccode\u003eparsePatch\u003c/code\u003e would remove the quotes, and unescape any escaped backslashes, but would not unescape other escape sequences. \u003ccode\u003eformatPatch\u003c/code\u003e, meanwhile, did not quote or escape special characters at all.\u003c/p\u003e\n\u003cp\u003eNow, \u003ccode\u003eparsePatch\u003c/code\u003e parses all the possible escape sequences that GNU diff (or Git) ever output, and \u003ccode\u003eformatPatch\u003c/code\u003e quotes and escapes filenames containing special characters in the same way GNU diff does.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003eformatPatch\u003c/code\u003e now omits file headers when \u003ccode\u003eoldFileName\u003c/code\u003e or \u003ccode\u003enewFileName\u003c/code\u003e in the provided patch object are \u003ccode\u003eundefined\u003c/code\u003e\u003c/strong\u003e, regardless of the \u003ccode\u003eheaderOptions\u003c/code\u003e parameter. (Previously, it would treat the absence of \u003ccode\u003eoldFileName\u003c/code\u003e or \u003ccode\u003enewFileName\u003c/code\u003e as indicating the filename was the word \u0026quot;undefined\u0026quot; and emit headers \u003ccode\u003e--- undefined\u003c/code\u003e / \u003ccode\u003e+++ undefined\u003c/code\u003e.)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003eformatPatch\u003c/code\u003e no longer outputs trailing tab characters at the end of \u003ccode\u003e---\u003c/code\u003e/\u003ccode\u003e+++\u003c/code\u003e headers.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003ePreviously, if \u003ccode\u003eformatPatch\u003c/code\u003e was passed a patch object to serialize that had empty strings for the \u003ccode\u003eoldHeader\u003c/code\u003e or \u003ccode\u003enewHeader\u003c/code\u003e property, it would include a trailing tab character after the filename in the \u003ccode\u003e---\u003c/code\u003e and/or \u003ccode\u003e+++\u003c/code\u003e file header. Now, this scenario is treated the same as when \u003ccode\u003eoldHeader\u003c/code\u003e/\u003ccode\u003enewHeader\u003c/code\u003e is \u003ccode\u003eundefined\u003c/code\u003e - i.e. the trailing tab is omitted.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003eformatPatch\u003c/code\u003e no longer mutates its input\u003c/strong\u003e when serializing a patch containing a hunk where either the old or new content contained zero lines. (Such a hunk occurs only when the hunk has no context lines and represents a pure insertion or pure deletion, which for instance will occur whenever one of the two files being diffed is completely empty.) Previously \u003ccode\u003eformatPatch\u003c/code\u003e would provide the correct output but also mutate the \u003ccode\u003eoldLines\u003c/code\u003e or \u003ccode\u003enewLines\u003c/code\u003e property on the hunk, changing the meaning of the underlying patch.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eGit-style patches are now supported by \u003ccode\u003eparsePatch\u003c/code\u003e, \u003ccode\u003eformatPatch\u003c/code\u003e, and \u003ccode\u003ereversePatch\u003c/code\u003e\u003c/strong\u003e.\u003c/p\u003e\n\u003cp\u003ePatches output by \u003ccode\u003egit diff\u003c/code\u003e can include some features that are unlike those output by GNU \u003ccode\u003ediff\u003c/code\u003e, and therefore not handled by an ordinary unified diff format parser. An ordinary diff simply describes the differences between the \u003cem\u003econtent\u003c/em\u003e of two files, but Git diffs can also indicate, via \u0026quot;extended headers\u0026quot;, the creation or deletion of (potentially empty) files, indicate that a file was renamed, and contain information about file mode changes. Furthermore, when these changes appear in a diff in the absence of a content change (e.g. when an empty file is created, or a file is renamed without content changes), the patch will contain no associated \u003ccode\u003e---\u003c/code\u003e/\u003ccode\u003e+++\u003c/code\u003e file headers nor any hunks.\u003c/p\u003e\n\u003cp\u003ejsdiff previously did not support parsing Git's extended headers, nor hunkless patches. Now \u003ccode\u003eparsePatch\u003c/code\u003e parses some of the extended headers, parses hunkless Git patches, and can determine filenames (e.g. from the extended headers) when parsing a patch that includes no \u003ccode\u003e---\u003c/code\u003e or \u003ccode\u003e+++\u003c/code\u003e file headers. The additional information conveyed by the extended headers we support is recorded on new fields on the result object returned by \u003ccode\u003eparsePatch\u003c/code\u003e. See \u003ccode\u003eisGit\u003c/code\u003e and subsequent properties in the docs in the README.md file.\u003c/p\u003e\n\u003cp\u003e\u003ccode\u003eformatPatch\u003c/code\u003e now outputs extended headers based on these new Git-specific properties, and \u003ccode\u003ereversePatch\u003c/code\u003e respects them as far as possible (with one unavoidable caveat noted in the README.md file).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eUnpaired file headers now cause \u003ccode\u003eparsePatch\u003c/code\u003e to throw\u003c/strong\u003e.\u003c/p\u003e\n\u003cp\u003eIt remains acceptable to have a patch with no file headers whatsoever (e.g. one that begins with a \u003ccode\u003e@@\u003c/code\u003e hunk header on the very first line), but a patch with \u003cem\u003eonly\u003c/em\u003e a \u003ccode\u003e---\u003c/code\u003e header or only a \u003ccode\u003e+++\u003c/code\u003e header is now considered an error.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003eparsePatch\u003c/code\u003e is now more tolerant of \u0026quot;trailing garbage\u0026quot;\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eThat is: after a patch, or between files/indexes in a patch, it is now acceptable to have arbitrary lines of \u0026quot;garbage\u0026quot; (so long as they unambiguously have no syntactic meaning - e.g. trailing garbage that leads with a \u003ccode\u003e+\u003c/code\u003e, \u003ccode\u003e-\u003c/code\u003e, or \u003ccode\u003e \u003c/code\u003e and thus is interpretable as part of a hunk still triggers a throw).\u003c/p\u003e\n\u003cp\u003eThis means we no longer reject patches output by tools that include extra data in \u0026quot;garbage\u0026quot; lines not understood by generic unified diff parsers. (For example, SVN patches can include \u0026quot;Property changes on:\u0026quot; lines that generic unified diff parsers should discard as garbage; jsdiff previously threw errors when encountering them.)\u003c/p\u003e\n\u003cp\u003eThis change brings jsdiff's behaviour more in line with GNU \u003ccode\u003epatch\u003c/code\u003e, which is highly permissive of \u0026quot;garbage\u0026quot;.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eThe \u003ccode\u003eoldFileName\u003c/code\u003e and \u003ccode\u003enewFileName\u003c/code\u003e fields of \u003ccode\u003eStructuredPatch\u003c/code\u003e are now typed as \u003ccode\u003estring | undefined\u003c/code\u003e instead of \u003ccode\u003estring\u003c/code\u003e\u003c/strong\u003e. This type change reflects the (pre-existing) reality that \u003ccode\u003eparsePatch\u003c/code\u003e can produce patches without filenames (e.g. when parsing a patch that simply contains hunks with no file headers).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.0.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/667\"\u003e#667\u003c/a\u003e - \u003cstrong\u003efix another bug in \u003ccode\u003ediffWords\u003c/code\u003e when used with an \u003ccode\u003eIntl.Segmenter\u003c/code\u003e\u003c/strong\u003e. If the text to be diffed included a combining mark after a whitespace character (i.e. roughly speaking, an accented space), \u003ccode\u003ediffWords\u003c/code\u003e would previously crash. Now this case is handled correctly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.0.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/631\"\u003e#631\u003c/a\u003e - \u003cstrong\u003efix support for using an \u003ccode\u003eIntl.Segmenter\u003c/code\u003e with \u003ccode\u003ediffWords\u003c/code\u003e\u003c/strong\u003e. This has been almost completely broken since the feature was added in v6.0.0, since it would outright crash on any text that featured two consecutive newlines between a pair of words (a very common case).\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/635\"\u003e#635\u003c/a\u003e - \u003cstrong\u003esmall tweaks to tokenization behaviour of \u003ccode\u003ediffWords\u003c/code\u003e\u003c/strong\u003e when used \u003cem\u003ewithout\u003c/em\u003e an \u003ccode\u003eIntl.Segmenter\u003c/code\u003e. Specifically, the soft hyphen (U+00AD) is no longer considered to be a word break, and the multiplication and division signs (\u003ccode\u003e×\u003c/code\u003e and \u003ccode\u003e÷\u003c/code\u003e) are now treated as punctuation instead of as letters / word characters.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/ed13aca03aa25735fafc0645d1185e7a1c68fd8c\"\u003e\u003ccode\u003eed13aca\u003c/code\u003e\u003c/a\u003e Update version in package.json and in release notes (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/683\"\u003e#683\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/7a49317b503a932b88fc72ad9c57a481df038e24\"\u003e\u003ccode\u003e7a49317\u003c/code\u003e\u003c/a\u003e Bump dependencies again (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/682\"\u003e#682\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/afe5aecad189c9f5941ad3feb3c94c46b32ecb0a\"\u003e\u003ccode\u003eafe5aec\u003c/code\u003e\u003c/a\u003e Add Git support, and otherwise variously improve \u0026amp; fix parsePatch (and other ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/2e46779d8866ce7da1303a03db33ed038590c6f6\"\u003e\u003ccode\u003e2e46779\u003c/code\u003e\u003c/a\u003e Fix a typo (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/679\"\u003e#679\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/dd2f99497703a1540b2ae406b51c49b74b5fc1a1\"\u003e\u003ccode\u003edd2f994\u003c/code\u003e\u003c/a\u003e 8.0.4 release (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/678\"\u003e#678\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/3cc438434db53c5d1c40412b727ea7650f6f145a\"\u003e\u003ccode\u003e3cc4384\u003c/code\u003e\u003c/a\u003e Update docs on releasing to reflect migration to yarn berry (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/677\"\u003e#677\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/6fc2aa6b7672af08774b50aae00d97b99c5b5715\"\u003e\u003ccode\u003e6fc2aa6\u003c/code\u003e\u003c/a\u003e yarn up '*' \u0026amp;\u0026amp; yarn up -R '**' (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/676\"\u003e#676\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/af7393ac3404565dc8da655c2e7aeeed28c01ff7\"\u003e\u003ccode\u003eaf7393a\u003c/code\u003e\u003c/a\u003e yarn up '*' \u0026amp;\u0026amp; yarn up -R '**' (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/670\"\u003e#670\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/4b5d1800370bf29b61a3378fb8086aeb231d3ef7\"\u003e\u003ccode\u003e4b5d180\u003c/code\u003e\u003c/a\u003e Fix another bug in diffWords's \u0026quot;intlSegmenter\u0026quot; mode (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/667\"\u003e#667\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/10da50c466709e7bd4b192dac96af0af46f8b7bd\"\u003e\u003ccode\u003e10da50c\u003c/code\u003e\u003c/a\u003e yarn up '*' \u0026amp;\u0026amp; yarn up -R '**' (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/666\"\u003e#666\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kpdecker/jsdiff/compare/7.0.0...v9.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@modelcontextprotocol/sdk` from 1.15.1 to 1.29.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/releases\"\u003e@​modelcontextprotocol/sdk's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.29.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: treat v1.x as primary branch for npm latest tag (backport \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1577\"\u003e#1577\u003c/a\u003e) by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1749\"\u003emodelcontextprotocol/typescript-sdk#1749\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[v1.x] fix: disallow null (infinite) requested TTL by \u003ca href=\"https://github.com/LucaButBoring\"\u003e\u003ccode\u003e@​LucaButBoring\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1339\"\u003emodelcontextprotocol/typescript-sdk#1339\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[v1.x] fix: add missing size field to ResourceSchema by \u003ca href=\"https://github.com/olaservo\"\u003e\u003ccode\u003e@​olaservo\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1575\"\u003emodelcontextprotocol/typescript-sdk#1575\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd typings exports by \u003ca href=\"https://github.com/tdraier\"\u003e\u003ccode\u003e@​tdraier\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1623\"\u003emodelcontextprotocol/typescript-sdk#1623\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev1.x npm audit fix by \u003ca href=\"https://github.com/KKonstantinov\"\u003e\u003ccode\u003e@​KKonstantinov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1780\"\u003emodelcontextprotocol/typescript-sdk#1780\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev1.x \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1623\"\u003e#1623\u003c/a\u003e follow up -add missing types to package.json by \u003ca href=\"https://github.com/KKonstantinov\"\u003e\u003ccode\u003e@​KKonstantinov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1773\"\u003emodelcontextprotocol/typescript-sdk#1773\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[v1.x backport] Allow servers / clients to advertise extensions in the capability object by \u003ca href=\"https://github.com/localden\"\u003e\u003ccode\u003e@​localden\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1811\"\u003emodelcontextprotocol/typescript-sdk#1811\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(stdio): always set windowsHide on Windows, not just in Electron by \u003ca href=\"https://github.com/jnMetaCode\"\u003e\u003ccode\u003e@​jnMetaCode\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1640\"\u003emodelcontextprotocol/typescript-sdk#1640\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: bump version to 1.29.0 by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1820\"\u003emodelcontextprotocol/typescript-sdk#1820\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tdraier\"\u003e\u003ccode\u003e@​tdraier\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1623\"\u003emodelcontextprotocol/typescript-sdk#1623\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jnMetaCode\"\u003e\u003ccode\u003e@​jnMetaCode\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1640\"\u003emodelcontextprotocol/typescript-sdk#1640\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/v1.28.0...v1.29.0\"\u003ehttps://github.com/modelcontextprotocol/typescript-sdk/compare/v1.28.0...v1.29.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.28.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: use scopes_supported from resource metadata by default (fixes \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/580\"\u003e#580\u003c/a\u003e) by \u003ca href=\"https://github.com/antogyn\"\u003e\u003ccode\u003e@​antogyn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/757\"\u003emodelcontextprotocol/typescript-sdk#757\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[v1.x backport] Default to client_secret_basic when server omits token_endpoint_auth_methods_supported by \u003ca href=\"https://github.com/pcarleton\"\u003e\u003ccode\u003e@​pcarleton\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1611\"\u003emodelcontextprotocol/typescript-sdk#1611\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: reject plain JSON Schema objects passed as inputSchema by \u003ca href=\"https://github.com/tiluckdave\"\u003e\u003ccode\u003e@​tiluckdave\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1596\"\u003emodelcontextprotocol/typescript-sdk#1596\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: clear _timeoutInfo in _onclose() and scope .finally() abort controller cleanup by \u003ca href=\"https://github.com/pcarleton\"\u003e\u003ccode\u003e@​pcarleton\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1462\"\u003emodelcontextprotocol/typescript-sdk#1462\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(server/auth): RFC 8252 loopback port relaxation by \u003ca href=\"https://github.com/poteat\"\u003e\u003ccode\u003e@​poteat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1738\"\u003emodelcontextprotocol/typescript-sdk#1738\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: bump version to 1.28.0 by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1746\"\u003emodelcontextprotocol/typescript-sdk#1746\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/antogyn\"\u003e\u003ccode\u003e@​antogyn\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/757\"\u003emodelcontextprotocol/typescript-sdk#757\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tiluckdave\"\u003e\u003ccode\u003e@​tiluckdave\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1596\"\u003emodelcontextprotocol/typescript-sdk#1596\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/poteat\"\u003e\u003ccode\u003e@​poteat\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1738\"\u003emodelcontextprotocol/typescript-sdk#1738\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/v1.27.1...v1.28.0\"\u003ehttps://github.com/modelcontextprotocol/typescript-sdk/compare/v1.27.1...v1.28.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.27.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: implement auth/pre-registration conformance scenario by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1545\"\u003emodelcontextprotocol/typescript-sdk#1545\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: add governance documentation for SEP-1730 by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1547\"\u003emodelcontextprotocol/typescript-sdk#1547\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: comprehensive feature documentation for SEP-1730 Tier 1 by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1548\"\u003emodelcontextprotocol/typescript-sdk#1548\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: prevent command injection in example URL opening (v1.x backport) by \u003ca href=\"https://github.com/maxisbey\"\u003e\u003ccode\u003e@​maxisbey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1579\"\u003emodelcontextprotocol/typescript-sdk#1579\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: call onerror for silently swallowed transport errors by \u003ca href=\"https://github.com/qing-ant\"\u003e\u003ccode\u003e@​qing-ant\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1580\"\u003emodelcontextprotocol/typescript-sdk#1580\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: bump version to 1.27.1 by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1581\"\u003emodelcontextprotocol/typescript-sdk#1581\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qing-ant\"\u003e\u003ccode\u003e@​qing-ant\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1580\"\u003emodelcontextprotocol/typescript-sdk#1580\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/v1.27.0...v1.27.1\"\u003ehttps://github.com/modelcontextprotocol/typescript-sdk/compare/v1.27.0...v1.27.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.27.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/e12cbd7078db388152f6e839abdbe09ba01f3f32\"\u003e\u003ccode\u003ee12cbd7\u003c/code\u003e\u003c/a\u003e chore: bump version to 1.29.0 (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1820\"\u003e#1820\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/3913fd4443a86536155e3ebef9edd2045c372c1e\"\u003e\u003ccode\u003e3913fd4\u003c/code\u003e\u003c/a\u003e fix(stdio): always set windowsHide on Windows, not just in Electron (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1640\"\u003e#1640\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/5608e78dd0d4ca6cd7dd03278419578f1780365a\"\u003e\u003ccode\u003e5608e78\u003c/code\u003e\u003c/a\u003e [v1.x backport] Allow servers / clients to advertise extensions in the capabi...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/7213816788e634ffb9d09affe50f0295093bfb73\"\u003e\u003ccode\u003e7213816\u003c/code\u003e\u003c/a\u003e v1.x \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1623\"\u003e#1623\u003c/a\u003e follow up -add missing types to package.json (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1773\"\u003e#1773\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/364f38ca2d8895aed7c37b7a0a1031bb7ae4841c\"\u003e\u003ccode\u003e364f38c\u003c/code\u003e\u003c/a\u003e v1.x npm audit fix (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1780\"\u003e#1780\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/c95cc0943b045517e4cc414baf1f168b216c3142\"\u003e\u003ccode\u003ec95cc09\u003c/code\u003e\u003c/a\u003e Add typings exports (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1623\"\u003e#1623\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/ddadaa6cc633fb5db0c094bf031b15b68a357820\"\u003e\u003ccode\u003eddadaa6\u003c/code\u003e\u003c/a\u003e [v1.x] fix: add missing size field to ResourceSchema (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1575\"\u003e#1575\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/2a158513028d9f862c4188b6957e78cd5663f26b\"\u003e\u003ccode\u003e2a15851\u003c/code\u003e\u003c/a\u003e [v1.x] fix: disallow null (infinite) requested TTL (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1339\"\u003e#1339\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/13e30f1d36de8442417fec695983bdb155c00768\"\u003e\u003ccode\u003e13e30f1\u003c/code\u003e\u003c/a\u003e fix: treat v1.x as primary branch for npm latest tag (backport \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1577\"\u003e#1577\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1749\"\u003e#1749\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/a0565695218544fc53e99bf5b544a887d373cefa\"\u003e\u003ccode\u003ea056569\u003c/code\u003e\u003c/a\u003e chore: bump version to 1.28.0 (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1746\"\u003e#1746\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/1.15.1...v1.29.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~pcarleton\"\u003epcarleton\u003c/a\u003e, a new releaser for \u003ccode\u003e@​modelcontextprotocol/sdk\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@opentelemetry/sdk-node` from 0.52.1 to 0.218.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/releases\"\u003e@​opentelemetry/sdk-node's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eexperimental/v0.218.0\u003c/h2\u003e\n\u003ch2\u003e0.218.0\u003c/h2\u003e\n\u003ch3\u003e:rocket: Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat(otlp-transformer): replace protobufjs metrics serialization with custom implementation \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6629\"\u003e#6625\u003c/a\u003e \u003ca href=\"https://github.com/pichlermarc\"\u003e\u003ccode\u003e@​pichlermarc\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(configuration): show all config validation errors, if there are multiple \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6683\"\u003e#6683\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(sdk-node): allow startNodeSDK() without an arg \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6688\"\u003e#6688\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e:house: Internal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003erefactor(sdk-logs): alias \u003ccode\u003eLoggerProviderConfig\u003c/code\u003e to \u003ccode\u003eLoggerProviderOptions\u003c/code\u003e \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6691\"\u003e#6691\u003c/a\u003e \u003ca href=\"https://github.com/david-luna\"\u003e\u003ccode\u003e@​david-luna\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erefactor(sdk-logs): use \u003ccode\u003eLogger.enabled()\u003c/code\u003e within \u003ccode\u003eLogger.emit()\u003c/code\u003e implementation \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6680\"\u003e#6680\u003c/a\u003e \u003ca href=\"https://github.com/david-luna\"\u003e\u003ccode\u003e@​david-luna\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eexperimental/v0.217.0\u003c/h2\u003e\n\u003ch2\u003e0.217.0\u003c/h2\u003e\n\u003ch3\u003e:rocket: Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat(otlp-transformer): replace protobufjs trace serialization with custom implementation \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6625\"\u003e#6625\u003c/a\u003e \u003ca href=\"https://github.com/pichlermarc\"\u003e\u003ccode\u003e@​pichlermarc\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(configuration): auto-generate TypeScript types from OTel declarative config JSON schema (stable v1.0.0) using \u003ccode\u003ejson-schema-to-typescript\u003c/code\u003e and \u003ccode\u003eajv\u003c/code\u003e \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6533\"\u003e#6533\u003c/a\u003e \u003ca href=\"https://github.com/MikeGoldsmith\"\u003e\u003ccode\u003e@​MikeGoldsmith\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(configuration, sdk-node): \u003ccode\u003estartNodeSDK()\u003c/code\u003e code path now uses \u003ccode\u003elog_level\u003c/code\u003e configuration to setup a DiagConsoleLogger \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6668\"\u003e#6668\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eNote that allowed values for \u003ccode\u003elog_level\u003c/code\u003e in a configuration YAML file are \u003cem\u003enot\u003c/em\u003e the same set as for \u003ccode\u003eOTEL_LOG_LEVEL\u003c/code\u003e. Use \u003ccode\u003elog_level: trace\u003c/code\u003e to see \u003cem\u003eall\u003c/em\u003e logs (equivalent of \u003ccode\u003eOTEL_LOG_LEVEL=ALL\u003c/code\u003e). Use \u003ccode\u003elog_level: fatal\u003c/code\u003e to effectively disable the SDK's internal diagnostic logger (equivalent of \u003ccode\u003eOTEL_LOG_LEVEL=NONE\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eIf \u003ccode\u003elog_level\u003c/code\u003e is not specified, a diagnostic console logger at \u0026quot;info\u0026quot; level will be setup.\u003c/li\u003e\n\u003cli\u003eAn invalid YAML config file will now result in a noop OTel SDK.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e:bug: Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix(configuration): do not validate \u003ccode\u003eOTEL_CONFIG_FILE\u003c/code\u003e value before using it for file config \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6643\"\u003e#6643\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(configuration): improve how 'additionalProperties' in JSON schema is translated to TS types \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6650\"\u003e#6650\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(configuration): remove stripMinItems and preprocessNullArrays from validation/parsing \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6657\"\u003e#6657\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(configuration): improve handling of enums in generated types \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6659\"\u003e#6659\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(configuration): improve the technique for removing '| null' on types the JSON Schema \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6662\"\u003e#6662\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(sampler-jaeger-remote): add missing axios dep \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6656\"\u003e#6656\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(exporter-prometheus): handle malformed URLs in Prometheus exporter request handler \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6674\"\u003e#6674\u003c/a\u003e \u003ca href=\"https://github.com/homanp\"\u003e\u003ccode\u003e@​homanp\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eexperimental/v0.216.0\u003c/h2\u003e\n\u003ch2\u003e0.216.0\u003c/h2\u003e\n\u003ch3\u003e:rocket: Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat(sdk-node): wire attribute_keys from declarative configuration to ViewOptions.attributesProcessors \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6427\"\u003e#6427\u003c/a\u003e \u003ca href=\"https://github.com/ravitheja4531-cell\"\u003e\u003ccode\u003e@​ravitheja4531-cell\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(sdk-node): set TracerProvider in startNodeSDK() \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6607\"\u003e#6607\u003c/a\u003e \u003ca href=\"https://github.com/maryliag\"\u003e\u003ccode\u003e@​maryliag\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e:bug: Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix(instrumentation-xml-http-request): avoid unwrapping \u003ccode\u003eXMLHttpRequest\u003c/code\u003e API when disabling \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6611\"\u003e#6611\u003c/a\u003e \u003ca href=\"https://github.com/david-luna\"\u003e\u003ccode\u003e@​david-luna\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(instrumentation-fetch): tolerate non-writable \u003ccode\u003eglobalThis.fetch\u003c/code\u003e and fix premature \u003ccode\u003e_isEnabled\u003c/code\u003e / \u003ccode\u003e_isFetchPatched\u003c/code\u003e flips in \u003ccode\u003eenable()\u003c/code\u003e \u003ca href=\"https://github.com/brunorodmoreira\"\u003e\u003ccode\u003e@​brunorodmoreira\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/06ad0eaaecbd49f5ead871325f852cc2a3454079\"\u003e\u003ccode\u003e06ad0ea\u003c/code\u003e\u003c/a\u003e chore: prepare next release (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6703\"\u003e#6703\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/38ca257e64ebd13f5603d5539f8a48d6d9232037\"\u003e\u003ccode\u003e38ca257\u003c/code\u003e\u003c/a\u003e feat(otlp-transformer): replace protobufjs metrics serialization with custom ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/013c60085b84351a4c1e4e4f79e3dd67c56661cd\"\u003e\u003ccode\u003e013c600\u003c/code\u003e\u003c/a\u003e chore: prepare next release (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6699\"\u003e#6699\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/b7a0c63bde39d7916fdb73cbb3d64cf1c93282c5\"\u003e\u003ccode\u003eb7a0c63\u003c/code\u003e\u003c/a\u003e feat(semantic-conventions): update semantic conventions to v1.41.1 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6695\"\u003e#6695\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/774143b2c6667c6537c000ab48ea5ce998278ca0\"\u003e\u003ccode\u003e774143b\u003c/code\u003e\u003c/a\u003e chore(renovate): add minimumReleaseAge to config (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6697\"\u003e#6697\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/e0dafe0d9fadaccf7dd8d7b02dd85531356e2ac1\"\u003e\u003ccode\u003ee0dafe0\u003c/code\u003e\u003c/a\u003e fix(otlp-exporter-base): remove brackets from IPv6 hostname in HTTP transport...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/f804c93d1d6d903036b8bf38f8c3713dbbaf0360\"\u003e\u003ccode\u003ef804c93\u003c/code\u003e\u003c/a\u003e chore(deps): update github/codeql-action digest to 68bde55 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6682\"\u003e#6682\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/95e48e7afcc475ded350b95b43070c54591ecbbb\"\u003e\u003ccode\u003e95e48e7\u003c/code\u003e\u003c/a\u003e refactor(sdk-logs): alias \u003ccode\u003eLoggerProviderConfig\u003c/code\u003e to \u003ccode\u003eLoggerProviderOptions\u003c/code\u003e (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/907b627d9ada25844b0f06551ecd9bbda5c0ea4f\"\u003e\u003ccode\u003e907b627\u003c/code\u003e\u003c/a\u003e feat(sdk-node): allow startNodeSDK() without an arg (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6688\"\u003e#6688\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/0d1526198fafe7f90078ff353103d0427e6c64d4\"\u003e\u003ccode\u003e0d15261\u003c/code\u003e\u003c/a\u003e docs: Add SIG meeting info and welcoming language (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6689\"\u003e#6689\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/compare/experimental/v0.52.1...experimental/v0.218.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for \u003ccode\u003e@​opentelemetry/sdk-node\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ajv` from 8.17.1 to 8.18.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ajv-validator/ajv/releases\"\u003eajv's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.18.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: allow tree-shaking by adding \u003ccode\u003e\u0026quot;sideEffects\u0026quot;: false\u003c/code\u003e to \u003ccode\u003epackage.json\u003c/code\u003e by \u003ca href=\"https://github.com/josdejong\"\u003e\u003ccode\u003e@​josdejong\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2480\"\u003eajv-validator/ajv#2480\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2482\"\u003e#2482\u003c/a\u003e Infinity and NaN serialise to null by \u003ca href=\"https://github.com/jasoniangreen\"\u003e\u003ccode\u003e@​jasoniangreen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2487\"\u003eajv-validator/ajv#2487\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: small grammatical error in managing-schemas.md by \u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2508\"\u003eajv-validator/ajv#2508\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: typos in schema-language.md by \u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2507\"\u003eajv-validator/ajv#2507\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(pattern): use configured RegExp engine with $data keyword to mitigate ReDoS attacks (CVE-2025-69873) by \u003ca href=\"https://github.com/epoberezkin\"\u003e\u003ccode\u003e@​epoberezkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2586\"\u003eajv-validator/ajv#2586\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/josdejong\"\u003e\u003ccode\u003e@​josdejong\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2480\"\u003eajv-validator/ajv#2480\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2508\"\u003eajv-validator/ajv#2508\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0\"\u003ehttps://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/142ce84b807c4fe66e619c22480a28d0e4bd50fa\"\u003e\u003ccode\u003e142ce84\u003c/code\u003e\u003c/a\u003e 8.18.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/720a23fa453ffae8340e92c9b0fe886c54cfe0d5\"\u003e\u003ccode\u003e720a23f\u003c/code\u003e\u003c/a\u003e fix(pattern): use configured RegExp engine with $data keyword to mitigate ReD...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/82735a15826a30cc51e97a1bbfb59b3d388e4b98\"\u003e\u003ccode\u003e82735a1\u003c/code\u003e\u003c/a\u003e fix: typos in schema-language.md (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2507\"\u003e#2507\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/b17ec32cd97542e90ae27231d8a8bce88b9e53b6\"\u003e\u003ccode\u003eb17ec32\u003c/code\u003e\u003c/a\u003e fix: small grammatical error in managing-schemas.md (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2508\"\u003e#2508\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/69568d08564303e2c32a2de61feb833b41075f96\"\u003e\u003ccode\u003e69568d0\u003c/code\u003e\u003c/a\u003e fix: \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2482\"\u003e#2482\u003c/a\u003e Infinity and NaN serialise to null (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2487\"\u003e#2487\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/f06766f33ed7291f84c19f22a1286a34475fbdaf\"\u003e\u003ccode\u003ef06766f\u003c/code\u003e\u003c/a\u003e feat: allow tree-shaking by adding ``\u0026quot;sideEffects\u0026quot;: false\u003ccode\u003eto\u003c/code\u003epackage.json` ...\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `simple-git` from 3.28.0 to 3.36.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/steveukx/git-js/releases\"\u003esimple-git's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003esimple-git@3.36.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e89a2294: Extend known exploitable configuration keys and per-task environment variables.\u003c/p\u003e\n\u003cp\u003eNote - \u003ccode\u003eParsedVulnerabilities\u003c/code\u003e from \u003ccode\u003eargv-parser\u003c/code\u003e is removed in favour of a readonly array of \u003ccode\u003eVulnerability\u003c/code\u003e to match usage in \u003ccode\u003esimple-git\u003c/code\u003e, rolled into the new \u003ccode\u003evulnerabilityCheck\u003c/code\u003e for simpler access to the identified issues.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/zebbern\"\u003e\u003ccode\u003e@​zebbern\u003c/code\u003e\u003c/a\u003e for identifying the need to block \u003ccode\u003ecore.fsmonitor\u003c/code\u003e.\nThanks to \u003ca href=\"https://github.com/kodareef5\"\u003e\u003ccode\u003e@​kodareef5\u003c/code\u003e\u003c/a\u003e for identifying the need to block \u003ccode\u003eGIT_CONFIG_COUNT\u003c/code\u003e environment variables and \u003ccode\u003e--template\u003c/code\u003e / \u003ccode\u003emerge\u003c/code\u003e related config.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e1ad57e8: Remove conflicting node:buffer import\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [89a2294]\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [675570a]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/argv-parser\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.1.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/args-pathspec\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esimple-git@3.35.2\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e0cf9d8c: Improvements for mono-repo publishing pipeline\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [0cf9d8c]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/args-pathspec\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.2\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/argv-parser\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esimple-git@3.35.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e0de400e: Update monorepo version handling during publish\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [0de400e]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/argv-parser\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.2\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esimple-git@3.33.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ea263635: Use \u003ccode\u003epathspec\u003c/code\u003e wrappers for remote and local paths when running either \u003ccode\u003egit.clone\u003c/code\u003e or \u003ccode\u003egit.mirror\u003c/code\u003e to\navoid leaving them less open for unexpected outcomes when passing unsanitised data into these tasks.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003ee253a0d: Enhanced \u003ccode\u003egit -c\u003c/code\u003e checks in \u003ccode\u003eunsafe\u003c/code\u003e plugin.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/JohannesLks\"\u003e\u003ccode\u003e@​JohannesLks\u003c/code\u003e\u003c/a\u003e for identifying the issue\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esimple-git@3.32.3\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ef704208: Enhanced \u003ccode\u003eprotocol.allow\u003c/code\u003e checks in \u003ccode\u003eallowUnsafeExtProtocol\u003c/code\u003e handling.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/steveukx/git-js/blob/main/simple-git/CHANGELOG.md\"\u003esimple-git's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.36.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e89a2294: Extend known exploitable configuration keys and per-task environment variables.\u003c/p\u003e\n\u003cp\u003eNote - \u003ccode\u003eParsedVulnerabilities\u003c/code\u003e from \u003ccode\u003eargv-parser\u003c/code\u003e is removed in favour of a readonly array of \u003ccode\u003eVulnerability\u003c/code\u003e to match usage in \u003ccode\u003esimple-git\u003c/code\u003e, rolled into the new \u003ccode\u003evulnerabilityCheck\u003c/code\u003e for simpler access to the identified issues.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/zebbern\"\u003e\u003ccode\u003e@​zebbern\u003c/code\u003e\u003c/a\u003e for identifying the need to block \u003ccode\u003ecore.fsmonitor\u003c/code\u003e.\nThanks to \u003ca href=\"https://github.com/kodareef5\"\u003e\u003ccode\u003e@​kodareef5\u003c/code\u003e\u003c/a\u003e for identifying the need to block \u003ccode\u003eGIT_CONFIG_COUNT\u003c/code\u003e environment variables and \u003ccode\u003e--template\u003c/code\u003e / \u003ccode\u003emerge\u003c/code\u003e related config.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e1ad57e8: Remove conflicting node:buffer import\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [89a2294]\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [675570a]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/argv-parser\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.1.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/args-pathspec\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.35.2\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e0cf9d8c: Improvements for mono-repo publishing pipeline\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [0cf9d8c]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/args-pathspec\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.2\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/argv-parser\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.35.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e0de400e: Update monorepo version handling during publish\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [0de400e]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/argv-parser\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.2\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.35.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e3d8708b: Updating publish config\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated dependencies [3d8708b]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/args-pathspec\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.1\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/argv-parser\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.34.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/7dc1a532a9ec92fb08c93202954be73175b07d83\"\u003e\u003ccode\u003e7dc1a53\u003c/code\u003e\u003c/a\u003e Version Packages\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/76f5376bd418cb8baf5ec32757af442d47128e22\"\u003e\u003ccode\u003e76f5376\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://github.com/steveukx/git-js/tree/HEAD/simple-git/issues/1061\"\u003e#1061\u003c/a\u003e from Vinzent03/fix/buffer-import\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/89a2294febed5dfe737c4c735d936bb6018746a8\"\u003e\u003ccode\u003e89a2294\u003c/code\u003e\u003c/a\u003e Environment Parsing (\u003ca href=\"https://github.com/steveukx/git-js/tree/HEAD/simple-git/issues/1156\"\u003e#1156\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/1b91b762f047777ca6686f34ac3f7b8a543a4780\"\u003e\u003ccode\u003e1b91b76\u003c/code\u003e\u003c/a\u003e fix: remove explicit node:buffer import\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/e390685960a3461875dce89d87ab80e3143d79fe\"\u003e\u003ccode\u003ee390685\u003c/code\u003e\u003c/a\u003e Version Packages\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/3c9e4b8309667d0cb4102cda770f92075fc781dd\"\u003e\u003ccode\u003e3c9e4b8\u003c/code\u003e\u003c/a\u003e Pin version of \u003ccode\u003e@​simple-git/args-pathspec\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/94ee21fd5a2a6182fbf0f218a5efca2057b567cd\"\u003e\u003ccode\u003e94ee21f\u003c/code\u003e\u003c/a\u003e Export \u003ccode\u003epathspec\u003c/code\u003e types through \u003ccode\u003esimple-git\u003c/code\u003e for backward compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/6d7cb5174273aa33d131172d3770cb386e795171\"\u003e\u003ccode\u003e6d7cb51\u003c/code\u003e\u003c/a\u003e Version Packages\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/0de400e7b014a48113acf673b3409a95b9c87a15\"\u003e\u003ccode\u003e0de400e\u003c/code\u003e\u003c/a\u003e Switch to semver from workspace revisions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/2264722abcb637042dd4cc50d903d69e4ee14b38\"\u003e\u003ccode\u003e2264722\u003c/code\u003e\u003c/a\u003e Version Packages\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/steveukx/git-js/commits/simple-git@3.36.0/simple-git\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for simple-git since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `undici` from 7.10.0 to 7.25.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodejs/undici/releases\"\u003eundici's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.25.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.24.8...v7.25.0\"\u003ehttps://github.com/nodejs/undici/compare/v7.24.8...v7.25.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.24.8\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: backport 401 stream-backed body fix to v7.x by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/5006\"\u003enodejs/undici#5006\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.24.7...v7.24.8\"\u003ehttps://github.com/nodejs/undici/compare/v7.24.7...v7.24.8\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.24.7\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: update broken links in file \u0026quot;Dispatcher.md\u0026quot; by \u003ca href=\"https://github.com/samuel871211\"\u003e\u003ccode\u003e@​samuel871211\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4924\"\u003enodejs/undici#4924\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edoc: remove unused parameter \u003ccode\u003eredirectionLimitReached\u003c/code\u003e by \u003ca href=\"https://github.com/samuel871211\"\u003e\u003ccode\u003e@​samuel871211\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4933\"\u003enodejs/undici#4933\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: skip flaky macOS Node 20 cookie fetch cases by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4932\"\u003enodejs/undici#4932\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(types): align Response with DOM fetch types by \u003ca href=\"https://github.com/theamodhshetty\"\u003e\u003ccode\u003e@​theamodhshetty\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4867\"\u003enodejs/undici#4867\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(types): Fix clone method type declaration to be an instance method rather than instance property by \u003ca href=\"https://github.com/mistval\"\u003e\u003ccode\u003e@​mistval\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4925\"\u003enodejs/undici#4925\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: skip IPv6 tests when IPv6 is not available by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4939\"\u003enodejs/undici#4939\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: correctly handle multi-value rawHeaders in fetch by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4938\"\u003enodejs/undici#4938\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eignore AGENTS.md by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4942\"\u003enodejs/undici#4942\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/samuel871211\"\u003e\u003ccode\u003e@​samuel871211\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4924\"\u003enodejs/undici#4924\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mistval\"\u003e\u003ccode\u003e@​mistval\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4925\"\u003enodejs/undici#4925\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.24.6...v7.24.7\"\u003ehttps://github.com/nodejs/undici/compare/v7.24.6...v7.24.7\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.24.6\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(test): client wasm compatible with clang 22 by \u003ca href=\"https://github.com/rozzilla\"\u003e\u003ccode\u003e@​rozzilla\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4909\"\u003enodejs/undici#4909\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(mock): improve error message when intercepts are exhausted by \u003ca href=\"https://github.com/travisbreaks\"\u003e\u003ccode\u003e@​travisbreaks\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4912\"\u003enodejs/undici#4912\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(websocket): support open diagnostics over h2 by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4921\"\u003enodejs/undici#4921\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: assume http/https scheme for scheme-less proxy env vars by \u003ca href=\"https://github.com/travisbreaks\"\u003e\u003ccode\u003e@​travisbreaks\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4914\"\u003enodejs/undici#4914\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(cache): check Authorization on request headers per RFC 9111 §3.5 by \u003ca href=\"https://github.com/metalix2\"\u003e\u003ccode\u003e@​metalix2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4911\"\u003enodejs/undici#4911\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: wrap kConnector call in try/catch to prevent client hang by \u003ca href=\"https://github.com/veeceey\"\u003e\u003ccode\u003e@​veeceey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4834\"\u003enodejs/undici#4834\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: clarify fetch and FormData pairing by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4922\"\u003enodejs/undici#4922\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: support Connection header with connection-specific header names per RFC 7230 by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4775\"\u003enodejs/undici#4775\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: avoid prototype collisions in parseHeaders by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4923\"\u003enodejs/undici#4923\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump typescript from 5.9.3 to 6.0.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4926\"\u003enodejs/undici#4926\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: auto-init WPT submodule by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4930\"\u003enodejs/undici#4930\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rozzilla\"\u003e\u003ccode\u003e@​rozzilla\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4909\"\u003enodejs/undici#4909\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/veeceey\"\u003e\u003ccode\u003e@​veeceey\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4834\"\u003enodejs/undici#4834\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.24.5...v7.24.6\"\u003ehttps://github.com/nodejs/undici/compare/v7.24.5...v7.24.6\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/12d9045923b7caebb1ae6975ef34c29dbcfd95d0\"\u003e\u003ccode\u003e12d9045\u003c/code\u003e\u003c/a\u003e Bumped v7.25.0 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/5025\"\u003e#5025\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/7a6f7febb30a30748a04f38c21e3641c77d21b0e\"\u003e\u003ccode\u003e7a6f7fe\u003c/code\u003e\u003c/a\u003e Bumped v7.24.8 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/5020\"\u003e#5020\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/1f85ae4b27ed6401e7ccc35eb546ad2e5976121f\"\u003e\u003ccode\u003e1f85ae4\u003c/code\u003e\u003c/a\u003e fix: avoid 401 failures for stream-backed request bodies (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4941\"\u003e#4941\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/5006\"\u003e#5006\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/c6610674dfad7c205ddf0f27831133973ad7894e\"\u003e\u003ccode\u003ec661067\u003c/code\u003e\u003c/a\u003e chore: update v7.x maintenance release flow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/84f23e2a19cd0f585579c4257d801e4ec2d65dbd\"\u003e\u003ccode\u003e84f23e2\u003c/code\u003e\u003c/a\u003e Bumped v7.24.7 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4947\"\u003e#4947\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/a770b1033201984b9e8082a9bf955414bff5dc2e\"\u003e\u003ccode\u003ea770b10\u003c/code\u003e\u003c/a\u003e ignore AGENTS.md (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4942\"\u003e#4942\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/6acd19beaf67c1a2d07bcd38f40d0b751a81e7cc\"\u003e\u003ccode\u003e6acd19b\u003c/code\u003e\u003c/a\u003e fix: correctly handle multi-value rawHeaders in fetch (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4938\"\u003e#4938\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/1da1c747c7d6e01b93ab295e0efb86623f3c8e06\"\u003e\u003ccode\u003e1da1c74\u003c/code\u003e\u003c/a\u003e test: skip IPv6 tests when IPv6 is not available (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4939\"\u003e#4939\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/04cb77327f7ada95c2e5b67424cddcb22d7bf882\"\u003e\u003ccode\u003e04cb773\u003c/code\u003e\u003c/a\u003e fix(types): Fix clone method type declaration to be an instance method rather...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/5145a7c47080d1715b2723591def3a75b0c3ba63\"\u003e\u003ccode\u003e5145a7c\u003c/code\u003e\u003c/a\u003e fix(types): align Response with DOM fetch types (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4867\"\u003e#4867\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nodejs/undici/compare/v7.10.0...v7.25.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for undici since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `brace-expansion` from 1.1.12 to 1.1.14\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/10c05fcf3699b1a29ef5e611c011af3d3c97e6e3\"\u003e\u003ccode\u003e10c05fc\u003c/code\u003e\u003c/a\u003e 1.1.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/1afa1b22ead12f6a7a02f25bf0f7d64c2439b007\"\u003e\u003ccode\u003e1afa1b2\u003c/code\u003e\u003c/a\u003e Add opt-in { max } mitigation to v1 l...\n\n_Description has been truncated_","html_url":"https://github.com/vroonhof/gemini-cli/pull/14","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/vroonhof%2Fgemini-cli/issues/14","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/14/packages"},{"uuid":"4436451191","node_id":"PR_kwDOPFeS3s7bCnRK","number":24,"state":"closed","title":"build(deps): bump the npm_and_yarn group across 3 directories with 21 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-05-23T09:51:50.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-13T09:04:22.000Z","updated_at":"2026-05-23T09:51:52.000Z","time_to_close":866848,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"npm_and_yarn","update_count":21,"packages":[{"name":"glob","old_version":"10.4.5","new_version":"10.5.0","repository_url":"https://github.com/isaacs/node-glob"},{"name":"lodash","old_version":"4.17.21","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"diff","old_version":"7.0.0","new_version":"9.0.0","repository_url":"https://github.com/kpdecker/jsdiff"},{"name":"@modelcontextprotocol/sdk","old_version":"1.15.1","new_version":"1.29.0","repository_url":"https://github.com/modelcontextprotocol/typescript-sdk"},{"name":"@opentelemetry/sdk-node","old_version":"0.52.1","new_version":"0.218.0","repository_url":"https://github.com/open-telemetry/opentelemetry-js"},{"name":"ajv","old_version":"8.17.1","new_version":"8.18.0","repository_url":"https://github.com/ajv-validator/ajv"},{"name":"simple-git","old_version":"3.28.0","new_version":"3.36.0","repository_url":"https://github.com/steveukx/git-js"},{"name":"undici","old_version":"7.10.0","new_version":"7.25.0","repository_url":"https://github.com/nodejs/undici"},{"name":"brace-expansion","old_version":"1.1.12","new_version":"1.1.14","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"minimatch","old_version":"3.1.2","new_version":"3.1.5","repository_url":"https://github.com/isaacs/minimatch"},{"name":"fast-uri","old_version":"3.0.6","new_version":"3.1.2","repository_url":"https://github.com/fastify/fast-uri"},{"name":"flatted","old_version":"3.3.3","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"js-yaml","old_version":"4.1.0","new_version":"4.1.1","repository_url":"https://github.com/nodeca/js-yaml"},{"name":"jws","old_version":"4.0.0","new_version":"4.0.1","repository_url":"https://github.com/brianloveswords/node-jws"},{"name":"path-to-regexp","old_version":"8.2.0","new_version":"8.4.2","repository_url":"https://github.com/pillarjs/path-to-regexp"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"picomatch","old_version":"4.0.2","new_version":"4.0.4","repository_url":"https://github.com/micromatch/picomatch"},{"name":"rollup","old_version":"4.44.0","new_version":"4.60.3","repository_url":"https://github.com/rollup/rollup"},{"name":"vite","old_version":"7.0.0","new_version":"7.3.3","repository_url":"https://github.com/vitejs/vite"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 18 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [glob](https://github.com/isaacs/node-glob) | `10.4.5` | `10.5.0` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [diff](https://github.com/kpdecker/jsdiff) | `7.0.0` | `9.0.0` |\n| [@modelcontextprotocol/sdk](https://github.com/modelcontextprotocol/typescript-sdk) | `1.15.1` | `1.29.0` |\n| [@opentelemetry/sdk-node](https://github.com/open-telemetry/opentelemetry-js) | `0.52.1` | `0.218.0` |\n| [ajv](https://github.com/ajv-validator/ajv) | `8.17.1` | `8.18.0` |\n| [simple-git](https://github.com/steveukx/git-js/tree/HEAD/simple-git) | `3.28.0` | `3.36.0` |\n| [undici](https://github.com/nodejs/undici) | `7.10.0` | `7.25.0` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.12` | `1.1.14` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [fast-uri](https://github.com/fastify/fast-uri) | `3.0.6` | `3.1.2` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `4.1.0` | `4.1.1` |\n| [jws](https://github.com/brianloveswords/node-jws) | `4.0.0` | `4.0.1` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `8.2.0` | `8.4.2` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [picomatch](https://github.com/micromatch/picomatch) | `4.0.2` | `4.0.4` |\n| [rollup](https://github.com/rollup/rollup) | `4.44.0` | `4.60.3` |\n| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `7.0.0` | `7.3.3` |\n\nBumps the npm_and_yarn group with 10 updates in the /packages/core directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [glob](https://github.com/isaacs/node-glob) | `10.4.5` | `12.0.0` |\n| [diff](https://github.com/kpdecker/jsdiff) | `7.0.0` | `8.0.3` |\n| [@modelcontextprotocol/sdk](https://github.com/modelcontextprotocol/typescript-sdk) | `1.12.3` | `1.29.0` |\n| [@opentelemetry/sdk-node](https://github.com/open-telemetry/opentelemetry-js) | `0.52.1` | `0.217.0` |\n| [simple-git](https://github.com/steveukx/git-js/tree/HEAD/simple-git) | `3.28.0` | `3.36.0` |\n| [undici](https://github.com/nodejs/undici) | `7.10.0` | `7.24.0` |\n| [jws](https://github.com/brianloveswords/node-jws) | `4.0.0` | `4.0.1` |\n| [protobufjs](https://github.com/protobufjs/protobuf.js) | `7.5.3` | `7.5.8` |\n| [rollup](https://github.com/rollup/rollup) | `4.43.0` | `4.60.3` |\n| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `6.3.5` | `7.3.3` |\n\nBumps the npm_and_yarn group with 8 updates in the /packages/vscode-ide-companion directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [@modelcontextprotocol/sdk](https://github.com/modelcontextprotocol/typescript-sdk) | `1.15.1` | `1.26.0` |\n| [ajv](https://github.com/ajv-validator/ajv) | `6.12.6` | `6.15.0` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.12` | `1.1.14` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `2.0.2` | `2.1.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [minimatch](https://github.com/isaacs/minimatch) | `9.0.5` | `9.0.9` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `4.1.0` | `4.1.1` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `8.2.0` | `8.4.2` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n\n\nUpdates `glob` from 10.4.5 to 10.5.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-glob/commit/56774ef73b495eb0b17cdd0f42921f5ef62297c1\"\u003e\u003ccode\u003e56774ef\u003c/code\u003e\u003c/a\u003e 10.5.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-glob/commit/1e4e297342a09f2aa0ced87fcd4a70ddc325d75f\"\u003e\u003ccode\u003e1e4e297\u003c/code\u003e\u003c/a\u003e bin: Do not expose filenames to shell expansion\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/isaacs/node-glob/compare/v10.4.5...v10.5.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lodash` from 4.17.21 to 4.18.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lodash/lodash/releases\"\u003elodash's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.18.1\u003c/h2\u003e\n\u003ch2\u003eBugs\u003c/h2\u003e\n\u003cp\u003eFixes a \u003ccode\u003eReferenceError\u003c/code\u003e issue in \u003ccode\u003elodash\u003c/code\u003e \u003ccode\u003elodash-es\u003c/code\u003e \u003ccode\u003elodash-amd\u003c/code\u003e and \u003ccode\u003elodash.template\u003c/code\u003e when using the \u003ccode\u003etemplate\u003c/code\u003e and \u003ccode\u003efromPairs\u003c/code\u003e functions from the modular builds. See \u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6167#issuecomment-4165269769\"\u003elodash/lodash#6167\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThese defects were related to how lodash distributions are built from the main branch using \u003ca href=\"https://github.com/lodash-archive/lodash-cli\"\u003ehttps://github.com/lodash-archive/lodash-cli\u003c/a\u003e. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.\u003c/p\u003e\n\u003cp\u003eThere is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003elodash\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-es\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-amd\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash.template\u003c/code\u003e\u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.18.0\u003c/h2\u003e\n\u003ch2\u003ev4.18.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.23...4.18.0\"\u003ehttps://github.com/lodash/lodash/compare/4.17.23...4.18.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.unset\u003c/code\u003e / \u003ccode\u003e_.omit\u003c/code\u003e\u003c/strong\u003e: Fixed prototype pollution via \u003ccode\u003econstructor\u003c/code\u003e/\u003ccode\u003eprototype\u003c/code\u003e path traversal (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-f23m-r3pf-42rh\"\u003eGHSA-f23m-r3pf-42rh\u003c/a\u003e, \u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003efe8d32e\u003c/a\u003e). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now \u003ccode\u003econstructor\u003c/code\u003e and \u003ccode\u003eprototype\u003c/code\u003e are blocked unconditionally as non-terminal path keys, matching \u003ccode\u003ebaseSet\u003c/code\u003e. Calls that previously returned \u003ccode\u003etrue\u003c/code\u003e and deleted the property now return \u003ccode\u003efalse\u003c/code\u003e and leave the target untouched.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.template\u003c/code\u003e\u003c/strong\u003e: Fixed code injection via \u003ccode\u003eimports\u003c/code\u003e keys (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-r5fr-rjxr-66jc\"\u003eGHSA-r5fr-rjxr-66jc\u003c/a\u003e, CVE-2026-4800, \u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e879aaa9\u003c/a\u003e). Fixes an incomplete patch for CVE-2021-23337. The \u003ccode\u003evariable\u003c/code\u003e option was validated against \u003ccode\u003ereForbiddenIdentifierChars\u003c/code\u003e but \u003ccode\u003eimportsKeys\u003c/code\u003e was left unguarded, allowing code injection via the same \u003ccode\u003eFunction()\u003c/code\u003e constructor sink. \u003ccode\u003eimports\u003c/code\u003e keys containing forbidden identifier characters now throw \u003ccode\u003e\u0026quot;Invalid imports option passed into _.template\u0026quot;\u003c/code\u003e.\u003c/p\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd security notice for \u003ccode\u003e_.template\u003c/code\u003e in threat model and API docs (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6099\"\u003e#6099\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDocument \u003ccode\u003elower \u0026gt; upper\u003c/code\u003e behavior in \u003ccode\u003e_.random\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6115\"\u003e#6115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix quotes in \u003ccode\u003e_.compact\u003c/code\u003e jsdoc (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6090\"\u003e#6090\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ccode\u003elodash.*\u003c/code\u003e modular packages\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6157\"\u003eDiff\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eWe have also regenerated and published a select number of the \u003ccode\u003elodash.*\u003c/code\u003e modular packages.\u003c/p\u003e\n\u003cp\u003eThese modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.orderby\"\u003elodash.orderby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.tonumber\"\u003elodash.tonumber\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trim\"\u003elodash.trim\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trimend\"\u003elodash.trimend\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.sortedindexby\"\u003elodash.sortedindexby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.zipobjectdeep\"\u003elodash.zipobjectdeep\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.unset\"\u003elodash.unset\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.omit\"\u003elodash.omit\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.template\"\u003elodash.template\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/cb0b9b9212521c08e3eafe7c8cb0af1b42b6649e\"\u003e\u003ccode\u003ecb0b9b9\u003c/code\u003e\u003c/a\u003e release(patch): bump main to 4.18.1 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6177\"\u003e#6177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/75535f57883b7225adb96de1cfc1cd4169cfcb51\"\u003e\u003ccode\u003e75535f5\u003c/code\u003e\u003c/a\u003e chore: prune stale advisory refs (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6170\"\u003e#6170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/62e91bc6a39c98d85b9ada8c44d40593deaf82a4\"\u003e\u003ccode\u003e62e91bc\u003c/code\u003e\u003c/a\u003e docs: remove n_ Node.js \u0026lt; 6 REPL note from README (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6165\"\u003e#6165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/59be2de61f8aa9461c7856533b51d31b7d8babc4\"\u003e\u003ccode\u003e59be2de\u003c/code\u003e\u003c/a\u003e release(minor): bump to 4.18.0 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6161\"\u003e#6161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/af634573030f979194871da7c68f79420992f53d\"\u003e\u003ccode\u003eaf63457\u003c/code\u003e\u003c/a\u003e fix: broken tests for _.template 879aaa9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/1073a7693e1727e0cf3641e5f71f75ddcf8de7c0\"\u003e\u003ccode\u003e1073a76\u003c/code\u003e\u003c/a\u003e fix: linting issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e\u003ccode\u003e879aaa9\u003c/code\u003e\u003c/a\u003e fix: validate imports keys in _.template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003e\u003ccode\u003efe8d32e\u003c/code\u003e\u003c/a\u003e fix: block prototype pollution in baseUnset via constructor/prototype traversal\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/18ba0a32f42fd02117f096b032f89c984173462d\"\u003e\u003ccode\u003e18ba0a3\u003c/code\u003e\u003c/a\u003e refactor(fromPairs): use baseAssignValue for consistent assignment (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6153\"\u003e#6153\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/b8190803d48d60b8c80ad45d39125f32fa618cb2\"\u003e\u003ccode\u003eb819080\u003c/code\u003e\u003c/a\u003e ci: add dist sync validation workflow (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6137\"\u003e#6137\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.21...4.18.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `diff` from 7.0.0 to 9.0.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kpdecker/jsdiff/blob/master/release-notes.md\"\u003ediff's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e9.0.0\u003c/h2\u003e\n\u003cp\u003e(All changes part of PR \u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/672\"\u003e#672\u003c/a\u003e.)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eES5 support is dropped\u003c/strong\u003e. \u003ccode\u003eparsePatch\u003c/code\u003e now uses \u003ccode\u003eTextDecoder\u003c/code\u003e and \u003ccode\u003eUint8Array\u003c/code\u003e, which are not available in ES5, and TypeScript is now compiled with the \u0026quot;es6\u0026quot; \u003ccode\u003etarget\u003c/code\u003e. From now on, I intend to freely use any features that are deemed \u0026quot;Widely available\u0026quot; by \u003ca href=\"https://web.dev/baseline\"\u003eBaseline\u003c/a\u003e. Users who need ES5 support should stick to version 8.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eC-style quoted strings in filename headers are now properly supported\u003c/strong\u003e.\u003c/p\u003e\n\u003cp\u003eWhen the name of either the old or new file in a patch contains \u0026quot;special characters\u0026quot;, both GNU \u003ccode\u003ediff\u003c/code\u003e and Git quote the filename in the patch's headers and escape special characters using the same escape sequences that are used in string literals in C, including octal escapes for all non-ASCII characters. Previously, jsdiff had very little support for this; \u003ccode\u003eparsePatch\u003c/code\u003e would remove the quotes, and unescape any escaped backslashes, but would not unescape other escape sequences. \u003ccode\u003eformatPatch\u003c/code\u003e, meanwhile, did not quote or escape special characters at all.\u003c/p\u003e\n\u003cp\u003eNow, \u003ccode\u003eparsePatch\u003c/code\u003e parses all the possible escape sequences that GNU diff (or Git) ever output, and \u003ccode\u003eformatPatch\u003c/code\u003e quotes and escapes filenames containing special characters in the same way GNU diff does.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003eformatPatch\u003c/code\u003e now omits file headers when \u003ccode\u003eoldFileName\u003c/code\u003e or \u003ccode\u003enewFileName\u003c/code\u003e in the provided patch object are \u003ccode\u003eundefined\u003c/code\u003e\u003c/strong\u003e, regardless of the \u003ccode\u003eheaderOptions\u003c/code\u003e parameter. (Previously, it would treat the absence of \u003ccode\u003eoldFileName\u003c/code\u003e or \u003ccode\u003enewFileName\u003c/code\u003e as indicating the filename was the word \u0026quot;undefined\u0026quot; and emit headers \u003ccode\u003e--- undefined\u003c/code\u003e / \u003ccode\u003e+++ undefined\u003c/code\u003e.)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003eformatPatch\u003c/code\u003e no longer outputs trailing tab characters at the end of \u003ccode\u003e---\u003c/code\u003e/\u003ccode\u003e+++\u003c/code\u003e headers.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003ePreviously, if \u003ccode\u003eformatPatch\u003c/code\u003e was passed a patch object to serialize that had empty strings for the \u003ccode\u003eoldHeader\u003c/code\u003e or \u003ccode\u003enewHeader\u003c/code\u003e property, it would include a trailing tab character after the filename in the \u003ccode\u003e---\u003c/code\u003e and/or \u003ccode\u003e+++\u003c/code\u003e file header. Now, this scenario is treated the same as when \u003ccode\u003eoldHeader\u003c/code\u003e/\u003ccode\u003enewHeader\u003c/code\u003e is \u003ccode\u003eundefined\u003c/code\u003e - i.e. the trailing tab is omitted.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003eformatPatch\u003c/code\u003e no longer mutates its input\u003c/strong\u003e when serializing a patch containing a hunk where either the old or new content contained zero lines. (Such a hunk occurs only when the hunk has no context lines and represents a pure insertion or pure deletion, which for instance will occur whenever one of the two files being diffed is completely empty.) Previously \u003ccode\u003eformatPatch\u003c/code\u003e would provide the correct output but also mutate the \u003ccode\u003eoldLines\u003c/code\u003e or \u003ccode\u003enewLines\u003c/code\u003e property on the hunk, changing the meaning of the underlying patch.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eGit-style patches are now supported by \u003ccode\u003eparsePatch\u003c/code\u003e, \u003ccode\u003eformatPatch\u003c/code\u003e, and \u003ccode\u003ereversePatch\u003c/code\u003e\u003c/strong\u003e.\u003c/p\u003e\n\u003cp\u003ePatches output by \u003ccode\u003egit diff\u003c/code\u003e can include some features that are unlike those output by GNU \u003ccode\u003ediff\u003c/code\u003e, and therefore not handled by an ordinary unified diff format parser. An ordinary diff simply describes the differences between the \u003cem\u003econtent\u003c/em\u003e of two files, but Git diffs can also indicate, via \u0026quot;extended headers\u0026quot;, the creation or deletion of (potentially empty) files, indicate that a file was renamed, and contain information about file mode changes. Furthermore, when these changes appear in a diff in the absence of a content change (e.g. when an empty file is created, or a file is renamed without content changes), the patch will contain no associated \u003ccode\u003e---\u003c/code\u003e/\u003ccode\u003e+++\u003c/code\u003e file headers nor any hunks.\u003c/p\u003e\n\u003cp\u003ejsdiff previously did not support parsing Git's extended headers, nor hunkless patches. Now \u003ccode\u003eparsePatch\u003c/code\u003e parses some of the extended headers, parses hunkless Git patches, and can determine filenames (e.g. from the extended headers) when parsing a patch that includes no \u003ccode\u003e---\u003c/code\u003e or \u003ccode\u003e+++\u003c/code\u003e file headers. The additional information conveyed by the extended headers we support is recorded on new fields on the result object returned by \u003ccode\u003eparsePatch\u003c/code\u003e. See \u003ccode\u003eisGit\u003c/code\u003e and subsequent properties in the docs in the README.md file.\u003c/p\u003e\n\u003cp\u003e\u003ccode\u003eformatPatch\u003c/code\u003e now outputs extended headers based on these new Git-specific properties, and \u003ccode\u003ereversePatch\u003c/code\u003e respects them as far as possible (with one unavoidable caveat noted in the README.md file).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eUnpaired file headers now cause \u003ccode\u003eparsePatch\u003c/code\u003e to throw\u003c/strong\u003e.\u003c/p\u003e\n\u003cp\u003eIt remains acceptable to have a patch with no file headers whatsoever (e.g. one that begins with a \u003ccode\u003e@@\u003c/code\u003e hunk header on the very first line), but a patch with \u003cem\u003eonly\u003c/em\u003e a \u003ccode\u003e---\u003c/code\u003e header or only a \u003ccode\u003e+++\u003c/code\u003e header is now considered an error.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003eparsePatch\u003c/code\u003e is now more tolerant of \u0026quot;trailing garbage\u0026quot;\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eThat is: after a patch, or between files/indexes in a patch, it is now acceptable to have arbitrary lines of \u0026quot;garbage\u0026quot; (so long as they unambiguously have no syntactic meaning - e.g. trailing garbage that leads with a \u003ccode\u003e+\u003c/code\u003e, \u003ccode\u003e-\u003c/code\u003e, or \u003ccode\u003e \u003c/code\u003e and thus is interpretable as part of a hunk still triggers a throw).\u003c/p\u003e\n\u003cp\u003eThis means we no longer reject patches output by tools that include extra data in \u0026quot;garbage\u0026quot; lines not understood by generic unified diff parsers. (For example, SVN patches can include \u0026quot;Property changes on:\u0026quot; lines that generic unified diff parsers should discard as garbage; jsdiff previously threw errors when encountering them.)\u003c/p\u003e\n\u003cp\u003eThis change brings jsdiff's behaviour more in line with GNU \u003ccode\u003epatch\u003c/code\u003e, which is highly permissive of \u0026quot;garbage\u0026quot;.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eThe \u003ccode\u003eoldFileName\u003c/code\u003e and \u003ccode\u003enewFileName\u003c/code\u003e fields of \u003ccode\u003eStructuredPatch\u003c/code\u003e are now typed as \u003ccode\u003estring | undefined\u003c/code\u003e instead of \u003ccode\u003estring\u003c/code\u003e\u003c/strong\u003e. This type change reflects the (pre-existing) reality that \u003ccode\u003eparsePatch\u003c/code\u003e can produce patches without filenames (e.g. when parsing a patch that simply contains hunks with no file headers).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.0.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/667\"\u003e#667\u003c/a\u003e - \u003cstrong\u003efix another bug in \u003ccode\u003ediffWords\u003c/code\u003e when used with an \u003ccode\u003eIntl.Segmenter\u003c/code\u003e\u003c/strong\u003e. If the text to be diffed included a combining mark after a whitespace character (i.e. roughly speaking, an accented space), \u003ccode\u003ediffWords\u003c/code\u003e would previously crash. Now this case is handled correctly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.0.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/631\"\u003e#631\u003c/a\u003e - \u003cstrong\u003efix support for using an \u003ccode\u003eIntl.Segmenter\u003c/code\u003e with \u003ccode\u003ediffWords\u003c/code\u003e\u003c/strong\u003e. This has been almost completely broken since the feature was added in v6.0.0, since it would outright crash on any text that featured two consecutive newlines between a pair of words (a very common case).\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/635\"\u003e#635\u003c/a\u003e - \u003cstrong\u003esmall tweaks to tokenization behaviour of \u003ccode\u003ediffWords\u003c/code\u003e\u003c/strong\u003e when used \u003cem\u003ewithout\u003c/em\u003e an \u003ccode\u003eIntl.Segmenter\u003c/code\u003e. Specifically, the soft hyphen (U+00AD) is no longer considered to be a word break, and the multiplication and division signs (\u003ccode\u003e×\u003c/code\u003e and \u003ccode\u003e÷\u003c/code\u003e) are now treated as punctuation instead of as letters / word characters.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/ed13aca03aa25735fafc0645d1185e7a1c68fd8c\"\u003e\u003ccode\u003eed13aca\u003c/code\u003e\u003c/a\u003e Update version in package.json and in release notes (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/683\"\u003e#683\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/7a49317b503a932b88fc72ad9c57a481df038e24\"\u003e\u003ccode\u003e7a49317\u003c/code\u003e\u003c/a\u003e Bump dependencies again (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/682\"\u003e#682\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/afe5aecad189c9f5941ad3feb3c94c46b32ecb0a\"\u003e\u003ccode\u003eafe5aec\u003c/code\u003e\u003c/a\u003e Add Git support, and otherwise variously improve \u0026amp; fix parsePatch (and other ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/2e46779d8866ce7da1303a03db33ed038590c6f6\"\u003e\u003ccode\u003e2e46779\u003c/code\u003e\u003c/a\u003e Fix a typo (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/679\"\u003e#679\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/dd2f99497703a1540b2ae406b51c49b74b5fc1a1\"\u003e\u003ccode\u003edd2f994\u003c/code\u003e\u003c/a\u003e 8.0.4 release (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/678\"\u003e#678\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/3cc438434db53c5d1c40412b727ea7650f6f145a\"\u003e\u003ccode\u003e3cc4384\u003c/code\u003e\u003c/a\u003e Update docs on releasing to reflect migration to yarn berry (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/677\"\u003e#677\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/6fc2aa6b7672af08774b50aae00d97b99c5b5715\"\u003e\u003ccode\u003e6fc2aa6\u003c/code\u003e\u003c/a\u003e yarn up '*' \u0026amp;\u0026amp; yarn up -R '**' (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/676\"\u003e#676\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/af7393ac3404565dc8da655c2e7aeeed28c01ff7\"\u003e\u003ccode\u003eaf7393a\u003c/code\u003e\u003c/a\u003e yarn up '*' \u0026amp;\u0026amp; yarn up -R '**' (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/670\"\u003e#670\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/4b5d1800370bf29b61a3378fb8086aeb231d3ef7\"\u003e\u003ccode\u003e4b5d180\u003c/code\u003e\u003c/a\u003e Fix another bug in diffWords's \u0026quot;intlSegmenter\u0026quot; mode (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/667\"\u003e#667\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/10da50c466709e7bd4b192dac96af0af46f8b7bd\"\u003e\u003ccode\u003e10da50c\u003c/code\u003e\u003c/a\u003e yarn up '*' \u0026amp;\u0026amp; yarn up -R '**' (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/666\"\u003e#666\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kpdecker/jsdiff/compare/7.0.0...v9.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@modelcontextprotocol/sdk` from 1.15.1 to 1.29.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/releases\"\u003e@​modelcontextprotocol/sdk's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.29.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: treat v1.x as primary branch for npm latest tag (backport \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1577\"\u003e#1577\u003c/a\u003e) by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1749\"\u003emodelcontextprotocol/typescript-sdk#1749\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[v1.x] fix: disallow null (infinite) requested TTL by \u003ca href=\"https://github.com/LucaButBoring\"\u003e\u003ccode\u003e@​LucaButBoring\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1339\"\u003emodelcontextprotocol/typescript-sdk#1339\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[v1.x] fix: add missing size field to ResourceSchema by \u003ca href=\"https://github.com/olaservo\"\u003e\u003ccode\u003e@​olaservo\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1575\"\u003emodelcontextprotocol/typescript-sdk#1575\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd typings exports by \u003ca href=\"https://github.com/tdraier\"\u003e\u003ccode\u003e@​tdraier\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1623\"\u003emodelcontextprotocol/typescript-sdk#1623\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev1.x npm audit fix by \u003ca href=\"https://github.com/KKonstantinov\"\u003e\u003ccode\u003e@​KKonstantinov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1780\"\u003emodelcontextprotocol/typescript-sdk#1780\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev1.x \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1623\"\u003e#1623\u003c/a\u003e follow up -add missing types to package.json by \u003ca href=\"https://github.com/KKonstantinov\"\u003e\u003ccode\u003e@​KKonstantinov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1773\"\u003emodelcontextprotocol/typescript-sdk#1773\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[v1.x backport] Allow servers / clients to advertise extensions in the capability object by \u003ca href=\"https://github.com/localden\"\u003e\u003ccode\u003e@​localden\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1811\"\u003emodelcontextprotocol/typescript-sdk#1811\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(stdio): always set windowsHide on Windows, not just in Electron by \u003ca href=\"https://github.com/jnMetaCode\"\u003e\u003ccode\u003e@​jnMetaCode\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1640\"\u003emodelcontextprotocol/typescript-sdk#1640\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: bump version to 1.29.0 by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1820\"\u003emodelcontextprotocol/typescript-sdk#1820\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tdraier\"\u003e\u003ccode\u003e@​tdraier\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1623\"\u003emodelcontextprotocol/typescript-sdk#1623\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jnMetaCode\"\u003e\u003ccode\u003e@​jnMetaCode\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1640\"\u003emodelcontextprotocol/typescript-sdk#1640\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/v1.28.0...v1.29.0\"\u003ehttps://github.com/modelcontextprotocol/typescript-sdk/compare/v1.28.0...v1.29.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.28.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: use scopes_supported from resource metadata by default (fixes \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/580\"\u003e#580\u003c/a\u003e) by \u003ca href=\"https://github.com/antogyn\"\u003e\u003ccode\u003e@​antogyn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/757\"\u003emodelcontextprotocol/typescript-sdk#757\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[v1.x backport] Default to client_secret_basic when server omits token_endpoint_auth_methods_supported by \u003ca href=\"https://github.com/pcarleton\"\u003e\u003ccode\u003e@​pcarleton\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1611\"\u003emodelcontextprotocol/typescript-sdk#1611\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: reject plain JSON Schema objects passed as inputSchema by \u003ca href=\"https://github.com/tiluckdave\"\u003e\u003ccode\u003e@​tiluckdave\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1596\"\u003emodelcontextprotocol/typescript-sdk#1596\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: clear _timeoutInfo in _onclose() and scope .finally() abort controller cleanup by \u003ca href=\"https://github.com/pcarleton\"\u003e\u003ccode\u003e@​pcarleton\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1462\"\u003emodelcontextprotocol/typescript-sdk#1462\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(server/auth): RFC 8252 loopback port relaxation by \u003ca href=\"https://github.com/poteat\"\u003e\u003ccode\u003e@​poteat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1738\"\u003emodelcontextprotocol/typescript-sdk#1738\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: bump version to 1.28.0 by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1746\"\u003emodelcontextprotocol/typescript-sdk#1746\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/antogyn\"\u003e\u003ccode\u003e@​antogyn\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/757\"\u003emodelcontextprotocol/typescript-sdk#757\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tiluckdave\"\u003e\u003ccode\u003e@​tiluckdave\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1596\"\u003emodelcontextprotocol/typescript-sdk#1596\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/poteat\"\u003e\u003ccode\u003e@​poteat\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1738\"\u003emodelcontextprotocol/typescript-sdk#1738\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/v1.27.1...v1.28.0\"\u003ehttps://github.com/modelcontextprotocol/typescript-sdk/compare/v1.27.1...v1.28.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.27.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: implement auth/pre-registration conformance scenario by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1545\"\u003emodelcontextprotocol/typescript-sdk#1545\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: add governance documentation for SEP-1730 by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1547\"\u003emodelcontextprotocol/typescript-sdk#1547\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: comprehensive feature documentation for SEP-1730 Tier 1 by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1548\"\u003emodelcontextprotocol/typescript-sdk#1548\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: prevent command injection in example URL opening (v1.x backport) by \u003ca href=\"https://github.com/maxisbey\"\u003e\u003ccode\u003e@​maxisbey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1579\"\u003emodelcontextprotocol/typescript-sdk#1579\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: call onerror for silently swallowed transport errors by \u003ca href=\"https://github.com/qing-ant\"\u003e\u003ccode\u003e@​qing-ant\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1580\"\u003emodelcontextprotocol/typescript-sdk#1580\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: bump version to 1.27.1 by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1581\"\u003emodelcontextprotocol/typescript-sdk#1581\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qing-ant\"\u003e\u003ccode\u003e@​qing-ant\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1580\"\u003emodelcontextprotocol/typescript-sdk#1580\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/v1.27.0...v1.27.1\"\u003ehttps://github.com/modelcontextprotocol/typescript-sdk/compare/v1.27.0...v1.27.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.27.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/e12cbd7078db388152f6e839abdbe09ba01f3f32\"\u003e\u003ccode\u003ee12cbd7\u003c/code\u003e\u003c/a\u003e chore: bump version to 1.29.0 (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1820\"\u003e#1820\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/3913fd4443a86536155e3ebef9edd2045c372c1e\"\u003e\u003ccode\u003e3913fd4\u003c/code\u003e\u003c/a\u003e fix(stdio): always set windowsHide on Windows, not just in Electron (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1640\"\u003e#1640\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/5608e78dd0d4ca6cd7dd03278419578f1780365a\"\u003e\u003ccode\u003e5608e78\u003c/code\u003e\u003c/a\u003e [v1.x backport] Allow servers / clients to advertise extensions in the capabi...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/7213816788e634ffb9d09affe50f0295093bfb73\"\u003e\u003ccode\u003e7213816\u003c/code\u003e\u003c/a\u003e v1.x \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1623\"\u003e#1623\u003c/a\u003e follow up -add missing types to package.json (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1773\"\u003e#1773\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/364f38ca2d8895aed7c37b7a0a1031bb7ae4841c\"\u003e\u003ccode\u003e364f38c\u003c/code\u003e\u003c/a\u003e v1.x npm audit fix (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1780\"\u003e#1780\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/c95cc0943b045517e4cc414baf1f168b216c3142\"\u003e\u003ccode\u003ec95cc09\u003c/code\u003e\u003c/a\u003e Add typings exports (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1623\"\u003e#1623\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/ddadaa6cc633fb5db0c094bf031b15b68a357820\"\u003e\u003ccode\u003eddadaa6\u003c/code\u003e\u003c/a\u003e [v1.x] fix: add missing size field to ResourceSchema (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1575\"\u003e#1575\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/2a158513028d9f862c4188b6957e78cd5663f26b\"\u003e\u003ccode\u003e2a15851\u003c/code\u003e\u003c/a\u003e [v1.x] fix: disallow null (infinite) requested TTL (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1339\"\u003e#1339\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/13e30f1d36de8442417fec695983bdb155c00768\"\u003e\u003ccode\u003e13e30f1\u003c/code\u003e\u003c/a\u003e fix: treat v1.x as primary branch for npm latest tag (backport \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1577\"\u003e#1577\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1749\"\u003e#1749\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/a0565695218544fc53e99bf5b544a887d373cefa\"\u003e\u003ccode\u003ea056569\u003c/code\u003e\u003c/a\u003e chore: bump version to 1.28.0 (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1746\"\u003e#1746\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/1.15.1...v1.29.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~pcarleton\"\u003epcarleton\u003c/a\u003e, a new releaser for \u003ccode\u003e@​modelcontextprotocol/sdk\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@opentelemetry/sdk-node` from 0.52.1 to 0.218.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/releases\"\u003e@​opentelemetry/sdk-node's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eexperimental/v0.218.0\u003c/h2\u003e\n\u003ch2\u003e0.218.0\u003c/h2\u003e\n\u003ch3\u003e:rocket: Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat(otlp-transformer): replace protobufjs metrics serialization with custom implementation \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6629\"\u003e#6625\u003c/a\u003e \u003ca href=\"https://github.com/pichlermarc\"\u003e\u003ccode\u003e@​pichlermarc\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(configuration): show all config validation errors, if there are multiple \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6683\"\u003e#6683\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(sdk-node): allow startNodeSDK() without an arg \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6688\"\u003e#6688\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e:house: Internal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003erefactor(sdk-logs): alias \u003ccode\u003eLoggerProviderConfig\u003c/code\u003e to \u003ccode\u003eLoggerProviderOptions\u003c/code\u003e \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6691\"\u003e#6691\u003c/a\u003e \u003ca href=\"https://github.com/david-luna\"\u003e\u003ccode\u003e@​david-luna\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erefactor(sdk-logs): use \u003ccode\u003eLogger.enabled()\u003c/code\u003e within \u003ccode\u003eLogger.emit()\u003c/code\u003e implementation \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6680\"\u003e#6680\u003c/a\u003e \u003ca href=\"https://github.com/david-luna\"\u003e\u003ccode\u003e@​david-luna\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eexperimental/v0.217.0\u003c/h2\u003e\n\u003ch2\u003e0.217.0\u003c/h2\u003e\n\u003ch3\u003e:rocket: Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat(otlp-transformer): replace protobufjs trace serialization with custom implementation \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6625\"\u003e#6625\u003c/a\u003e \u003ca href=\"https://github.com/pichlermarc\"\u003e\u003ccode\u003e@​pichlermarc\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(configuration): auto-generate TypeScript types from OTel declarative config JSON schema (stable v1.0.0) using \u003ccode\u003ejson-schema-to-typescript\u003c/code\u003e and \u003ccode\u003eajv\u003c/code\u003e \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6533\"\u003e#6533\u003c/a\u003e \u003ca href=\"https://github.com/MikeGoldsmith\"\u003e\u003ccode\u003e@​MikeGoldsmith\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(configuration, sdk-node): \u003ccode\u003estartNodeSDK()\u003c/code\u003e code path now uses \u003ccode\u003elog_level\u003c/code\u003e configuration to setup a DiagConsoleLogger \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6668\"\u003e#6668\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eNote that allowed values for \u003ccode\u003elog_level\u003c/code\u003e in a configuration YAML file are \u003cem\u003enot\u003c/em\u003e the same set as for \u003ccode\u003eOTEL_LOG_LEVEL\u003c/code\u003e. Use \u003ccode\u003elog_level: trace\u003c/code\u003e to see \u003cem\u003eall\u003c/em\u003e logs (equivalent of \u003ccode\u003eOTEL_LOG_LEVEL=ALL\u003c/code\u003e). Use \u003ccode\u003elog_level: fatal\u003c/code\u003e to effectively disable the SDK's internal diagnostic logger (equivalent of \u003ccode\u003eOTEL_LOG_LEVEL=NONE\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eIf \u003ccode\u003elog_level\u003c/code\u003e is not specified, a diagnostic console logger at \u0026quot;info\u0026quot; level will be setup.\u003c/li\u003e\n\u003cli\u003eAn invalid YAML config file will now result in a noop OTel SDK.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e:bug: Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix(configuration): do not validate \u003ccode\u003eOTEL_CONFIG_FILE\u003c/code\u003e value before using it for file config \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6643\"\u003e#6643\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(configuration): improve how 'additionalProperties' in JSON schema is translated to TS types \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6650\"\u003e#6650\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(configuration): remove stripMinItems and preprocessNullArrays from validation/parsing \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6657\"\u003e#6657\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(configuration): improve handling of enums in generated types \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6659\"\u003e#6659\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(configuration): improve the technique for removing '| null' on types the JSON Schema \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6662\"\u003e#6662\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(sampler-jaeger-remote): add missing axios dep \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6656\"\u003e#6656\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(exporter-prometheus): handle malformed URLs in Prometheus exporter request handler \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6674\"\u003e#6674\u003c/a\u003e \u003ca href=\"https://github.com/homanp\"\u003e\u003ccode\u003e@​homanp\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eexperimental/v0.216.0\u003c/h2\u003e\n\u003ch2\u003e0.216.0\u003c/h2\u003e\n\u003ch3\u003e:rocket: Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat(sdk-node): wire attribute_keys from declarative configuration to ViewOptions.attributesProcessors \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6427\"\u003e#6427\u003c/a\u003e \u003ca href=\"https://github.com/ravitheja4531-cell\"\u003e\u003ccode\u003e@​ravitheja4531-cell\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(sdk-node): set TracerProvider in startNodeSDK() \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6607\"\u003e#6607\u003c/a\u003e \u003ca href=\"https://github.com/maryliag\"\u003e\u003ccode\u003e@​maryliag\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e:bug: Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix(instrumentation-xml-http-request): avoid unwrapping \u003ccode\u003eXMLHttpRequest\u003c/code\u003e API when disabling \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6611\"\u003e#6611\u003c/a\u003e \u003ca href=\"https://github.com/david-luna\"\u003e\u003ccode\u003e@​david-luna\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(instrumentation-fetch): tolerate non-writable \u003ccode\u003eglobalThis.fetch\u003c/code\u003e and fix premature \u003ccode\u003e_isEnabled\u003c/code\u003e / \u003ccode\u003e_isFetchPatched\u003c/code\u003e flips in \u003ccode\u003eenable()\u003c/code\u003e \u003ca href=\"https://github.com/brunorodmoreira\"\u003e\u003ccode\u003e@​brunorodmoreira\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/06ad0eaaecbd49f5ead871325f852cc2a3454079\"\u003e\u003ccode\u003e06ad0ea\u003c/code\u003e\u003c/a\u003e chore: prepare next release (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6703\"\u003e#6703\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/38ca257e64ebd13f5603d5539f8a48d6d9232037\"\u003e\u003ccode\u003e38ca257\u003c/code\u003e\u003c/a\u003e feat(otlp-transformer): replace protobufjs metrics serialization with custom ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/013c60085b84351a4c1e4e4f79e3dd67c56661cd\"\u003e\u003ccode\u003e013c600\u003c/code\u003e\u003c/a\u003e chore: prepare next release (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6699\"\u003e#6699\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/b7a0c63bde39d7916fdb73cbb3d64cf1c93282c5\"\u003e\u003ccode\u003eb7a0c63\u003c/code\u003e\u003c/a\u003e feat(semantic-conventions): update semantic conventions to v1.41.1 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6695\"\u003e#6695\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/774143b2c6667c6537c000ab48ea5ce998278ca0\"\u003e\u003ccode\u003e774143b\u003c/code\u003e\u003c/a\u003e chore(renovate): add minimumReleaseAge to config (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6697\"\u003e#6697\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/e0dafe0d9fadaccf7dd8d7b02dd85531356e2ac1\"\u003e\u003ccode\u003ee0dafe0\u003c/code\u003e\u003c/a\u003e fix(otlp-exporter-base): remove brackets from IPv6 hostname in HTTP transport...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/f804c93d1d6d903036b8bf38f8c3713dbbaf0360\"\u003e\u003ccode\u003ef804c93\u003c/code\u003e\u003c/a\u003e chore(deps): update github/codeql-action digest to 68bde55 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6682\"\u003e#6682\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/95e48e7afcc475ded350b95b43070c54591ecbbb\"\u003e\u003ccode\u003e95e48e7\u003c/code\u003e\u003c/a\u003e refactor(sdk-logs): alias \u003ccode\u003eLoggerProviderConfig\u003c/code\u003e to \u003ccode\u003eLoggerProviderOptions\u003c/code\u003e (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/907b627d9ada25844b0f06551ecd9bbda5c0ea4f\"\u003e\u003ccode\u003e907b627\u003c/code\u003e\u003c/a\u003e feat(sdk-node): allow startNodeSDK() without an arg (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6688\"\u003e#6688\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/0d1526198fafe7f90078ff353103d0427e6c64d4\"\u003e\u003ccode\u003e0d15261\u003c/code\u003e\u003c/a\u003e docs: Add SIG meeting info and welcoming language (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6689\"\u003e#6689\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/compare/experimental/v0.52.1...experimental/v0.218.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for \u003ccode\u003e@​opentelemetry/sdk-node\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ajv` from 8.17.1 to 8.18.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ajv-validator/ajv/releases\"\u003eajv's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.18.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: allow tree-shaking by adding \u003ccode\u003e\u0026quot;sideEffects\u0026quot;: false\u003c/code\u003e to \u003ccode\u003epackage.json\u003c/code\u003e by \u003ca href=\"https://github.com/josdejong\"\u003e\u003ccode\u003e@​josdejong\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2480\"\u003eajv-validator/ajv#2480\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2482\"\u003e#2482\u003c/a\u003e Infinity and NaN serialise to null by \u003ca href=\"https://github.com/jasoniangreen\"\u003e\u003ccode\u003e@​jasoniangreen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2487\"\u003eajv-validator/ajv#2487\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: small grammatical error in managing-schemas.md by \u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2508\"\u003eajv-validator/ajv#2508\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: typos in schema-language.md by \u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2507\"\u003eajv-validator/ajv#2507\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(pattern): use configured RegExp engine with $data keyword to mitigate ReDoS attacks (CVE-2025-69873) by \u003ca href=\"https://github.com/epoberezkin\"\u003e\u003ccode\u003e@​epoberezkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2586\"\u003eajv-validator/ajv#2586\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/josdejong\"\u003e\u003ccode\u003e@​josdejong\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2480\"\u003eajv-validator/ajv#2480\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2508\"\u003eajv-validator/ajv#2508\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0\"\u003ehttps://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/142ce84b807c4fe66e619c22480a28d0e4bd50fa\"\u003e\u003ccode\u003e142ce84\u003c/code\u003e\u003c/a\u003e 8.18.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/720a23fa453ffae8340e92c9b0fe886c54cfe0d5\"\u003e\u003ccode\u003e720a23f\u003c/code\u003e\u003c/a\u003e fix(pattern): use configured RegExp engine with $data keyword to mitigate ReD...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/82735a15826a30cc51e97a1bbfb59b3d388e4b98\"\u003e\u003ccode\u003e82735a1\u003c/code\u003e\u003c/a\u003e fix: typos in schema-language.md (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2507\"\u003e#2507\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/b17ec32cd97542e90ae27231d8a8bce88b9e53b6\"\u003e\u003ccode\u003eb17ec32\u003c/code\u003e\u003c/a\u003e fix: small grammatical error in managing-schemas.md (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2508\"\u003e#2508\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/69568d08564303e2c32a2de61feb833b41075f96\"\u003e\u003ccode\u003e69568d0\u003c/code\u003e\u003c/a\u003e fix: \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2482\"\u003e#2482\u003c/a\u003e Infinity and NaN serialise to null (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2487\"\u003e#2487\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/f06766f33ed7291f84c19f22a1286a34475fbdaf\"\u003e\u003ccode\u003ef06766f\u003c/code\u003e\u003c/a\u003e feat: allow tree-shaking by adding ``\u0026quot;sideEffects\u0026quot;: false\u003ccode\u003eto\u003c/code\u003epackage.json` ...\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `simple-git` from 3.28.0 to 3.36.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/steveukx/git-js/releases\"\u003esimple-git's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003esimple-git@3.36.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e89a2294: Extend known exploitable configuration keys and per-task environment variables.\u003c/p\u003e\n\u003cp\u003eNote - \u003ccode\u003eParsedVulnerabilities\u003c/code\u003e from \u003ccode\u003eargv-parser\u003c/code\u003e is removed in favour of a readonly array of \u003ccode\u003eVulnerability\u003c/code\u003e to match usage in \u003ccode\u003esimple-git\u003c/code\u003e, rolled into the new \u003ccode\u003evulnerabilityCheck\u003c/code\u003e for simpler access to the identified issues.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/zebbern\"\u003e\u003ccode\u003e@​zebbern\u003c/code\u003e\u003c/a\u003e for identifying the need to block \u003ccode\u003ecore.fsmonitor\u003c/code\u003e.\nThanks to \u003ca href=\"https://github.com/kodareef5\"\u003e\u003ccode\u003e@​kodareef5\u003c/code\u003e\u003c/a\u003e for identifying the need to block \u003ccode\u003eGIT_CONFIG_COUNT\u003c/code\u003e environment variables and \u003ccode\u003e--template\u003c/code\u003e / \u003ccode\u003emerge\u003c/code\u003e related config.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e1ad57e8: Remove conflicting node:buffer import\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [89a2294]\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [675570a]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/argv-parser\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.1.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/args-pathspec\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esimple-git@3.35.2\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e0cf9d8c: Improvements for mono-repo publishing pipeline\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [0cf9d8c]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/args-pathspec\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.2\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/argv-parser\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esimple-git@3.35.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e0de400e: Update monorepo version handling during publish\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [0de400e]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/argv-parser\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.2\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esimple-git@3.33.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ea263635: Use \u003ccode\u003epathspec\u003c/code\u003e wrappers for remote and local paths when running either \u003ccode\u003egit.clone\u003c/code\u003e or \u003ccode\u003egit.mirror\u003c/code\u003e to\navoid leaving them less open for unexpected outcomes when passing unsanitised data into these tasks.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003ee253a0d: Enhanced \u003ccode\u003egit -c\u003c/code\u003e checks in \u003ccode\u003eunsafe\u003c/code\u003e plugin.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/JohannesLks\"\u003e\u003ccode\u003e@​JohannesLks\u003c/code\u003e\u003c/a\u003e for identifying the issue\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esimple-git@3.32.3\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ef704208: Enhanced \u003ccode\u003eprotocol.allow\u003c/code\u003e checks in \u003ccode\u003eallowUnsafeExtProtocol\u003c/code\u003e handling.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/steveukx/git-js/blob/main/simple-git/CHANGELOG.md\"\u003esimple-git's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.36.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e89a2294: Extend known exploitable configuration keys and per-task environment variables.\u003c/p\u003e\n\u003cp\u003eNote - \u003ccode\u003eParsedVulnerabilities\u003c/code\u003e from \u003ccode\u003eargv-parser\u003c/code\u003e is removed in favour of a readonly array of \u003ccode\u003eVulnerability\u003c/code\u003e to match usage in \u003ccode\u003esimple-git\u003c/code\u003e, rolled into the new \u003ccode\u003evulnerabilityCheck\u003c/code\u003e for simpler access to the identified issues.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/zebbern\"\u003e\u003ccode\u003e@​zebbern\u003c/code\u003e\u003c/a\u003e for identifying the need to block \u003ccode\u003ecore.fsmonitor\u003c/code\u003e.\nThanks to \u003ca href=\"https://github.com/kodareef5\"\u003e\u003ccode\u003e@​kodareef5\u003c/code\u003e\u003c/a\u003e for identifying the need to block \u003ccode\u003eGIT_CONFIG_COUNT\u003c/code\u003e environment variables and \u003ccode\u003e--template\u003c/code\u003e / \u003ccode\u003emerge\u003c/code\u003e related config.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e1ad57e8: Remove conflicting node:buffer import\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [89a2294]\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [675570a]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/argv-parser\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.1.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/args-pathspec\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.35.2\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e0cf9d8c: Improvements for mono-repo publishing pipeline\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [0cf9d8c]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/args-pathspec\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.2\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/argv-parser\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.35.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e0de400e: Update monorepo version handling during publish\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [0de400e]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/argv-parser\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.2\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.35.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e3d8708b: Updating publish config\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated dependencies [3d8708b]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/args-pathspec\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.1\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/argv-parser\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.34.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/7dc1a532a9ec92fb08c93202954be73175b07d83\"\u003e\u003ccode\u003e7dc1a53\u003c/code\u003e\u003c/a\u003e Version Packages\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/76f5376bd418cb8baf5ec32757af442d47128e22\"\u003e\u003ccode\u003e76f5376\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://github.com/steveukx/git-js/tree/HEAD/simple-git/issues/1061\"\u003e#1061\u003c/a\u003e from Vinzent03/fix/buffer-import\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/89a2294febed5dfe737c4c735d936bb6018746a8\"\u003e\u003ccode\u003e89a2294\u003c/code\u003e\u003c/a\u003e Environment Parsing (\u003ca href=\"https://github.com/steveukx/git-js/tree/HEAD/simple-git/issues/1156\"\u003e#1156\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/1b91b762f047777ca6686f34ac3f7b8a543a4780\"\u003e\u003ccode\u003e1b91b76\u003c/code\u003e\u003c/a\u003e fix: remove explicit node:buffer import\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/e390685960a3461875dce89d87ab80e3143d79fe\"\u003e\u003ccode\u003ee390685\u003c/code\u003e\u003c/a\u003e Version Packages\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/3c9e4b8309667d0cb4102cda770f92075fc781dd\"\u003e\u003ccode\u003e3c9e4b8\u003c/code\u003e\u003c/a\u003e Pin version of \u003ccode\u003e@​simple-git/args-pathspec\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/94ee21fd5a2a6182fbf0f218a5efca2057b567cd\"\u003e\u003ccode\u003e94ee21f\u003c/code\u003e\u003c/a\u003e Export \u003ccode\u003epathspec\u003c/code\u003e types through \u003ccode\u003esimple-git\u003c/code\u003e for backward compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/6d7cb5174273aa33d131172d3770cb386e795171\"\u003e\u003ccode\u003e6d7cb51\u003c/code\u003e\u003c/a\u003e Version Packages\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/0de400e7b014a48113acf673b3409a95b9c87a15\"\u003e\u003ccode\u003e0de400e\u003c/code\u003e\u003c/a\u003e Switch to semver from workspace revisions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/2264722abcb637042dd4cc50d903d69e4ee14b38\"\u003e\u003ccode\u003e2264722\u003c/code\u003e\u003c/a\u003e Version Packages\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/steveukx/git-js/commits/simple-git@3.36.0/simple-git\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for simple-git since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `undici` from 7.10.0 to 7.25.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodejs/undici/releases\"\u003eundici's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.25.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.24.8...v7.25.0\"\u003ehttps://github.com/nodejs/undici/compare/v7.24.8...v7.25.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.24.8\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: backport 401 stream-backed body fix to v7.x by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/5006\"\u003enodejs/undici#5006\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.24.7...v7.24.8\"\u003ehttps://github.com/nodejs/undici/compare/v7.24.7...v7.24.8\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.24.7\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: update broken links in file \u0026quot;Dispatcher.md\u0026quot; by \u003ca href=\"https://github.com/samuel871211\"\u003e\u003ccode\u003e@​samuel871211\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4924\"\u003enodejs/undici#4924\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edoc: remove unused parameter \u003ccode\u003eredirectionLimitReached\u003c/code\u003e by \u003ca href=\"https://github.com/samuel871211\"\u003e\u003ccode\u003e@​samuel871211\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4933\"\u003enodejs/undici#4933\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: skip flaky macOS Node 20 cookie fetch cases by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4932\"\u003enodejs/undici#4932\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(types): align Response with DOM fetch types by \u003ca href=\"https://github.com/theamodhshetty\"\u003e\u003ccode\u003e@​theamodhshetty\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4867\"\u003enodejs/undici#4867\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(types): Fix clone method type declaration to be an instance method rather than instance property by \u003ca href=\"https://github.com/mistval\"\u003e\u003ccode\u003e@​mistval\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4925\"\u003enodejs/undici#4925\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: skip IPv6 tests when IPv6 is not available by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4939\"\u003enodejs/undici#4939\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: correctly handle multi-value rawHeaders in fetch by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4938\"\u003enodejs/undici#4938\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eignore AGENTS.md by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4942\"\u003enodejs/undici#4942\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/samuel871211\"\u003e\u003ccode\u003e@​samuel871211\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4924\"\u003enodejs/undici#4924\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mistval\"\u003e\u003ccode\u003e@​mistval\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4925\"\u003enodejs/undici#4925\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.24.6...v7.24.7\"\u003ehttps://github.com/nodejs/undici/compare/v7.24.6...v7.24.7\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.24.6\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(test): client wasm compatible with clang 22 by \u003ca href=\"https://github.com/rozzilla\"\u003e\u003ccode\u003e@​rozzilla\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4909\"\u003enodejs/undici#4909\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(mock): improve error message when intercepts are exhausted by \u003ca href=\"https://github.com/travisbreaks\"\u003e\u003ccode\u003e@​travisbreaks\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4912\"\u003enodejs/undici#4912\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(websocket): support open diagnostics over h2 by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4921\"\u003enodejs/undici#4921\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: assume http/https scheme for scheme-less proxy env vars by \u003ca href=\"https://github.com/travisbreaks\"\u003e\u003ccode\u003e@​travisbreaks\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4914\"\u003enodejs/undici#4914\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(cache): check Authorization on request headers per RFC 9111 §3.5 by \u003ca href=\"https://github.com/metalix2\"\u003e\u003ccode\u003e@​metalix2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4911\"\u003enodejs/undici#4911\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: wrap kConnector call in try/catch to prevent client hang by \u003ca href=\"https://github.com/veeceey\"\u003e\u003ccode\u003e@​veeceey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4834\"\u003enodejs/undici#4834\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: clarify fetch and FormData pairing by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4922\"\u003enodejs/undici#4922\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: support Connection header with connection-specific header names per RFC 7230 by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4775\"\u003enodejs/undici#4775\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: avoid prototype collisions in parseHeaders by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4923\"\u003enodejs/undici#4923\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump typescript from 5.9.3 to 6.0.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4926\"\u003enodejs/undici#4926\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: auto-init WPT submodule by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4930\"\u003enodejs/undici#4930\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rozzilla\"\u003e\u003ccode\u003e@​rozzilla\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4909\"\u003enodejs/undici#4909\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/veeceey\"\u003e\u003ccode\u003e@​veeceey\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4834\"\u003enodejs/undici#4834\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.24.5...v7.24.6\"\u003ehttps://github.com/nodejs/undici/compare/v7.24.5...v7.24.6\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/12d9045923b7caebb1ae6975ef34c29dbcfd95d0\"\u003e\u003ccode\u003e12d9045\u003c/code\u003e\u003c/a\u003e Bumped v7.25.0 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/5025\"\u003e#5025\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/7a6f7febb30a30748a04f38c21e3641c77d21b0e\"\u003e\u003ccode\u003e7a6f7fe\u003c/code\u003e\u003c/a\u003e Bumped v7.24.8 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/5020\"\u003e#5020\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/1f85ae4b27ed6401e7ccc35eb546ad2e5976121f\"\u003e\u003ccode\u003e1f85ae4\u003c/code\u003e\u003c/a\u003e fix: avoid 401 failures for stream-backed request bodies (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4941\"\u003e#4941\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/5006\"\u003e#5006\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/c6610674dfad7c205ddf0f27831133973ad7894e\"\u003e\u003ccode\u003ec661067\u003c/code\u003e\u003c/a\u003e chore: update v7.x maintenance release flow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/84f23e2a19cd0f585579c4257d801e4ec2d65dbd\"\u003e\u003ccode\u003e84f23e2\u003c/code\u003e\u003c/a\u003e Bumped v7.24.7 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4947\"\u003e#4947\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/a770b1033201984b9e8082a9bf955414bff5dc2e\"\u003e\u003ccode\u003ea770b10\u003c/code\u003e\u003c/a\u003e ignore AGENTS.md (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4942\"\u003e#4942\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/6acd19beaf67c1a2d07bcd38f40d0b751a81e7cc\"\u003e\u003ccode\u003e6acd19b\u003c/code\u003e\u003c/a\u003e fix: correctly handle multi-value rawHeaders in fetch (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4938\"\u003e#4938\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/1da1c747c7d6e01b93ab295e0efb86623f3c8e06\"\u003e\u003ccode\u003e1da1c74\u003c/code\u003e\u003c/a\u003e test: skip IPv6 tests when IPv6 is not available (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4939\"\u003e#4939\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/04cb77327f7ada95c2e5b67424cddcb22d7bf882\"\u003e\u003ccode\u003e04cb773\u003c/code\u003e\u003c/a\u003e fix(types): Fix clone method type declaration to be an instance method rather...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/5145a7c47080d1715b2723591def3a75b0c3ba63\"\u003e\u003ccode\u003e5145a7c\u003c/code\u003e\u003c/a\u003e fix(types): align Response with DOM fetch types (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4867\"\u003e#4867\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nodejs/undici/compare/v7.10.0...v7.25.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for undici since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `brace-expansion` from 1.1.12 to 1.1.14\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/10c05fcf3699b1a29ef5e611c011af3d3c97e6e3\"\u003e\u003ccode\u003e10c05fc\u003c/code\u003e\u003c/a\u003e 1.1.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/1afa1b22ead12f6a7a02f25bf0f7d64c2439b007\"\u003e\u003ccode\u003e1afa1b2\u003c/code\u003e\u003c/a\u003e Add opt-in { max } mitigation to v1 l...\n\n_Description has been truncated_","html_url":"https://github.com/ahump20/gemini-cli/pull/24","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/ahump20%2Fgemini-cli/issues/24","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/24/packages"},{"uuid":"4434883572","node_id":"PR_kwDOPT2Fs87a9f30","number":33,"state":"open","title":"build(deps): bump the npm_and_yarn group across 3 directories with 17 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":6,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-13T04:43:07.000Z","updated_at":"2026-05-13T04:46:59.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"npm_and_yarn","update_count":17,"packages":[{"name":"lodash","old_version":"4.17.21","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"diff","old_version":"7.0.0","new_version":"9.0.0","repository_url":"https://github.com/kpdecker/jsdiff"},{"name":"@modelcontextprotocol/sdk","old_version":"1.15.1","new_version":"1.29.0","repository_url":"https://github.com/modelcontextprotocol/typescript-sdk"},{"name":"@opentelemetry/sdk-node","old_version":"0.52.1","new_version":"0.217.0","repository_url":"https://github.com/open-telemetry/opentelemetry-js"},{"name":"ajv","old_version":"8.17.1","new_version":"8.18.0","repository_url":"https://github.com/ajv-validator/ajv"},{"name":"simple-git","old_version":"3.28.0","new_version":"3.36.0","repository_url":"https://github.com/steveukx/git-js"},{"name":"undici","old_version":"7.10.0","new_version":"7.25.0","repository_url":"https://github.com/nodejs/undici"},{"name":"brace-expansion","old_version":"1.1.12","new_version":"1.1.14","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"minimatch","old_version":"3.1.2","new_version":"3.1.5","repository_url":"https://github.com/isaacs/minimatch"},{"name":"fast-uri","old_version":"3.0.6","new_version":"3.1.2","repository_url":"https://github.com/fastify/fast-uri"},{"name":"flatted","old_version":"3.3.3","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"jws","old_version":"4.0.0","new_version":"4.0.1","repository_url":"https://github.com/brianloveswords/node-jws"},{"name":"path-to-regexp","old_version":"8.2.0","new_version":"8.4.2","repository_url":"https://github.com/pillarjs/path-to-regexp"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"picomatch","old_version":"4.0.2","new_version":"4.0.4","repository_url":"https://github.com/micromatch/picomatch"},{"name":"rollup","old_version":"4.44.0","new_version":"4.60.3","repository_url":"https://github.com/rollup/rollup"},{"name":"vite","old_version":"7.0.0","new_version":"7.3.3","repository_url":"https://github.com/vitejs/vite"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 16 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [diff](https://github.com/kpdecker/jsdiff) | `7.0.0` | `9.0.0` |\n| [@modelcontextprotocol/sdk](https://github.com/modelcontextprotocol/typescript-sdk) | `1.15.1` | `1.29.0` |\n| [@opentelemetry/sdk-node](https://github.com/open-telemetry/opentelemetry-js) | `0.52.1` | `0.217.0` |\n| [ajv](https://github.com/ajv-validator/ajv) | `8.17.1` | `8.18.0` |\n| [simple-git](https://github.com/steveukx/git-js/tree/HEAD/simple-git) | `3.28.0` | `3.36.0` |\n| [undici](https://github.com/nodejs/undici) | `7.10.0` | `7.25.0` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.12` | `1.1.14` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [fast-uri](https://github.com/fastify/fast-uri) | `3.0.6` | `3.1.2` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` |\n| [jws](https://github.com/brianloveswords/node-jws) | `4.0.0` | `4.0.1` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `8.2.0` | `8.4.2` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [picomatch](https://github.com/micromatch/picomatch) | `4.0.2` | `4.0.4` |\n| [rollup](https://github.com/rollup/rollup) | `4.44.0` | `4.60.3` |\n| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `7.0.0` | `7.3.3` |\n\nBumps the npm_and_yarn group with 10 updates in the /packages/core directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [diff](https://github.com/kpdecker/jsdiff) | `7.0.0` | `8.0.3` |\n| [@modelcontextprotocol/sdk](https://github.com/modelcontextprotocol/typescript-sdk) | `1.12.3` | `1.29.0` |\n| [@opentelemetry/sdk-node](https://github.com/open-telemetry/opentelemetry-js) | `0.52.1` | `0.217.0` |\n| [simple-git](https://github.com/steveukx/git-js/tree/HEAD/simple-git) | `3.28.0` | `3.36.0` |\n| [undici](https://github.com/nodejs/undici) | `7.10.0` | `7.24.0` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `2.0.2` | `2.1.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `9.0.5` | `9.0.9` |\n| [jws](https://github.com/brianloveswords/node-jws) | `4.0.0` | `4.0.1` |\n| [rollup](https://github.com/rollup/rollup) | `4.43.0` | `4.60.3` |\n| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `6.3.5` | `7.3.3` |\n\nBumps the npm_and_yarn group with 7 updates in the /packages/vscode-ide-companion directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [@modelcontextprotocol/sdk](https://github.com/modelcontextprotocol/typescript-sdk) | `1.15.1` | `1.26.0` |\n| [ajv](https://github.com/ajv-validator/ajv) | `6.12.6` | `6.15.0` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.12` | `1.1.14` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `2.0.2` | `2.1.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [minimatch](https://github.com/isaacs/minimatch) | `9.0.5` | `9.0.9` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `8.2.0` | `8.4.2` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n\n\nUpdates `lodash` from 4.17.21 to 4.18.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lodash/lodash/releases\"\u003elodash's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.18.1\u003c/h2\u003e\n\u003ch2\u003eBugs\u003c/h2\u003e\n\u003cp\u003eFixes a \u003ccode\u003eReferenceError\u003c/code\u003e issue in \u003ccode\u003elodash\u003c/code\u003e \u003ccode\u003elodash-es\u003c/code\u003e \u003ccode\u003elodash-amd\u003c/code\u003e and \u003ccode\u003elodash.template\u003c/code\u003e when using the \u003ccode\u003etemplate\u003c/code\u003e and \u003ccode\u003efromPairs\u003c/code\u003e functions from the modular builds. See \u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6167#issuecomment-4165269769\"\u003elodash/lodash#6167\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThese defects were related to how lodash distributions are built from the main branch using \u003ca href=\"https://github.com/lodash-archive/lodash-cli\"\u003ehttps://github.com/lodash-archive/lodash-cli\u003c/a\u003e. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.\u003c/p\u003e\n\u003cp\u003eThere is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003elodash\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-es\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-amd\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash.template\u003c/code\u003e\u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.18.0\u003c/h2\u003e\n\u003ch2\u003ev4.18.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.23...4.18.0\"\u003ehttps://github.com/lodash/lodash/compare/4.17.23...4.18.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.unset\u003c/code\u003e / \u003ccode\u003e_.omit\u003c/code\u003e\u003c/strong\u003e: Fixed prototype pollution via \u003ccode\u003econstructor\u003c/code\u003e/\u003ccode\u003eprototype\u003c/code\u003e path traversal (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-f23m-r3pf-42rh\"\u003eGHSA-f23m-r3pf-42rh\u003c/a\u003e, \u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003efe8d32e\u003c/a\u003e). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now \u003ccode\u003econstructor\u003c/code\u003e and \u003ccode\u003eprototype\u003c/code\u003e are blocked unconditionally as non-terminal path keys, matching \u003ccode\u003ebaseSet\u003c/code\u003e. Calls that previously returned \u003ccode\u003etrue\u003c/code\u003e and deleted the property now return \u003ccode\u003efalse\u003c/code\u003e and leave the target untouched.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.template\u003c/code\u003e\u003c/strong\u003e: Fixed code injection via \u003ccode\u003eimports\u003c/code\u003e keys (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-r5fr-rjxr-66jc\"\u003eGHSA-r5fr-rjxr-66jc\u003c/a\u003e, CVE-2026-4800, \u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e879aaa9\u003c/a\u003e). Fixes an incomplete patch for CVE-2021-23337. The \u003ccode\u003evariable\u003c/code\u003e option was validated against \u003ccode\u003ereForbiddenIdentifierChars\u003c/code\u003e but \u003ccode\u003eimportsKeys\u003c/code\u003e was left unguarded, allowing code injection via the same \u003ccode\u003eFunction()\u003c/code\u003e constructor sink. \u003ccode\u003eimports\u003c/code\u003e keys containing forbidden identifier characters now throw \u003ccode\u003e\u0026quot;Invalid imports option passed into _.template\u0026quot;\u003c/code\u003e.\u003c/p\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd security notice for \u003ccode\u003e_.template\u003c/code\u003e in threat model and API docs (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6099\"\u003e#6099\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDocument \u003ccode\u003elower \u0026gt; upper\u003c/code\u003e behavior in \u003ccode\u003e_.random\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6115\"\u003e#6115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix quotes in \u003ccode\u003e_.compact\u003c/code\u003e jsdoc (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6090\"\u003e#6090\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ccode\u003elodash.*\u003c/code\u003e modular packages\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6157\"\u003eDiff\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eWe have also regenerated and published a select number of the \u003ccode\u003elodash.*\u003c/code\u003e modular packages.\u003c/p\u003e\n\u003cp\u003eThese modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.orderby\"\u003elodash.orderby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.tonumber\"\u003elodash.tonumber\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trim\"\u003elodash.trim\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trimend\"\u003elodash.trimend\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.sortedindexby\"\u003elodash.sortedindexby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.zipobjectdeep\"\u003elodash.zipobjectdeep\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.unset\"\u003elodash.unset\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.omit\"\u003elodash.omit\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.template\"\u003elodash.template\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/cb0b9b9212521c08e3eafe7c8cb0af1b42b6649e\"\u003e\u003ccode\u003ecb0b9b9\u003c/code\u003e\u003c/a\u003e release(patch): bump main to 4.18.1 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6177\"\u003e#6177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/75535f57883b7225adb96de1cfc1cd4169cfcb51\"\u003e\u003ccode\u003e75535f5\u003c/code\u003e\u003c/a\u003e chore: prune stale advisory refs (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6170\"\u003e#6170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/62e91bc6a39c98d85b9ada8c44d40593deaf82a4\"\u003e\u003ccode\u003e62e91bc\u003c/code\u003e\u003c/a\u003e docs: remove n_ Node.js \u0026lt; 6 REPL note from README (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6165\"\u003e#6165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/59be2de61f8aa9461c7856533b51d31b7d8babc4\"\u003e\u003ccode\u003e59be2de\u003c/code\u003e\u003c/a\u003e release(minor): bump to 4.18.0 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6161\"\u003e#6161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/af634573030f979194871da7c68f79420992f53d\"\u003e\u003ccode\u003eaf63457\u003c/code\u003e\u003c/a\u003e fix: broken tests for _.template 879aaa9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/1073a7693e1727e0cf3641e5f71f75ddcf8de7c0\"\u003e\u003ccode\u003e1073a76\u003c/code\u003e\u003c/a\u003e fix: linting issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e\u003ccode\u003e879aaa9\u003c/code\u003e\u003c/a\u003e fix: validate imports keys in _.template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003e\u003ccode\u003efe8d32e\u003c/code\u003e\u003c/a\u003e fix: block prototype pollution in baseUnset via constructor/prototype traversal\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/18ba0a32f42fd02117f096b032f89c984173462d\"\u003e\u003ccode\u003e18ba0a3\u003c/code\u003e\u003c/a\u003e refactor(fromPairs): use baseAssignValue for consistent assignment (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6153\"\u003e#6153\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/b8190803d48d60b8c80ad45d39125f32fa618cb2\"\u003e\u003ccode\u003eb819080\u003c/code\u003e\u003c/a\u003e ci: add dist sync validation workflow (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6137\"\u003e#6137\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.21...4.18.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `diff` from 7.0.0 to 9.0.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kpdecker/jsdiff/blob/master/release-notes.md\"\u003ediff's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e9.0.0\u003c/h2\u003e\n\u003cp\u003e(All changes part of PR \u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/672\"\u003e#672\u003c/a\u003e.)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eES5 support is dropped\u003c/strong\u003e. \u003ccode\u003eparsePatch\u003c/code\u003e now uses \u003ccode\u003eTextDecoder\u003c/code\u003e and \u003ccode\u003eUint8Array\u003c/code\u003e, which are not available in ES5, and TypeScript is now compiled with the \u0026quot;es6\u0026quot; \u003ccode\u003etarget\u003c/code\u003e. From now on, I intend to freely use any features that are deemed \u0026quot;Widely available\u0026quot; by \u003ca href=\"https://web.dev/baseline\"\u003eBaseline\u003c/a\u003e. Users who need ES5 support should stick to version 8.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eC-style quoted strings in filename headers are now properly supported\u003c/strong\u003e.\u003c/p\u003e\n\u003cp\u003eWhen the name of either the old or new file in a patch contains \u0026quot;special characters\u0026quot;, both GNU \u003ccode\u003ediff\u003c/code\u003e and Git quote the filename in the patch's headers and escape special characters using the same escape sequences that are used in string literals in C, including octal escapes for all non-ASCII characters. Previously, jsdiff had very little support for this; \u003ccode\u003eparsePatch\u003c/code\u003e would remove the quotes, and unescape any escaped backslashes, but would not unescape other escape sequences. \u003ccode\u003eformatPatch\u003c/code\u003e, meanwhile, did not quote or escape special characters at all.\u003c/p\u003e\n\u003cp\u003eNow, \u003ccode\u003eparsePatch\u003c/code\u003e parses all the possible escape sequences that GNU diff (or Git) ever output, and \u003ccode\u003eformatPatch\u003c/code\u003e quotes and escapes filenames containing special characters in the same way GNU diff does.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003eformatPatch\u003c/code\u003e now omits file headers when \u003ccode\u003eoldFileName\u003c/code\u003e or \u003ccode\u003enewFileName\u003c/code\u003e in the provided patch object are \u003ccode\u003eundefined\u003c/code\u003e\u003c/strong\u003e, regardless of the \u003ccode\u003eheaderOptions\u003c/code\u003e parameter. (Previously, it would treat the absence of \u003ccode\u003eoldFileName\u003c/code\u003e or \u003ccode\u003enewFileName\u003c/code\u003e as indicating the filename was the word \u0026quot;undefined\u0026quot; and emit headers \u003ccode\u003e--- undefined\u003c/code\u003e / \u003ccode\u003e+++ undefined\u003c/code\u003e.)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003eformatPatch\u003c/code\u003e no longer outputs trailing tab characters at the end of \u003ccode\u003e---\u003c/code\u003e/\u003ccode\u003e+++\u003c/code\u003e headers.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003ePreviously, if \u003ccode\u003eformatPatch\u003c/code\u003e was passed a patch object to serialize that had empty strings for the \u003ccode\u003eoldHeader\u003c/code\u003e or \u003ccode\u003enewHeader\u003c/code\u003e property, it would include a trailing tab character after the filename in the \u003ccode\u003e---\u003c/code\u003e and/or \u003ccode\u003e+++\u003c/code\u003e file header. Now, this scenario is treated the same as when \u003ccode\u003eoldHeader\u003c/code\u003e/\u003ccode\u003enewHeader\u003c/code\u003e is \u003ccode\u003eundefined\u003c/code\u003e - i.e. the trailing tab is omitted.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003eformatPatch\u003c/code\u003e no longer mutates its input\u003c/strong\u003e when serializing a patch containing a hunk where either the old or new content contained zero lines. (Such a hunk occurs only when the hunk has no context lines and represents a pure insertion or pure deletion, which for instance will occur whenever one of the two files being diffed is completely empty.) Previously \u003ccode\u003eformatPatch\u003c/code\u003e would provide the correct output but also mutate the \u003ccode\u003eoldLines\u003c/code\u003e or \u003ccode\u003enewLines\u003c/code\u003e property on the hunk, changing the meaning of the underlying patch.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eGit-style patches are now supported by \u003ccode\u003eparsePatch\u003c/code\u003e, \u003ccode\u003eformatPatch\u003c/code\u003e, and \u003ccode\u003ereversePatch\u003c/code\u003e\u003c/strong\u003e.\u003c/p\u003e\n\u003cp\u003ePatches output by \u003ccode\u003egit diff\u003c/code\u003e can include some features that are unlike those output by GNU \u003ccode\u003ediff\u003c/code\u003e, and therefore not handled by an ordinary unified diff format parser. An ordinary diff simply describes the differences between the \u003cem\u003econtent\u003c/em\u003e of two files, but Git diffs can also indicate, via \u0026quot;extended headers\u0026quot;, the creation or deletion of (potentially empty) files, indicate that a file was renamed, and contain information about file mode changes. Furthermore, when these changes appear in a diff in the absence of a content change (e.g. when an empty file is created, or a file is renamed without content changes), the patch will contain no associated \u003ccode\u003e---\u003c/code\u003e/\u003ccode\u003e+++\u003c/code\u003e file headers nor any hunks.\u003c/p\u003e\n\u003cp\u003ejsdiff previously did not support parsing Git's extended headers, nor hunkless patches. Now \u003ccode\u003eparsePatch\u003c/code\u003e parses some of the extended headers, parses hunkless Git patches, and can determine filenames (e.g. from the extended headers) when parsing a patch that includes no \u003ccode\u003e---\u003c/code\u003e or \u003ccode\u003e+++\u003c/code\u003e file headers. The additional information conveyed by the extended headers we support is recorded on new fields on the result object returned by \u003ccode\u003eparsePatch\u003c/code\u003e. See \u003ccode\u003eisGit\u003c/code\u003e and subsequent properties in the docs in the README.md file.\u003c/p\u003e\n\u003cp\u003e\u003ccode\u003eformatPatch\u003c/code\u003e now outputs extended headers based on these new Git-specific properties, and \u003ccode\u003ereversePatch\u003c/code\u003e respects them as far as possible (with one unavoidable caveat noted in the README.md file).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eUnpaired file headers now cause \u003ccode\u003eparsePatch\u003c/code\u003e to throw\u003c/strong\u003e.\u003c/p\u003e\n\u003cp\u003eIt remains acceptable to have a patch with no file headers whatsoever (e.g. one that begins with a \u003ccode\u003e@@\u003c/code\u003e hunk header on the very first line), but a patch with \u003cem\u003eonly\u003c/em\u003e a \u003ccode\u003e---\u003c/code\u003e header or only a \u003ccode\u003e+++\u003c/code\u003e header is now considered an error.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003eparsePatch\u003c/code\u003e is now more tolerant of \u0026quot;trailing garbage\u0026quot;\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eThat is: after a patch, or between files/indexes in a patch, it is now acceptable to have arbitrary lines of \u0026quot;garbage\u0026quot; (so long as they unambiguously have no syntactic meaning - e.g. trailing garbage that leads with a \u003ccode\u003e+\u003c/code\u003e, \u003ccode\u003e-\u003c/code\u003e, or \u003ccode\u003e \u003c/code\u003e and thus is interpretable as part of a hunk still triggers a throw).\u003c/p\u003e\n\u003cp\u003eThis means we no longer reject patches output by tools that include extra data in \u0026quot;garbage\u0026quot; lines not understood by generic unified diff parsers. (For example, SVN patches can include \u0026quot;Property changes on:\u0026quot; lines that generic unified diff parsers should discard as garbage; jsdiff previously threw errors when encountering them.)\u003c/p\u003e\n\u003cp\u003eThis change brings jsdiff's behaviour more in line with GNU \u003ccode\u003epatch\u003c/code\u003e, which is highly permissive of \u0026quot;garbage\u0026quot;.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eThe \u003ccode\u003eoldFileName\u003c/code\u003e and \u003ccode\u003enewFileName\u003c/code\u003e fields of \u003ccode\u003eStructuredPatch\u003c/code\u003e are now typed as \u003ccode\u003estring | undefined\u003c/code\u003e instead of \u003ccode\u003estring\u003c/code\u003e\u003c/strong\u003e. This type change reflects the (pre-existing) reality that \u003ccode\u003eparsePatch\u003c/code\u003e can produce patches without filenames (e.g. when parsing a patch that simply contains hunks with no file headers).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.0.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/667\"\u003e#667\u003c/a\u003e - \u003cstrong\u003efix another bug in \u003ccode\u003ediffWords\u003c/code\u003e when used with an \u003ccode\u003eIntl.Segmenter\u003c/code\u003e\u003c/strong\u003e. If the text to be diffed included a combining mark after a whitespace character (i.e. roughly speaking, an accented space), \u003ccode\u003ediffWords\u003c/code\u003e would previously crash. Now this case is handled correctly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.0.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/631\"\u003e#631\u003c/a\u003e - \u003cstrong\u003efix support for using an \u003ccode\u003eIntl.Segmenter\u003c/code\u003e with \u003ccode\u003ediffWords\u003c/code\u003e\u003c/strong\u003e. This has been almost completely broken since the feature was added in v6.0.0, since it would outright crash on any text that featured two consecutive newlines between a pair of words (a very common case).\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/635\"\u003e#635\u003c/a\u003e - \u003cstrong\u003esmall tweaks to tokenization behaviour of \u003ccode\u003ediffWords\u003c/code\u003e\u003c/strong\u003e when used \u003cem\u003ewithout\u003c/em\u003e an \u003ccode\u003eIntl.Segmenter\u003c/code\u003e. Specifically, the soft hyphen (U+00AD) is no longer considered to be a word break, and the multiplication and division signs (\u003ccode\u003e×\u003c/code\u003e and \u003ccode\u003e÷\u003c/code\u003e) are now treated as punctuation instead of as letters / word characters.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/ed13aca03aa25735fafc0645d1185e7a1c68fd8c\"\u003e\u003ccode\u003eed13aca\u003c/code\u003e\u003c/a\u003e Update version in package.json and in release notes (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/683\"\u003e#683\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/7a49317b503a932b88fc72ad9c57a481df038e24\"\u003e\u003ccode\u003e7a49317\u003c/code\u003e\u003c/a\u003e Bump dependencies again (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/682\"\u003e#682\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/afe5aecad189c9f5941ad3feb3c94c46b32ecb0a\"\u003e\u003ccode\u003eafe5aec\u003c/code\u003e\u003c/a\u003e Add Git support, and otherwise variously improve \u0026amp; fix parsePatch (and other ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/2e46779d8866ce7da1303a03db33ed038590c6f6\"\u003e\u003ccode\u003e2e46779\u003c/code\u003e\u003c/a\u003e Fix a typo (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/679\"\u003e#679\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/dd2f99497703a1540b2ae406b51c49b74b5fc1a1\"\u003e\u003ccode\u003edd2f994\u003c/code\u003e\u003c/a\u003e 8.0.4 release (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/678\"\u003e#678\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/3cc438434db53c5d1c40412b727ea7650f6f145a\"\u003e\u003ccode\u003e3cc4384\u003c/code\u003e\u003c/a\u003e Update docs on releasing to reflect migration to yarn berry (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/677\"\u003e#677\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/6fc2aa6b7672af08774b50aae00d97b99c5b5715\"\u003e\u003ccode\u003e6fc2aa6\u003c/code\u003e\u003c/a\u003e yarn up '*' \u0026amp;\u0026amp; yarn up -R '**' (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/676\"\u003e#676\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/af7393ac3404565dc8da655c2e7aeeed28c01ff7\"\u003e\u003ccode\u003eaf7393a\u003c/code\u003e\u003c/a\u003e yarn up '*' \u0026amp;\u0026amp; yarn up -R '**' (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/670\"\u003e#670\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/4b5d1800370bf29b61a3378fb8086aeb231d3ef7\"\u003e\u003ccode\u003e4b5d180\u003c/code\u003e\u003c/a\u003e Fix another bug in diffWords's \u0026quot;intlSegmenter\u0026quot; mode (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/667\"\u003e#667\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/10da50c466709e7bd4b192dac96af0af46f8b7bd\"\u003e\u003ccode\u003e10da50c\u003c/code\u003e\u003c/a\u003e yarn up '*' \u0026amp;\u0026amp; yarn up -R '**' (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/666\"\u003e#666\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kpdecker/jsdiff/compare/7.0.0...v9.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@modelcontextprotocol/sdk` from 1.15.1 to 1.29.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/releases\"\u003e@​modelcontextprotocol/sdk's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.29.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: treat v1.x as primary branch for npm latest tag (backport \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1577\"\u003e#1577\u003c/a\u003e) by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1749\"\u003emodelcontextprotocol/typescript-sdk#1749\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[v1.x] fix: disallow null (infinite) requested TTL by \u003ca href=\"https://github.com/LucaButBoring\"\u003e\u003ccode\u003e@​LucaButBoring\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1339\"\u003emodelcontextprotocol/typescript-sdk#1339\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[v1.x] fix: add missing size field to ResourceSchema by \u003ca href=\"https://github.com/olaservo\"\u003e\u003ccode\u003e@​olaservo\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1575\"\u003emodelcontextprotocol/typescript-sdk#1575\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd typings exports by \u003ca href=\"https://github.com/tdraier\"\u003e\u003ccode\u003e@​tdraier\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1623\"\u003emodelcontextprotocol/typescript-sdk#1623\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev1.x npm audit fix by \u003ca href=\"https://github.com/KKonstantinov\"\u003e\u003ccode\u003e@​KKonstantinov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1780\"\u003emodelcontextprotocol/typescript-sdk#1780\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev1.x \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1623\"\u003e#1623\u003c/a\u003e follow up -add missing types to package.json by \u003ca href=\"https://github.com/KKonstantinov\"\u003e\u003ccode\u003e@​KKonstantinov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1773\"\u003emodelcontextprotocol/typescript-sdk#1773\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[v1.x backport] Allow servers / clients to advertise extensions in the capability object by \u003ca href=\"https://github.com/localden\"\u003e\u003ccode\u003e@​localden\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1811\"\u003emodelcontextprotocol/typescript-sdk#1811\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(stdio): always set windowsHide on Windows, not just in Electron by \u003ca href=\"https://github.com/jnMetaCode\"\u003e\u003ccode\u003e@​jnMetaCode\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1640\"\u003emodelcontextprotocol/typescript-sdk#1640\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: bump version to 1.29.0 by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1820\"\u003emodelcontextprotocol/typescript-sdk#1820\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tdraier\"\u003e\u003ccode\u003e@​tdraier\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1623\"\u003emodelcontextprotocol/typescript-sdk#1623\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jnMetaCode\"\u003e\u003ccode\u003e@​jnMetaCode\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1640\"\u003emodelcontextprotocol/typescript-sdk#1640\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/v1.28.0...v1.29.0\"\u003ehttps://github.com/modelcontextprotocol/typescript-sdk/compare/v1.28.0...v1.29.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.28.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: use scopes_supported from resource metadata by default (fixes \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/580\"\u003e#580\u003c/a\u003e) by \u003ca href=\"https://github.com/antogyn\"\u003e\u003ccode\u003e@​antogyn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/757\"\u003emodelcontextprotocol/typescript-sdk#757\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[v1.x backport] Default to client_secret_basic when server omits token_endpoint_auth_methods_supported by \u003ca href=\"https://github.com/pcarleton\"\u003e\u003ccode\u003e@​pcarleton\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1611\"\u003emodelcontextprotocol/typescript-sdk#1611\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: reject plain JSON Schema objects passed as inputSchema by \u003ca href=\"https://github.com/tiluckdave\"\u003e\u003ccode\u003e@​tiluckdave\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1596\"\u003emodelcontextprotocol/typescript-sdk#1596\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: clear _timeoutInfo in _onclose() and scope .finally() abort controller cleanup by \u003ca href=\"https://github.com/pcarleton\"\u003e\u003ccode\u003e@​pcarleton\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1462\"\u003emodelcontextprotocol/typescript-sdk#1462\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(server/auth): RFC 8252 loopback port relaxation by \u003ca href=\"https://github.com/poteat\"\u003e\u003ccode\u003e@​poteat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1738\"\u003emodelcontextprotocol/typescript-sdk#1738\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: bump version to 1.28.0 by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1746\"\u003emodelcontextprotocol/typescript-sdk#1746\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/antogyn\"\u003e\u003ccode\u003e@​antogyn\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/757\"\u003emodelcontextprotocol/typescript-sdk#757\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tiluckdave\"\u003e\u003ccode\u003e@​tiluckdave\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1596\"\u003emodelcontextprotocol/typescript-sdk#1596\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/poteat\"\u003e\u003ccode\u003e@​poteat\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1738\"\u003emodelcontextprotocol/typescript-sdk#1738\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/v1.27.1...v1.28.0\"\u003ehttps://github.com/modelcontextprotocol/typescript-sdk/compare/v1.27.1...v1.28.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.27.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: implement auth/pre-registration conformance scenario by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1545\"\u003emodelcontextprotocol/typescript-sdk#1545\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: add governance documentation for SEP-1730 by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1547\"\u003emodelcontextprotocol/typescript-sdk#1547\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: comprehensive feature documentation for SEP-1730 Tier 1 by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1548\"\u003emodelcontextprotocol/typescript-sdk#1548\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: prevent command injection in example URL opening (v1.x backport) by \u003ca href=\"https://github.com/maxisbey\"\u003e\u003ccode\u003e@​maxisbey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1579\"\u003emodelcontextprotocol/typescript-sdk#1579\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: call onerror for silently swallowed transport errors by \u003ca href=\"https://github.com/qing-ant\"\u003e\u003ccode\u003e@​qing-ant\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1580\"\u003emodelcontextprotocol/typescript-sdk#1580\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: bump version to 1.27.1 by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1581\"\u003emodelcontextprotocol/typescript-sdk#1581\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qing-ant\"\u003e\u003ccode\u003e@​qing-ant\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1580\"\u003emodelcontextprotocol/typescript-sdk#1580\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/v1.27.0...v1.27.1\"\u003ehttps://github.com/modelcontextprotocol/typescript-sdk/compare/v1.27.0...v1.27.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.27.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/e12cbd7078db388152f6e839abdbe09ba01f3f32\"\u003e\u003ccode\u003ee12cbd7\u003c/code\u003e\u003c/a\u003e chore: bump version to 1.29.0 (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1820\"\u003e#1820\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/3913fd4443a86536155e3ebef9edd2045c372c1e\"\u003e\u003ccode\u003e3913fd4\u003c/code\u003e\u003c/a\u003e fix(stdio): always set windowsHide on Windows, not just in Electron (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1640\"\u003e#1640\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/5608e78dd0d4ca6cd7dd03278419578f1780365a\"\u003e\u003ccode\u003e5608e78\u003c/code\u003e\u003c/a\u003e [v1.x backport] Allow servers / clients to advertise extensions in the capabi...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/7213816788e634ffb9d09affe50f0295093bfb73\"\u003e\u003ccode\u003e7213816\u003c/code\u003e\u003c/a\u003e v1.x \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1623\"\u003e#1623\u003c/a\u003e follow up -add missing types to package.json (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1773\"\u003e#1773\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/364f38ca2d8895aed7c37b7a0a1031bb7ae4841c\"\u003e\u003ccode\u003e364f38c\u003c/code\u003e\u003c/a\u003e v1.x npm audit fix (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1780\"\u003e#1780\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/c95cc0943b045517e4cc414baf1f168b216c3142\"\u003e\u003ccode\u003ec95cc09\u003c/code\u003e\u003c/a\u003e Add typings exports (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1623\"\u003e#1623\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/ddadaa6cc633fb5db0c094bf031b15b68a357820\"\u003e\u003ccode\u003eddadaa6\u003c/code\u003e\u003c/a\u003e [v1.x] fix: add missing size field to ResourceSchema (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1575\"\u003e#1575\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/2a158513028d9f862c4188b6957e78cd5663f26b\"\u003e\u003ccode\u003e2a15851\u003c/code\u003e\u003c/a\u003e [v1.x] fix: disallow null (infinite) requested TTL (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1339\"\u003e#1339\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/13e30f1d36de8442417fec695983bdb155c00768\"\u003e\u003ccode\u003e13e30f1\u003c/code\u003e\u003c/a\u003e fix: treat v1.x as primary branch for npm latest tag (backport \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1577\"\u003e#1577\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1749\"\u003e#1749\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/a0565695218544fc53e99bf5b544a887d373cefa\"\u003e\u003ccode\u003ea056569\u003c/code\u003e\u003c/a\u003e chore: bump version to 1.28.0 (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1746\"\u003e#1746\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/1.15.1...v1.29.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~pcarleton\"\u003epcarleton\u003c/a\u003e, a new releaser for \u003ccode\u003e@​modelcontextprotocol/sdk\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@opentelemetry/sdk-node` from 0.52.1 to 0.217.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/releases\"\u003e@​opentelemetry/sdk-node's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eexperimental/v0.217.0\u003c/h2\u003e\n\u003ch2\u003e0.217.0\u003c/h2\u003e\n\u003ch3\u003e:rocket: Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat(otlp-transformer): replace protobufjs trace serialization with custom implementation \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6625\"\u003e#6625\u003c/a\u003e \u003ca href=\"https://github.com/pichlermarc\"\u003e\u003ccode\u003e@​pichlermarc\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(configuration): auto-generate TypeScript types from OTel declarative config JSON schema (stable v1.0.0) using \u003ccode\u003ejson-schema-to-typescript\u003c/code\u003e and \u003ccode\u003eajv\u003c/code\u003e \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6533\"\u003e#6533\u003c/a\u003e \u003ca href=\"https://github.com/MikeGoldsmith\"\u003e\u003ccode\u003e@​MikeGoldsmith\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(configuration, sdk-node): \u003ccode\u003estartNodeSDK()\u003c/code\u003e code path now uses \u003ccode\u003elog_level\u003c/code\u003e configuration to setup a DiagConsoleLogger \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6668\"\u003e#6668\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eNote that allowed values for \u003ccode\u003elog_level\u003c/code\u003e in a configuration YAML file are \u003cem\u003enot\u003c/em\u003e the same set as for \u003ccode\u003eOTEL_LOG_LEVEL\u003c/code\u003e. Use \u003ccode\u003elog_level: trace\u003c/code\u003e to see \u003cem\u003eall\u003c/em\u003e logs (equivalent of \u003ccode\u003eOTEL_LOG_LEVEL=ALL\u003c/code\u003e). Use \u003ccode\u003elog_level: fatal\u003c/code\u003e to effectively disable the SDK's internal diagnostic logger (equivalent of \u003ccode\u003eOTEL_LOG_LEVEL=NONE\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eIf \u003ccode\u003elog_level\u003c/code\u003e is not specified, a diagnostic console logger at \u0026quot;info\u0026quot; level will be setup.\u003c/li\u003e\n\u003cli\u003eAn invalid YAML config file will now result in a noop OTel SDK.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e:bug: Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix(configuration): do not validate \u003ccode\u003eOTEL_CONFIG_FILE\u003c/code\u003e value before using it for file config \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6643\"\u003e#6643\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(configuration): improve how 'additionalProperties' in JSON schema is translated to TS types \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6650\"\u003e#6650\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(configuration): remove stripMinItems and preprocessNullArrays from validation/parsing \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6657\"\u003e#6657\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(configuration): improve handling of enums in generated types \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6659\"\u003e#6659\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(configuration): improve the technique for removing '| null' on types the JSON Schema \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6662\"\u003e#6662\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(sampler-jaeger-remote): add missing axios dep \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6656\"\u003e#6656\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(exporter-prometheus): handle malformed URLs in Prometheus exporter request handler \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6674\"\u003e#6674\u003c/a\u003e \u003ca href=\"https://github.com/homanp\"\u003e\u003ccode\u003e@​homanp\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eexperimental/v0.216.0\u003c/h2\u003e\n\u003ch2\u003e0.216.0\u003c/h2\u003e\n\u003ch3\u003e:rocket: Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat(sdk-node): wire attribute_keys from declarative configuration to ViewOptions.attributesProcessors \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6427\"\u003e#6427\u003c/a\u003e \u003ca href=\"https://github.com/ravitheja4531-cell\"\u003e\u003ccode\u003e@​ravitheja4531-cell\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(sdk-node): set TracerProvider in startNodeSDK() \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6607\"\u003e#6607\u003c/a\u003e \u003ca href=\"https://github.com/maryliag\"\u003e\u003ccode\u003e@​maryliag\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e:bug: Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix(instrumentation-xml-http-request): avoid unwrapping \u003ccode\u003eXMLHttpRequest\u003c/code\u003e API when disabling \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6611\"\u003e#6611\u003c/a\u003e \u003ca href=\"https://github.com/david-luna\"\u003e\u003ccode\u003e@​david-luna\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(instrumentation-fetch): tolerate non-writable \u003ccode\u003eglobalThis.fetch\u003c/code\u003e and fix premature \u003ccode\u003e_isEnabled\u003c/code\u003e / \u003ccode\u003e_isFetchPatched\u003c/code\u003e flips in \u003ccode\u003eenable()\u003c/code\u003e \u003ca href=\"https://github.com/brunorodmoreira\"\u003e\u003ccode\u003e@​brunorodmoreira\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(instrumentation-xhr): resolve relative URLs before matching \u003ccode\u003eignoreUrls\u003c/code\u003e \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6551\"\u003e#6551\u003c/a\u003e \u003ca href=\"https://github.com/Maximiliano-Zeballos\"\u003e\u003ccode\u003e@​Maximiliano-Zeballos\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(sdk-node): fix setting of ViewOption#name from ConfigurationModel \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6620\"\u003e#6620\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(web-common): add limit for timeout \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6601\"\u003e#6601\u003c/a\u003e \u003ca href=\"https://github.com/maryliag\"\u003e\u003ccode\u003e@​maryliag\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(otlp-transformer): pin protobufjs@8.0.1 as protobufjs@8.0.3 is broken for browser use \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6646\"\u003e#6646\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e:house: Internal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003etest(otlp-transformer): add metrics transform benchmark \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6628\"\u003e#6628\u003c/a\u003e \u003ca href=\"https://github.com/pichlermarc\"\u003e\u003ccode\u003e@​pichlermarc\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erefactor(opentelemetry-exporter-prometheus): do not call enforcePrometheusNamingConvention() multiple times per metric \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6636\"\u003e#6636\u003c/a\u003e \u003ca href=\"https://github.com/cjihrig\"\u003e\u003ccode\u003e@​cjihrig\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eexperimental/v0.215.0\u003c/h2\u003e\n\u003ch2\u003e0.215.0\u003c/h2\u003e\n\u003ch3\u003e:boom: Breaking Changes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/74cde1b674508ccc0ed2601ac43a80ff2d35114c\"\u003e\u003ccode\u003e74cde1b\u003c/code\u003e\u003c/a\u003e chore: prepare next release (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6675\"\u003e#6675\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/e8f439adcbec23261d26fcc205f4d2a6d74f16c7\"\u003e\u003ccode\u003ee8f439a\u003c/code\u003e\u003c/a\u003e fix: handle malformed URLs in Prometheus exporter request handler (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6674\"\u003e#6674\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/ab3a2e280e589a43d705278be5e8c8308b1b4081\"\u003e\u003ccode\u003eab3a2e2\u003c/code\u003e\u003c/a\u003e feat(sdk-node, configuration): diag log handling updates for startNodeSDK(), ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/d5b7d1e5c6cd3c9547137d0cc6a5185b7b5a8155\"\u003e\u003ccode\u003ed5b7d1e\u003c/code\u003e\u003c/a\u003e fix(deps): update dependency axios to v1.15.2 [security] (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6670\"\u003e#6670\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/c16361877b77828d324733a4c8bed6d2ed10c884\"\u003e\u003ccode\u003ec163618\u003c/code\u003e\u003c/a\u003e chore(deps): update github/codeql-action digest to e46ed2c (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6661\"\u003e#6661\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/ec2bfbe0b2afb9d29725140b2d0350e47e23250d\"\u003e\u003ccode\u003eec2bfbe\u003c/code\u003e\u003c/a\u003e chore(configuration): move config generation scripts into the configuration p...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/acc9ecd99591c054e9f3b9d9e36cbd4333bb1411\"\u003e\u003ccode\u003eacc9ecd\u003c/code\u003e\u003c/a\u003e chore(configuration): cosmetic changes to generated types.ts (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6663\"\u003e#6663\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/8f008ece4ee20ad7ef55f673c208010ddb59f751\"\u003e\u003ccode\u003e8f008ec\u003c/code\u003e\u003c/a\u003e chore: Move inactive members to emeritus (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6649\"\u003e#6649\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/435431e4705fd1fb45eec009a3f831b91e6673cd\"\u003e\u003ccode\u003e435431e\u003c/code\u003e\u003c/a\u003e fix(configuration): improve the technique for removing '| null' on types due ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/42220244e99c5ace5c2ac7365d232d3b9d1038b2\"\u003e\u003ccode\u003e4222024\u003c/code\u003e\u003c/a\u003e fix(configuration): improve handling of enums in generated types (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6659\"\u003e#6659\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/compare/experimental/v0.52.1...experimental/v0.217.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for \u003ccode\u003e@​opentelemetry/sdk-node\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ajv` from 8.17.1 to 8.18.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ajv-validator/ajv/releases\"\u003eajv's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.18.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: allow tree-shaking by adding \u003ccode\u003e\u0026quot;sideEffects\u0026quot;: false\u003c/code\u003e to \u003ccode\u003epackage.json\u003c/code\u003e by \u003ca href=\"https://github.com/josdejong\"\u003e\u003ccode\u003e@​josdejong\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2480\"\u003eajv-validator/ajv#2480\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2482\"\u003e#2482\u003c/a\u003e Infinity and NaN serialise to null by \u003ca href=\"https://github.com/jasoniangreen\"\u003e\u003ccode\u003e@​jasoniangreen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2487\"\u003eajv-validator/ajv#2487\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: small grammatical error in managing-schemas.md by \u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2508\"\u003eajv-validator/ajv#2508\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: typos in schema-language.md by \u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2507\"\u003eajv-validator/ajv#2507\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(pattern): use configured RegExp engine with $data keyword to mitigate ReDoS attacks (CVE-2025-69873) by \u003ca href=\"https://github.com/epoberezkin\"\u003e\u003ccode\u003e@​epoberezkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2586\"\u003eajv-validator/ajv#2586\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/josdejong\"\u003e\u003ccode\u003e@​josdejong\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2480\"\u003eajv-validator/ajv#2480\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2508\"\u003eajv-validator/ajv#2508\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0\"\u003ehttps://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/142ce84b807c4fe66e619c22480a28d0e4bd50fa\"\u003e\u003ccode\u003e142ce84\u003c/code\u003e\u003c/a\u003e 8.18.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/720a23fa453ffae8340e92c9b0fe886c54cfe0d5\"\u003e\u003ccode\u003e720a23f\u003c/code\u003e\u003c/a\u003e fix(pattern): use configured RegExp engine with $data keyword to mitigate ReD...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/82735a15826a30cc51e97a1bbfb59b3d388e4b98\"\u003e\u003ccode\u003e82735a1\u003c/code\u003e\u003c/a\u003e fix: typos in schema-language.md (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2507\"\u003e#2507\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/b17ec32cd97542e90ae27231d8a8bce88b9e53b6\"\u003e\u003ccode\u003eb17ec32\u003c/code\u003e\u003c/a\u003e fix: small grammatical error in managing-schemas.md (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2508\"\u003e#2508\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/69568d08564303e2c32a2de61feb833b41075f96\"\u003e\u003ccode\u003e69568d0\u003c/code\u003e\u003c/a\u003e fix: \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2482\"\u003e#2482\u003c/a\u003e Infinity and NaN serialise to null (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2487\"\u003e#2487\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/f06766f33ed7291f84c19f22a1286a34475fbdaf\"\u003e\u003ccode\u003ef06766f\u003c/code\u003e\u003c/a\u003e feat: allow tree-shaking by adding ``\u0026quot;sideEffects\u0026quot;: false\u003ccode\u003eto\u003c/code\u003epackage.json` ...\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `simple-git` from 3.28.0 to 3.36.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/steveukx/git-js/releases\"\u003esimple-git's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003esimple-git@3.36.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e89a2294: Extend known exploitable configuration keys and per-task environment variables.\u003c/p\u003e\n\u003cp\u003eNote - \u003ccode\u003eParsedVulnerabilities\u003c/code\u003e from \u003ccode\u003eargv-parser\u003c/code\u003e is removed in favour of a readonly array of \u003ccode\u003eVulnerability\u003c/code\u003e to match usage in \u003ccode\u003esimple-git\u003c/code\u003e, rolled into the new \u003ccode\u003evulnerabilityCheck\u003c/code\u003e for simpler access to the identified issues.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/zebbern\"\u003e\u003ccode\u003e@​zebbern\u003c/code\u003e\u003c/a\u003e for identifying the need to block \u003ccode\u003ecore.fsmonitor\u003c/code\u003e.\nThanks to \u003ca href=\"https://github.com/kodareef5\"\u003e\u003ccode\u003e@​kodareef5\u003c/code\u003e\u003c/a\u003e for identifying the need to block \u003ccode\u003eGIT_CONFIG_COUNT\u003c/code\u003e environment variables and \u003ccode\u003e--template\u003c/code\u003e / \u003ccode\u003emerge\u003c/code\u003e related config.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e1ad57e8: Remove conflicting node:buffer import\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [89a2294]\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [675570a]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/argv-parser\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.1.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/args-pathspec\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esimple-git@3.35.2\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e0cf9d8c: Improvements for mono-repo publishing pipeline\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [0cf9d8c]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/args-pathspec\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.2\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/argv-parser\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esimple-git@3.35.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e0de400e: Update monorepo version handling during publish\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [0de400e]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/argv-parser\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.2\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esimple-git@3.33.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ea263635: Use \u003ccode\u003epathspec\u003c/code\u003e wrappers for remote and local paths when running either \u003ccode\u003egit.clone\u003c/code\u003e or \u003ccode\u003egit.mirror\u003c/code\u003e to\navoid leaving them less open for unexpected outcomes when passing unsanitised data into these tasks.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003ee253a0d: Enhanced \u003ccode\u003egit -c\u003c/code\u003e checks in \u003ccode\u003eunsafe\u003c/code\u003e plugin.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/JohannesLks\"\u003e\u003ccode\u003e@​JohannesLks\u003c/code\u003e\u003c/a\u003e for identifying the issue\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esimple-git@3.32.3\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ef704208: Enhanced \u003ccode\u003eprotocol.allow\u003c/code\u003e checks in \u003ccode\u003eallowUnsafeExtProtocol\u003c/code\u003e handling.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/steveukx/git-js/blob/main/simple-git/CHANGELOG.md\"\u003esimple-git's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.36.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e89a2294: Extend known exploitable configuration keys and per-task environment variables.\u003c/p\u003e\n\u003cp\u003eNote - \u003ccode\u003eParsedVulnerabilities\u003c/code\u003e from \u003ccode\u003eargv-parser\u003c/code\u003e is removed in favour of a readonly array of \u003ccode\u003eVulnerability\u003c/code\u003e to match usage in \u003ccode\u003esimple-git\u003c/code\u003e, rolled into the new \u003ccode\u003evulnerabilityCheck\u003c/code\u003e for simpler access to the identified issues.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/zebbern\"\u003e\u003ccode\u003e@​zebbern\u003c/code\u003e\u003c/a\u003e for identifying the need to block \u003ccode\u003ecore.fsmonitor\u003c/code\u003e.\nThanks to \u003ca href=\"https://github.com/kodareef5\"\u003e\u003ccode\u003e@​kodareef5\u003c/code\u003e\u003c/a\u003e for identifying the need to block \u003ccode\u003eGIT_CONFIG_COUNT\u003c/code\u003e environment variables and \u003ccode\u003e--template\u003c/code\u003e / \u003ccode\u003emerge\u003c/code\u003e related config.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e1ad57e8: Remove conflicting node:buffer import\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [89a2294]\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [675570a]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/argv-parser\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.1.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/args-pathspec\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.35.2\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e0cf9d8c: Improvements for mono-repo publishing pipeline\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [0cf9d8c]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/args-pathspec\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.2\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/argv-parser\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.35.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e0de400e: Update monorepo version handling during publish\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [0de400e]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/argv-parser\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.2\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.35.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e3d8708b: Updating publish config\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated dependencies [3d8708b]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/args-pathspec\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.1\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/argv-parser\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.34.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/7dc1a532a9ec92fb08c93202954be73175b07d83\"\u003e\u003ccode\u003e7dc1a53\u003c/code\u003e\u003c/a\u003e Version Packages\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/76f5376bd418cb8baf5ec32757af442d47128e22\"\u003e\u003ccode\u003e76f5376\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://github.com/steveukx/git-js/tree/HEAD/simple-git/issues/1061\"\u003e#1061\u003c/a\u003e from Vinzent03/fix/buffer-import\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/89a2294febed5dfe737c4c735d936bb6018746a8\"\u003e\u003ccode\u003e89a2294\u003c/code\u003e\u003c/a\u003e Environment Parsing (\u003ca href=\"https://github.com/steveukx/git-js/tree/HEAD/simple-git/issues/1156\"\u003e#1156\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/1b91b762f047777ca6686f34ac3f7b8a543a4780\"\u003e\u003ccode\u003e1b91b76\u003c/code\u003e\u003c/a\u003e fix: remove explicit node:buffer import\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/e390685960a3461875dce89d87ab80e3143d79fe\"\u003e\u003ccode\u003ee390685\u003c/code\u003e\u003c/a\u003e Version Packages\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/3c9e4b8309667d0cb4102cda770f92075fc781dd\"\u003e\u003ccode\u003e3c9e4b8\u003c/code\u003e\u003c/a\u003e Pin version of \u003ccode\u003e@​simple-git/args-pathspec\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/94ee21fd5a2a6182fbf0f218a5efca2057b567cd\"\u003e\u003ccode\u003e94ee21f\u003c/code\u003e\u003c/a\u003e Export \u003ccode\u003epathspec\u003c/code\u003e types through \u003ccode\u003esimple-git\u003c/code\u003e for backward compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/6d7cb5174273aa33d131172d3770cb386e795171\"\u003e\u003ccode\u003e6d7cb51\u003c/code\u003e\u003c/a\u003e Version Packages\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/0de400e7b014a48113acf673b3409a95b9c87a15\"\u003e\u003ccode\u003e0de400e\u003c/code\u003e\u003c/a\u003e Switch to semver from workspace revisions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/2264722abcb637042dd4cc50d903d69e4ee14b38\"\u003e\u003ccode\u003e2264722\u003c/code\u003e\u003c/a\u003e Version Packages\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/steveukx/git-js/commits/simple-git@3.36.0/simple-git\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for simple-git since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `undici` from 7.10.0 to 7.25.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodejs/undici/releases\"\u003eundici's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.25.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.24.8...v7.25.0\"\u003ehttps://github.com/nodejs/undici/compare/v7.24.8...v7.25.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.24.8\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: backport 401 stream-backed body fix to v7.x by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/5006\"\u003enodejs/undici#5006\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.24.7...v7.24.8\"\u003ehttps://github.com/nodejs/undici/compare/v7.24.7...v7.24.8\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.24.7\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: update broken links in file \u0026quot;Dispatcher.md\u0026quot; by \u003ca href=\"https://github.com/samuel871211\"\u003e\u003ccode\u003e@​samuel871211\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4924\"\u003enodejs/undici#4924\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edoc: remove unused parameter \u003ccode\u003eredirectionLimitReached\u003c/code\u003e by \u003ca href=\"https://github.com/samuel871211\"\u003e\u003ccode\u003e@​samuel871211\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4933\"\u003enodejs/undici#4933\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: skip flaky macOS Node 20 cookie fetch cases by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4932\"\u003enodejs/undici#4932\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(types): align Response with DOM fetch types by \u003ca href=\"https://github.com/theamodhshetty\"\u003e\u003ccode\u003e@​theamodhshetty\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4867\"\u003enodejs/undici#4867\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(types): Fix clone method type declaration to be an instance method rather than instance property by \u003ca href=\"https://github.com/mistval\"\u003e\u003ccode\u003e@​mistval\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4925\"\u003enodejs/undici#4925\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: skip IPv6 tests when IPv6 is not available by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4939\"\u003enodejs/undici#4939\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: correctly handle multi-value rawHeaders in fetch by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4938\"\u003enodejs/undici#4938\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eignore AGENTS.md by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4942\"\u003enodejs/undici#4942\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/samuel871211\"\u003e\u003ccode\u003e@​samuel871211\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4924\"\u003enodejs/undici#4924\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mistval\"\u003e\u003ccode\u003e@​mistval\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4925\"\u003enodejs/undici#4925\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.24.6...v7.24.7\"\u003ehttps://github.com/nodejs/undici/compare/v7.24.6...v7.24.7\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.24.6\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(test): client wasm compatible with clang 22 by \u003ca href=\"https://github.com/rozzilla\"\u003e\u003ccode\u003e@​rozzilla\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4909\"\u003enodejs/undici#4909\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(mock): improve error message when intercepts are exhausted by \u003ca href=\"https://github.com/travisbreaks\"\u003e\u003ccode\u003e@​travisbreaks\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4912\"\u003enodejs/undici#4912\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(websocket): support open diagnostics over h2 by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4921\"\u003enodejs/undici#4921\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: assume http/https scheme for scheme-less proxy env vars by \u003ca href=\"https://github.com/travisbreaks\"\u003e\u003ccode\u003e@​travisbreaks\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4914\"\u003enodejs/undici#4914\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(cache): check Authorization on request headers per RFC 9111 §3.5 by \u003ca href=\"https://github.com/metalix2\"\u003e\u003ccode\u003e@​metalix2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4911\"\u003enodejs/undici#4911\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: wrap kConnector call in try/catch to prevent client hang by \u003ca href=\"https://github.com/veeceey\"\u003e\u003ccode\u003e@​veeceey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4834\"\u003enodejs/undici#4834\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: clarify fetch and FormData pairing by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4922\"\u003enodejs/undici#4922\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: support Connection header with connection-specific header names per RFC 7230 by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4775\"\u003enodejs/undici#4775\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: avoid prototype collisions in parseHeaders by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4923\"\u003enodejs/undici#4923\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump typescript from 5.9.3 to 6.0.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4926\"\u003enodejs/undici#4926\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: auto-init WPT submodule by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4930\"\u003enodejs/undici#4930\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rozzilla\"\u003e\u003ccode\u003e@​rozzilla\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4909\"\u003enodejs/undici#4909\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/veeceey\"\u003e\u003ccode\u003e@​veeceey\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4834\"\u003enodejs/undici#4834\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.24.5...v7.24.6\"\u003ehttps://github.com/nodejs/undici/compare/v7.24.5...v7.24.6\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/12d9045923b7caebb1ae6975ef34c29dbcfd95d0\"\u003e\u003ccode\u003e12d9045\u003c/code\u003e\u003c/a\u003e Bumped v7.25.0 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/5025\"\u003e#5025\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/7a6f7febb30a30748a04f38c21e3641c77d21b0e\"\u003e\u003ccode\u003e7a6f7fe\u003c/code\u003e\u003c/a\u003e Bumped v7.24.8 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/5020\"\u003e#5020\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/1f85ae4b27ed6401e7ccc35eb546ad2e5976121f\"\u003e\u003ccode\u003e1f85ae4\u003c/code\u003e\u003c/a\u003e fix: avoid 401 failures for stream-backed request bodies (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4941\"\u003e#4941\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/5006\"\u003e#5006\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/c6610674dfad7c205ddf0f27831133973ad7894e\"\u003e\u003ccode\u003ec661067\u003c/code\u003e\u003c/a\u003e chore: update v7.x maintenance release flow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/84f23e2a19cd0f585579c4257d801e4ec2d65dbd\"\u003e\u003ccode\u003e84f23e2\u003c/code\u003e\u003c/a\u003e Bumped v7.24.7 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4947\"\u003e#4947\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/a770b1033201984b9e8082a9bf955414bff5dc2e\"\u003e\u003ccode\u003ea770b10\u003c/code\u003e\u003c/a\u003e ignore AGENTS.md (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4942\"\u003e#4942\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/6acd19beaf67c1a2d07bcd38f40d0b751a81e7cc\"\u003e\u003ccode\u003e6acd19b\u003c/code\u003e\u003c/a\u003e fix: correctly handle multi-value rawHeaders in fetch (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4938\"\u003e#4938\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/1da1c747c7d6e01b93ab295e0efb86623f3c8e06\"\u003e\u003ccode\u003e1da1c74\u003c/code\u003e\u003c/a\u003e test: skip IPv6 tests when IPv6 is not available (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4939\"\u003e#4939\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/04cb77327f7ada95c2e5b67424cddcb22d7bf882\"\u003e\u003ccode\u003e04cb773\u003c/code\u003e\u003c/a\u003e fix(types): Fix clone method type declaration to be an instance method rather...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/5145a7c47080d1715b2723591def3a75b0c3ba63\"\u003e\u003ccode\u003e5145a7c\u003c/code\u003e\u003c/a\u003e fix(types): align Response with DOM fetch types (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4867\"\u003e#4867\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nodejs/undici/compare/v7.10.0...v7.25.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for undici since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `brace-expansion` from 1.1.12 to 1.1.14\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/10c05fcf3699b1a29ef5e611c011af3d3c97e6e3\"\u003e\u003ccode\u003e10c05fc\u003c/code\u003e\u003c/a\u003e 1.1.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/1afa1b22ead12f6a7a02f25bf0f7d64c2439b007\"\u003e\u003ccode\u003e1afa1b2\u003c/code\u003e\u003c/a\u003e Add opt-in { max } mitigation to v1 legacy line (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/2fbb6a2aa0f984bb2fb5f60252ca6cba3e1368ec\"\u003e\u003ccode\u003e2fbb6a2\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commi...\n\n_Description has been truncated_\n\n\u003c!-- This is an auto-generated description by cubic. --\u003e\n---\n## Summary by cubic\nUpgrade dependency group across root, core, and VS Code companion to pick up security fixes and keep tooling current. Notable bumps include `lodash` 4.18.1, `diff` 9.x/8.x, `@opentelemetry/sdk-node` 0.217.0, and `@modelcontextprotocol/sdk` 1.29.0 (root/core) and 1.26.0 (VS Code).\n\n- **Dependencies**\n  - `lodash` → 4.18.1 (security fixes for prototype pollution and template injection).\n  - `diff` → 9.0.0 in `packages/cli`, 8.0.3 in `packages/core` (ES5 dropped; better Git patch support; stricter header handling).\n  - `@opentelemetry/sdk-node` → 0.217.0 (updated declarative config, diag logging behavior).\n  - `@modelcontextprotocol/sdk` → 1.29.0 (root/core), `1.26.0` (`packages/vscode-ide-companion`).\n  - Tooling and libs: `simple-git` 3.36.0, `undici` 7.25.0, `rollup` 4.60.3, `vite` 7.3.3, plus minor `minimatch`/`brace-expansion`/`ajv` updates.\n\n- **Migration**\n  - If you use `diff.parsePatch/formatPatch`, review Git-style headers and filename quoting; unpaired headers now throw and filename fields can be `undefined`.\n  - Verify OpenTelemetry config: check `log_level` values and YAML validity (invalid config now yields a noop SDK); confirm tracing/metrics still export.\n  - Reinstall deps and rebuild the workspace to update lockfiles across all packages.\n\n\u003csup\u003eWritten for commit 480058b30dcde60a7280fee00e253c7dc559ce92. Summary will update on new commits.\u003c/sup\u003e\n\n\u003c!-- End of auto-generated description by cubic. --\u003e\n\n\n\n\u003c!-- Macroscope's pull request summary starts here --\u003e\n\u003c!-- Macroscope will only edit the content between these invisible markers, and the markers themselves will not be visible in the GitHub rendered markdown. --\u003e\n\u003c!-- If you delete either of the start / end markers from your PR's description, Macroscope will append its summary at the bottom of the description. --\u003e\n\u003e [!NOTE]\n\u003e ### Bump npm dependencies including `@opentelemetry/sdk-node`, `@modelcontextprotocol/sdk`, `lodash`, and `diff`\n\u003e - Updates `lodash` from `^4.17.21` to `^4.18.1` in the root package\n\u003e - Updates `diff` from `^7.0.0` to `^9.0.0` in `packages/cli` and to `^8.0.3` in `packages/core`\n\u003e - Updates `@opentelemetry/sdk-node` from `^0.52.0` to `^0.217.0` in `packages/core`\n\u003e - Updates `@modelcontextprotocol/sdk` from `^1.15.1` to `^1.26.0` in `packages/vscode-ide-companion`\n\u003e\n\u003e \u003c!-- Macroscope's review summary starts here --\u003e\n\u003e\n\u003e \u003csup\u003e\u003ca href=\"https://app.macroscope.com\"\u003eMacroscope\u003c/a\u003e summarized 480058b.\u003c/sup\u003e\n\u003e \u003c!-- Macroscope's review summary ends here --\u003e\n\u003e\n\u003c!-- macroscope-ui-refresh --\u003e\n\u003c!-- Macroscope's pull request summary ends here --\u003e","html_url":"https://github.com/RemyLoveLogicAI/gemini-cli/pull/33","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/RemyLoveLogicAI%2Fgemini-cli/issues/33","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/33/packages"},{"uuid":"4433525844","node_id":"PR_kwDOPk9Rs87a5QmI","number":26,"state":"open","title":"chore(deps): bump the npm_and_yarn group across 2 directories with 20 updates","user":"dependabot[bot]","labels":["dependencies","javascript","size/S"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-13T00:16:16.000Z","updated_at":"2026-05-13T00:16:21.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"npm_and_yarn","update_count":20,"packages":[{"name":"simple-git","old_version":"3.28.0","new_version":"3.36.0","repository_url":"https://github.com/steveukx/git-js"},{"name":"glob","old_version":"10.4.5","new_version":"10.5.0","repository_url":"https://github.com/isaacs/node-glob"},{"name":"lodash","old_version":"4.17.21","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"tar","old_version":"7.4.3","new_version":"7.5.11","repository_url":"https://github.com/isaacs/node-tar"},{"name":"@modelcontextprotocol/sdk","old_version":"1.15.1","new_version":"1.29.0","repository_url":"https://github.com/modelcontextprotocol/typescript-sdk"},{"name":"diff","old_version":"7.0.0","new_version":"9.0.0","repository_url":"https://github.com/kpdecker/jsdiff"},{"name":"undici","old_version":"7.10.0","new_version":"7.25.0","repository_url":"https://github.com/nodejs/undici"},{"name":"ajv","old_version":"8.17.1","new_version":"8.18.0","repository_url":"https://github.com/ajv-validator/ajv"},{"name":"fast-uri","old_version":"3.0.6","new_version":"3.1.2","repository_url":"https://github.com/fastify/fast-uri"},{"name":"picomatch","old_version":"4.0.3","new_version":"4.0.4","repository_url":"https://github.com/micromatch/picomatch"},{"name":"brace-expansion","old_version":"1.1.12","new_version":"1.1.14","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"minimatch","old_version":"3.1.2","new_version":"3.1.5","repository_url":"https://github.com/isaacs/minimatch"},{"name":"fast-xml-parser","old_version":"4.5.3","new_version":"5.8.0","repository_url":"https://github.com/NaturalIntelligence/fast-xml-parser"},{"name":"flatted","old_version":"3.3.3","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"js-yaml","old_version":"4.1.0","new_version":"4.1.1","repository_url":"https://github.com/nodeca/js-yaml"},{"name":"jws","old_version":"4.0.0","new_version":"4.0.1","repository_url":"https://github.com/brianloveswords/node-jws"},{"name":"path-to-regexp","old_version":"8.2.0","new_version":"8.4.2","repository_url":"https://github.com/pillarjs/path-to-regexp"},{"name":"rollup","old_version":"4.44.0","new_version":"4.60.3","repository_url":"https://github.com/rollup/rollup"},{"name":"vite","old_version":"7.1.5","new_version":"7.3.3","repository_url":"https://github.com/vitejs/vite"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 19 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [simple-git](https://github.com/steveukx/git-js/tree/HEAD/simple-git) | `3.28.0` | `3.36.0` |\n| [glob](https://github.com/isaacs/node-glob) | `10.4.5` | `10.5.0` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [tar](https://github.com/isaacs/node-tar) | `7.4.3` | `7.5.11` |\n| [@modelcontextprotocol/sdk](https://github.com/modelcontextprotocol/typescript-sdk) | `1.15.1` | `1.29.0` |\n| [diff](https://github.com/kpdecker/jsdiff) | `7.0.0` | `9.0.0` |\n| [undici](https://github.com/nodejs/undici) | `7.10.0` | `7.25.0` |\n| [ajv](https://github.com/ajv-validator/ajv) | `8.17.1` | `8.18.0` |\n| [fast-uri](https://github.com/fastify/fast-uri) | `3.0.6` | `3.1.2` |\n| [picomatch](https://github.com/micromatch/picomatch) | `4.0.3` | `4.0.4` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.12` | `1.1.14` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) | `4.5.3` | `5.8.0` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `4.1.0` | `4.1.1` |\n| [jws](https://github.com/brianloveswords/node-jws) | `4.0.0` | `4.0.1` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `8.2.0` | `8.4.2` |\n| [rollup](https://github.com/rollup/rollup) | `4.44.0` | `4.60.3` |\n| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `7.1.5` | `7.3.3` |\n\nBumps the npm_and_yarn group with 1 update in the /packages/core directory: [diff](https://github.com/kpdecker/jsdiff).\n\nUpdates `simple-git` from 3.28.0 to 3.36.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/steveukx/git-js/releases\"\u003esimple-git's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003esimple-git@3.36.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e89a2294: Extend known exploitable configuration keys and per-task environment variables.\u003c/p\u003e\n\u003cp\u003eNote - \u003ccode\u003eParsedVulnerabilities\u003c/code\u003e from \u003ccode\u003eargv-parser\u003c/code\u003e is removed in favour of a readonly array of \u003ccode\u003eVulnerability\u003c/code\u003e to match usage in \u003ccode\u003esimple-git\u003c/code\u003e, rolled into the new \u003ccode\u003evulnerabilityCheck\u003c/code\u003e for simpler access to the identified issues.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/zebbern\"\u003e\u003ccode\u003e@​zebbern\u003c/code\u003e\u003c/a\u003e for identifying the need to block \u003ccode\u003ecore.fsmonitor\u003c/code\u003e.\nThanks to \u003ca href=\"https://github.com/kodareef5\"\u003e\u003ccode\u003e@​kodareef5\u003c/code\u003e\u003c/a\u003e for identifying the need to block \u003ccode\u003eGIT_CONFIG_COUNT\u003c/code\u003e environment variables and \u003ccode\u003e--template\u003c/code\u003e / \u003ccode\u003emerge\u003c/code\u003e related config.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e1ad57e8: Remove conflicting node:buffer import\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [89a2294]\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [675570a]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/argv-parser\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.1.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/args-pathspec\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esimple-git@3.35.2\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e0cf9d8c: Improvements for mono-repo publishing pipeline\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [0cf9d8c]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/args-pathspec\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.2\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/argv-parser\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esimple-git@3.35.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e0de400e: Update monorepo version handling during publish\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [0de400e]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/argv-parser\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.2\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esimple-git@3.33.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ea263635: Use \u003ccode\u003epathspec\u003c/code\u003e wrappers for remote and local paths when running either \u003ccode\u003egit.clone\u003c/code\u003e or \u003ccode\u003egit.mirror\u003c/code\u003e to\navoid leaving them less open for unexpected outcomes when passing unsanitised data into these tasks.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003ee253a0d: Enhanced \u003ccode\u003egit -c\u003c/code\u003e checks in \u003ccode\u003eunsafe\u003c/code\u003e plugin.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/JohannesLks\"\u003e\u003ccode\u003e@​JohannesLks\u003c/code\u003e\u003c/a\u003e for identifying the issue\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esimple-git@3.32.3\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ef704208: Enhanced \u003ccode\u003eprotocol.allow\u003c/code\u003e checks in \u003ccode\u003eallowUnsafeExtProtocol\u003c/code\u003e handling.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/steveukx/git-js/blob/main/simple-git/CHANGELOG.md\"\u003esimple-git's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.36.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e89a2294: Extend known exploitable configuration keys and per-task environment variables.\u003c/p\u003e\n\u003cp\u003eNote - \u003ccode\u003eParsedVulnerabilities\u003c/code\u003e from \u003ccode\u003eargv-parser\u003c/code\u003e is removed in favour of a readonly array of \u003ccode\u003eVulnerability\u003c/code\u003e to match usage in \u003ccode\u003esimple-git\u003c/code\u003e, rolled into the new \u003ccode\u003evulnerabilityCheck\u003c/code\u003e for simpler access to the identified issues.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/zebbern\"\u003e\u003ccode\u003e@​zebbern\u003c/code\u003e\u003c/a\u003e for identifying the need to block \u003ccode\u003ecore.fsmonitor\u003c/code\u003e.\nThanks to \u003ca href=\"https://github.com/kodareef5\"\u003e\u003ccode\u003e@​kodareef5\u003c/code\u003e\u003c/a\u003e for identifying the need to block \u003ccode\u003eGIT_CONFIG_COUNT\u003c/code\u003e environment variables and \u003ccode\u003e--template\u003c/code\u003e / \u003ccode\u003emerge\u003c/code\u003e related config.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e1ad57e8: Remove conflicting node:buffer import\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [89a2294]\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [675570a]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/argv-parser\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.1.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/args-pathspec\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.35.2\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e0cf9d8c: Improvements for mono-repo publishing pipeline\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [0cf9d8c]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/args-pathspec\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.2\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/argv-parser\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.35.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e0de400e: Update monorepo version handling during publish\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [0de400e]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/argv-parser\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.2\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.35.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e3d8708b: Updating publish config\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated dependencies [3d8708b]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/args-pathspec\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.1\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/argv-parser\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.34.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/7dc1a532a9ec92fb08c93202954be73175b07d83\"\u003e\u003ccode\u003e7dc1a53\u003c/code\u003e\u003c/a\u003e Version Packages\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/76f5376bd418cb8baf5ec32757af442d47128e22\"\u003e\u003ccode\u003e76f5376\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://github.com/steveukx/git-js/tree/HEAD/simple-git/issues/1061\"\u003e#1061\u003c/a\u003e from Vinzent03/fix/buffer-import\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/89a2294febed5dfe737c4c735d936bb6018746a8\"\u003e\u003ccode\u003e89a2294\u003c/code\u003e\u003c/a\u003e Environment Parsing (\u003ca href=\"https://github.com/steveukx/git-js/tree/HEAD/simple-git/issues/1156\"\u003e#1156\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/1b91b762f047777ca6686f34ac3f7b8a543a4780\"\u003e\u003ccode\u003e1b91b76\u003c/code\u003e\u003c/a\u003e fix: remove explicit node:buffer import\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/e390685960a3461875dce89d87ab80e3143d79fe\"\u003e\u003ccode\u003ee390685\u003c/code\u003e\u003c/a\u003e Version Packages\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/3c9e4b8309667d0cb4102cda770f92075fc781dd\"\u003e\u003ccode\u003e3c9e4b8\u003c/code\u003e\u003c/a\u003e Pin version of \u003ccode\u003e@​simple-git/args-pathspec\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/94ee21fd5a2a6182fbf0f218a5efca2057b567cd\"\u003e\u003ccode\u003e94ee21f\u003c/code\u003e\u003c/a\u003e Export \u003ccode\u003epathspec\u003c/code\u003e types through \u003ccode\u003esimple-git\u003c/code\u003e for backward compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/6d7cb5174273aa33d131172d3770cb386e795171\"\u003e\u003ccode\u003e6d7cb51\u003c/code\u003e\u003c/a\u003e Version Packages\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/0de400e7b014a48113acf673b3409a95b9c87a15\"\u003e\u003ccode\u003e0de400e\u003c/code\u003e\u003c/a\u003e Switch to semver from workspace revisions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/2264722abcb637042dd4cc50d903d69e4ee14b38\"\u003e\u003ccode\u003e2264722\u003c/code\u003e\u003c/a\u003e Version Packages\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/steveukx/git-js/commits/simple-git@3.36.0/simple-git\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for simple-git since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `glob` from 10.4.5 to 10.5.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-glob/commit/56774ef73b495eb0b17cdd0f42921f5ef62297c1\"\u003e\u003ccode\u003e56774ef\u003c/code\u003e\u003c/a\u003e 10.5.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-glob/commit/1e4e297342a09f2aa0ced87fcd4a70ddc325d75f\"\u003e\u003ccode\u003e1e4e297\u003c/code\u003e\u003c/a\u003e bin: Do not expose filenames to shell expansion\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/isaacs/node-glob/compare/v10.4.5...v10.5.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lodash` from 4.17.21 to 4.18.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lodash/lodash/releases\"\u003elodash's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.18.1\u003c/h2\u003e\n\u003ch2\u003eBugs\u003c/h2\u003e\n\u003cp\u003eFixes a \u003ccode\u003eReferenceError\u003c/code\u003e issue in \u003ccode\u003elodash\u003c/code\u003e \u003ccode\u003elodash-es\u003c/code\u003e \u003ccode\u003elodash-amd\u003c/code\u003e and \u003ccode\u003elodash.template\u003c/code\u003e when using the \u003ccode\u003etemplate\u003c/code\u003e and \u003ccode\u003efromPairs\u003c/code\u003e functions from the modular builds. See \u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6167#issuecomment-4165269769\"\u003elodash/lodash#6167\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThese defects were related to how lodash distributions are built from the main branch using \u003ca href=\"https://github.com/lodash-archive/lodash-cli\"\u003ehttps://github.com/lodash-archive/lodash-cli\u003c/a\u003e. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.\u003c/p\u003e\n\u003cp\u003eThere is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003elodash\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-es\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-amd\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash.template\u003c/code\u003e\u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.18.0\u003c/h2\u003e\n\u003ch2\u003ev4.18.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.23...4.18.0\"\u003ehttps://github.com/lodash/lodash/compare/4.17.23...4.18.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.unset\u003c/code\u003e / \u003ccode\u003e_.omit\u003c/code\u003e\u003c/strong\u003e: Fixed prototype pollution via \u003ccode\u003econstructor\u003c/code\u003e/\u003ccode\u003eprototype\u003c/code\u003e path traversal (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-f23m-r3pf-42rh\"\u003eGHSA-f23m-r3pf-42rh\u003c/a\u003e, \u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003efe8d32e\u003c/a\u003e). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now \u003ccode\u003econstructor\u003c/code\u003e and \u003ccode\u003eprototype\u003c/code\u003e are blocked unconditionally as non-terminal path keys, matching \u003ccode\u003ebaseSet\u003c/code\u003e. Calls that previously returned \u003ccode\u003etrue\u003c/code\u003e and deleted the property now return \u003ccode\u003efalse\u003c/code\u003e and leave the target untouched.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.template\u003c/code\u003e\u003c/strong\u003e: Fixed code injection via \u003ccode\u003eimports\u003c/code\u003e keys (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-r5fr-rjxr-66jc\"\u003eGHSA-r5fr-rjxr-66jc\u003c/a\u003e, CVE-2026-4800, \u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e879aaa9\u003c/a\u003e). Fixes an incomplete patch for CVE-2021-23337. The \u003ccode\u003evariable\u003c/code\u003e option was validated against \u003ccode\u003ereForbiddenIdentifierChars\u003c/code\u003e but \u003ccode\u003eimportsKeys\u003c/code\u003e was left unguarded, allowing code injection via the same \u003ccode\u003eFunction()\u003c/code\u003e constructor sink. \u003ccode\u003eimports\u003c/code\u003e keys containing forbidden identifier characters now throw \u003ccode\u003e\u0026quot;Invalid imports option passed into _.template\u0026quot;\u003c/code\u003e.\u003c/p\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd security notice for \u003ccode\u003e_.template\u003c/code\u003e in threat model and API docs (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6099\"\u003e#6099\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDocument \u003ccode\u003elower \u0026gt; upper\u003c/code\u003e behavior in \u003ccode\u003e_.random\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6115\"\u003e#6115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix quotes in \u003ccode\u003e_.compact\u003c/code\u003e jsdoc (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6090\"\u003e#6090\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ccode\u003elodash.*\u003c/code\u003e modular packages\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6157\"\u003eDiff\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eWe have also regenerated and published a select number of the \u003ccode\u003elodash.*\u003c/code\u003e modular packages.\u003c/p\u003e\n\u003cp\u003eThese modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.orderby\"\u003elodash.orderby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.tonumber\"\u003elodash.tonumber\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trim\"\u003elodash.trim\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trimend\"\u003elodash.trimend\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.sortedindexby\"\u003elodash.sortedindexby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.zipobjectdeep\"\u003elodash.zipobjectdeep\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.unset\"\u003elodash.unset\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.omit\"\u003elodash.omit\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.template\"\u003elodash.template\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/cb0b9b9212521c08e3eafe7c8cb0af1b42b6649e\"\u003e\u003ccode\u003ecb0b9b9\u003c/code\u003e\u003c/a\u003e release(patch): bump main to 4.18.1 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6177\"\u003e#6177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/75535f57883b7225adb96de1cfc1cd4169cfcb51\"\u003e\u003ccode\u003e75535f5\u003c/code\u003e\u003c/a\u003e chore: prune stale advisory refs (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6170\"\u003e#6170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/62e91bc6a39c98d85b9ada8c44d40593deaf82a4\"\u003e\u003ccode\u003e62e91bc\u003c/code\u003e\u003c/a\u003e docs: remove n_ Node.js \u0026lt; 6 REPL note from README (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6165\"\u003e#6165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/59be2de61f8aa9461c7856533b51d31b7d8babc4\"\u003e\u003ccode\u003e59be2de\u003c/code\u003e\u003c/a\u003e release(minor): bump to 4.18.0 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6161\"\u003e#6161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/af634573030f979194871da7c68f79420992f53d\"\u003e\u003ccode\u003eaf63457\u003c/code\u003e\u003c/a\u003e fix: broken tests for _.template 879aaa9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/1073a7693e1727e0cf3641e5f71f75ddcf8de7c0\"\u003e\u003ccode\u003e1073a76\u003c/code\u003e\u003c/a\u003e fix: linting issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e\u003ccode\u003e879aaa9\u003c/code\u003e\u003c/a\u003e fix: validate imports keys in _.template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003e\u003ccode\u003efe8d32e\u003c/code\u003e\u003c/a\u003e fix: block prototype pollution in baseUnset via constructor/prototype traversal\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/18ba0a32f42fd02117f096b032f89c984173462d\"\u003e\u003ccode\u003e18ba0a3\u003c/code\u003e\u003c/a\u003e refactor(fromPairs): use baseAssignValue for consistent assignment (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6153\"\u003e#6153\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/b8190803d48d60b8c80ad45d39125f32fa618cb2\"\u003e\u003ccode\u003eb819080\u003c/code\u003e\u003c/a\u003e ci: add dist sync validation workflow (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6137\"\u003e#6137\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.21...4.18.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `tar` from 7.4.3 to 7.5.11\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md\"\u003etar's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003e7.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003ezstd\u003c/code\u003e compression support.\u003c/li\u003e\n\u003cli\u003eConsistent TOCTOU behavior in sync t.list\u003c/li\u003e\n\u003cli\u003eOnly read from ustar block if not specified in Pax\u003c/li\u003e\n\u003cli\u003eFix sync tar.list when file size reduces while reading\u003c/li\u003e\n\u003cli\u003eSanitize absolute linkpaths properly\u003c/li\u003e\n\u003cli\u003ePrevent writing hardlink entries to the archive ahead of their\nfile target\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate \u003ccode\u003eonentry\u003c/code\u003e in favor of \u003ccode\u003eonReadEntry\u003c/code\u003e for clarity.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eonWriteEntry\u003c/code\u003e option\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDRY the command definitions into a single \u003ccode\u003emakeCommand\u003c/code\u003e method,\nand update the type signatures to more appropriately infer the\nreturn type from the options and arguments provided.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate minipass to v7.1.0\u003c/li\u003e\n\u003cli\u003eUpdate the type definitions of \u003ccode\u003ewrite()\u003c/code\u003e and \u003ccode\u003eend()\u003c/code\u003e methods on\n\u003ccode\u003eUnpack\u003c/code\u003e and \u003ccode\u003eParser\u003c/code\u003e classes to be compatible with the\nNodeJS.WritableStream type in the latest versions of\n\u003ccode\u003e@types/node\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for node \u0026lt;18\u003c/li\u003e\n\u003cli\u003eRewrite in TypeScript, provide ESM and CommonJS hybrid\ninterface\u003c/li\u003e\n\u003cli\u003eAdd tree-shake friendly exports, like \u003ccode\u003eimport('tar/create')\u003c/code\u003e\nand \u003ccode\u003eimport('tar/read-entry')\u003c/code\u003e to get individual functions or\nclasses.\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003echmod\u003c/code\u003e option that defaults to false, and deprecate\n\u003ccode\u003enoChmod\u003c/code\u003e. That is, reverse the default option regarding\nexplicitly setting file system modes to match tar entry\nsettings.\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eprocessUmask\u003c/code\u003e option to avoid having to call\n\u003ccode\u003eprocess.umask()\u003c/code\u003e when \u003ccode\u003echmod: true\u003c/code\u003e (or \u003ccode\u003enoChmod: false\u003c/code\u003e) is\nset.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/bf776f673164215074b62749e0fe80e5834588f4\"\u003e\u003ccode\u003ebf776f6\u003c/code\u003e\u003c/a\u003e 7.5.11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/f48b5fa3b7985ddab96dc0f2125a4ffc9911b6ad\"\u003e\u003ccode\u003ef48b5fa\u003c/code\u003e\u003c/a\u003e prevent escaping symlinks with drive-relative paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/97cff15d3539a37a4095eb3d287147d9d77c2dc3\"\u003e\u003ccode\u003e97cff15\u003c/code\u003e\u003c/a\u003e docs: more security info\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/2b72abc1d47c3570e1ad95c9ab557fc4c2e6e4b1\"\u003e\u003ccode\u003e2b72abc\u003c/code\u003e\u003c/a\u003e 7.5.10\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/7bc755dd85e623c0279e08eb3784909e6d7e4b9f\"\u003e\u003ccode\u003e7bc755d\u003c/code\u003e\u003c/a\u003e parse root off paths before sanitizing .. parts\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/c8cb84629dee649feedde03f2f4ea48f2e44e778\"\u003e\u003ccode\u003ec8cb846\u003c/code\u003e\u003c/a\u003e update deps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/1f0c2c9006b10199cf2686f8ef43e79a1773e1aa\"\u003e\u003ccode\u003e1f0c2c9\u003c/code\u003e\u003c/a\u003e 7.5.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/fbb08518bf290733b68ca4d4135f75becf73fd75\"\u003e\u003ccode\u003efbb0851\u003c/code\u003e\u003c/a\u003e build minified version as default export\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/6b8eba0ef367ac937e703238daa6df94ae6f823f\"\u003e\u003ccode\u003e6b8eba0\u003c/code\u003e\u003c/a\u003e 7.5.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/2cb1120bcefe28d7ecc719b41441ade59c52e384\"\u003e\u003ccode\u003e2cb1120\u003c/code\u003e\u003c/a\u003e fix(unpack): improve UnpackSync symlink error \u0026quot;into\u0026quot; path accuracy\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/node-tar/compare/v7.4.3...v7.5.11\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~isaacs\"\u003eisaacs\u003c/a\u003e, a new releaser for tar since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@modelcontextprotocol/sdk` from 1.15.1 to 1.29.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/releases\"\u003e@​modelcontextprotocol/sdk's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.29.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: treat v1.x as primary branch for npm latest tag (backport \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1577\"\u003e#1577\u003c/a\u003e) by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1749\"\u003emodelcontextprotocol/typescript-sdk#1749\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[v1.x] fix: disallow null (infinite) requested TTL by \u003ca href=\"https://github.com/LucaButBoring\"\u003e\u003ccode\u003e@​LucaButBoring\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1339\"\u003emodelcontextprotocol/typescript-sdk#1339\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[v1.x] fix: add missing size field to ResourceSchema by \u003ca href=\"https://github.com/olaservo\"\u003e\u003ccode\u003e@​olaservo\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1575\"\u003emodelcontextprotocol/typescript-sdk#1575\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd typings exports by \u003ca href=\"https://github.com/tdraier\"\u003e\u003ccode\u003e@​tdraier\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1623\"\u003emodelcontextprotocol/typescript-sdk#1623\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev1.x npm audit fix by \u003ca href=\"https://github.com/KKonstantinov\"\u003e\u003ccode\u003e@​KKonstantinov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1780\"\u003emodelcontextprotocol/typescript-sdk#1780\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev1.x \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1623\"\u003e#1623\u003c/a\u003e follow up -add missing types to package.json by \u003ca href=\"https://github.com/KKonstantinov\"\u003e\u003ccode\u003e@​KKonstantinov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1773\"\u003emodelcontextprotocol/typescript-sdk#1773\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[v1.x backport] Allow servers / clients to advertise extensions in the capability object by \u003ca href=\"https://github.com/localden\"\u003e\u003ccode\u003e@​localden\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1811\"\u003emodelcontextprotocol/typescript-sdk#1811\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(stdio): always set windowsHide on Windows, not just in Electron by \u003ca href=\"https://github.com/jnMetaCode\"\u003e\u003ccode\u003e@​jnMetaCode\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1640\"\u003emodelcontextprotocol/typescript-sdk#1640\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: bump version to 1.29.0 by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1820\"\u003emodelcontextprotocol/typescript-sdk#1820\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tdraier\"\u003e\u003ccode\u003e@​tdraier\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1623\"\u003emodelcontextprotocol/typescript-sdk#1623\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jnMetaCode\"\u003e\u003ccode\u003e@​jnMetaCode\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1640\"\u003emodelcontextprotocol/typescript-sdk#1640\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/v1.28.0...v1.29.0\"\u003ehttps://github.com/modelcontextprotocol/typescript-sdk/compare/v1.28.0...v1.29.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.28.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: use scopes_supported from resource metadata by default (fixes \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/580\"\u003e#580\u003c/a\u003e) by \u003ca href=\"https://github.com/antogyn\"\u003e\u003ccode\u003e@​antogyn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/757\"\u003emodelcontextprotocol/typescript-sdk#757\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[v1.x backport] Default to client_secret_basic when server omits token_endpoint_auth_methods_supported by \u003ca href=\"https://github.com/pcarleton\"\u003e\u003ccode\u003e@​pcarleton\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1611\"\u003emodelcontextprotocol/typescript-sdk#1611\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: reject plain JSON Schema objects passed as inputSchema by \u003ca href=\"https://github.com/tiluckdave\"\u003e\u003ccode\u003e@​tiluckdave\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1596\"\u003emodelcontextprotocol/typescript-sdk#1596\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: clear _timeoutInfo in _onclose() and scope .finally() abort controller cleanup by \u003ca href=\"https://github.com/pcarleton\"\u003e\u003ccode\u003e@​pcarleton\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1462\"\u003emodelcontextprotocol/typescript-sdk#1462\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(server/auth): RFC 8252 loopback port relaxation by \u003ca href=\"https://github.com/poteat\"\u003e\u003ccode\u003e@​poteat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1738\"\u003emodelcontextprotocol/typescript-sdk#1738\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: bump version to 1.28.0 by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1746\"\u003emodelcontextprotocol/typescript-sdk#1746\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/antogyn\"\u003e\u003ccode\u003e@​antogyn\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/757\"\u003emodelcontextprotocol/typescript-sdk#757\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tiluckdave\"\u003e\u003ccode\u003e@​tiluckdave\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1596\"\u003emodelcontextprotocol/typescript-sdk#1596\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/poteat\"\u003e\u003ccode\u003e@​poteat\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1738\"\u003emodelcontextprotocol/typescript-sdk#1738\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/v1.27.1...v1.28.0\"\u003ehttps://github.com/modelcontextprotocol/typescript-sdk/compare/v1.27.1...v1.28.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.27.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: implement auth/pre-registration conformance scenario by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1545\"\u003emodelcontextprotocol/typescript-sdk#1545\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: add governance documentation for SEP-1730 by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1547\"\u003emodelcontextprotocol/typescript-sdk#1547\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: comprehensive feature documentation for SEP-1730 Tier 1 by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1548\"\u003emodelcontextprotocol/typescript-sdk#1548\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: prevent command injection in example URL opening (v1.x backport) by \u003ca href=\"https://github.com/maxisbey\"\u003e\u003ccode\u003e@​maxisbey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1579\"\u003emodelcontextprotocol/typescript-sdk#1579\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: call onerror for silently swallowed transport errors by \u003ca href=\"https://github.com/qing-ant\"\u003e\u003ccode\u003e@​qing-ant\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1580\"\u003emodelcontextprotocol/typescript-sdk#1580\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: bump version to 1.27.1 by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1581\"\u003emodelcontextprotocol/typescript-sdk#1581\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qing-ant\"\u003e\u003ccode\u003e@​qing-ant\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1580\"\u003emodelcontextprotocol/typescript-sdk#1580\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/v1.27.0...v1.27.1\"\u003ehttps://github.com/modelcontextprotocol/typescript-sdk/compare/v1.27.0...v1.27.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.27.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/e12cbd7078db388152f6e839abdbe09ba01f3f32\"\u003e\u003ccode\u003ee12cbd7\u003c/code\u003e\u003c/a\u003e chore: bump version to 1.29.0 (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1820\"\u003e#1820\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/3913fd4443a86536155e3ebef9edd2045c372c1e\"\u003e\u003ccode\u003e3913fd4\u003c/code\u003e\u003c/a\u003e fix(stdio): always set windowsHide on Windows, not just in Electron (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1640\"\u003e#1640\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/5608e78dd0d4ca6cd7dd03278419578f1780365a\"\u003e\u003ccode\u003e5608e78\u003c/code\u003e\u003c/a\u003e [v1.x backport] Allow servers / clients to advertise extensions in the capabi...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/7213816788e634ffb9d09affe50f0295093bfb73\"\u003e\u003ccode\u003e7213816\u003c/code\u003e\u003c/a\u003e v1.x \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1623\"\u003e#1623\u003c/a\u003e follow up -add missing types to package.json (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1773\"\u003e#1773\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/364f38ca2d8895aed7c37b7a0a1031bb7ae4841c\"\u003e\u003ccode\u003e364f38c\u003c/code\u003e\u003c/a\u003e v1.x npm audit fix (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1780\"\u003e#1780\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/c95cc0943b045517e4cc414baf1f168b216c3142\"\u003e\u003ccode\u003ec95cc09\u003c/code\u003e\u003c/a\u003e Add typings exports (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1623\"\u003e#1623\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/ddadaa6cc633fb5db0c094bf031b15b68a357820\"\u003e\u003ccode\u003eddadaa6\u003c/code\u003e\u003c/a\u003e [v1.x] fix: add missing size field to ResourceSchema (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1575\"\u003e#1575\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/2a158513028d9f862c4188b6957e78cd5663f26b\"\u003e\u003ccode\u003e2a15851\u003c/code\u003e\u003c/a\u003e [v1.x] fix: disallow null (infinite) requested TTL (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1339\"\u003e#1339\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/13e30f1d36de8442417fec695983bdb155c00768\"\u003e\u003ccode\u003e13e30f1\u003c/code\u003e\u003c/a\u003e fix: treat v1.x as primary branch for npm latest tag (backport \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1577\"\u003e#1577\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1749\"\u003e#1749\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/a0565695218544fc53e99bf5b544a887d373cefa\"\u003e\u003ccode\u003ea056569\u003c/code\u003e\u003c/a\u003e chore: bump version to 1.28.0 (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1746\"\u003e#1746\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/1.15.1...v1.29.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~pcarleton\"\u003epcarleton\u003c/a\u003e, a new releaser for \u003ccode\u003e@​modelcontextprotocol/sdk\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `diff` from 7.0.0 to 9.0.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kpdecker/jsdiff/blob/master/release-notes.md\"\u003ediff's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e9.0.0\u003c/h2\u003e\n\u003cp\u003e(All changes part of PR \u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/672\"\u003e#672\u003c/a\u003e.)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eES5 support is dropped\u003c/strong\u003e. \u003ccode\u003eparsePatch\u003c/code\u003e now uses \u003ccode\u003eTextDecoder\u003c/code\u003e and \u003ccode\u003eUint8Array\u003c/code\u003e, which are not available in ES5, and TypeScript is now compiled with the \u0026quot;es6\u0026quot; \u003ccode\u003etarget\u003c/code\u003e. From now on, I intend to freely use any features that are deemed \u0026quot;Widely available\u0026quot; by \u003ca href=\"https://web.dev/baseline\"\u003eBaseline\u003c/a\u003e. Users who need ES5 support should stick to version 8.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eC-style quoted strings in filename headers are now properly supported\u003c/strong\u003e.\u003c/p\u003e\n\u003cp\u003eWhen the name of either the old or new file in a patch contains \u0026quot;special characters\u0026quot;, both GNU \u003ccode\u003ediff\u003c/code\u003e and Git quote the filename in the patch's headers and escape special characters using the same escape sequences that are used in string literals in C, including octal escapes for all non-ASCII characters. Previously, jsdiff had very little support for this; \u003ccode\u003eparsePatch\u003c/code\u003e would remove the quotes, and unescape any escaped backslashes, but would not unescape other escape sequences. \u003ccode\u003eformatPatch\u003c/code\u003e, meanwhile, did not quote or escape special characters at all.\u003c/p\u003e\n\u003cp\u003eNow, \u003ccode\u003eparsePatch\u003c/code\u003e parses all the possible escape sequences that GNU diff (or Git) ever output, and \u003ccode\u003eformatPatch\u003c/code\u003e quotes and escapes filenames containing special characters in the same way GNU diff does.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003eformatPatch\u003c/code\u003e now omits file headers when \u003ccode\u003eoldFileName\u003c/code\u003e or \u003ccode\u003enewFileName\u003c/code\u003e in the provided patch object are \u003ccode\u003eundefined\u003c/code\u003e\u003c/strong\u003e, regardless of the \u003ccode\u003eheaderOptions\u003c/code\u003e parameter. (Previously, it would treat the absence of \u003ccode\u003eoldFileName\u003c/code\u003e or \u003ccode\u003enewFileName\u003c/code\u003e as indicating the filename was the word \u0026quot;undefined\u0026quot; and emit headers \u003ccode\u003e--- undefined\u003c/code\u003e / \u003ccode\u003e+++ undefined\u003c/code\u003e.)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003eformatPatch\u003c/code\u003e no longer outputs trailing tab characters at the end of \u003ccode\u003e---\u003c/code\u003e/\u003ccode\u003e+++\u003c/code\u003e headers.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003ePreviously, if \u003ccode\u003eformatPatch\u003c/code\u003e was passed a patch object to serialize that had empty strings for the \u003ccode\u003eoldHeader\u003c/code\u003e or \u003ccode\u003enewHeader\u003c/code\u003e property, it would include a trailing tab character after the filename in the \u003ccode\u003e---\u003c/code\u003e and/or \u003ccode\u003e+++\u003c/code\u003e file header. Now, this scenario is treated the same as when \u003ccode\u003eoldHeader\u003c/code\u003e/\u003ccode\u003enewHeader\u003c/code\u003e is \u003ccode\u003eundefined\u003c/code\u003e - i.e. the trailing tab is omitted.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003eformatPatch\u003c/code\u003e no longer mutates its input\u003c/strong\u003e when serializing a patch containing a hunk where either the old or new content contained zero lines. (Such a hunk occurs only when the hunk has no context lines and represents a pure insertion or pure deletion, which for instance will occur whenever one of the two files being diffed is completely empty.) Previously \u003ccode\u003eformatPatch\u003c/code\u003e would provide the correct output but also mutate the \u003ccode\u003eoldLines\u003c/code\u003e or \u003ccode\u003enewLines\u003c/code\u003e property on the hunk, changing the meaning of the underlying patch.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eGit-style patches are now supported by \u003ccode\u003eparsePatch\u003c/code\u003e, \u003ccode\u003eformatPatch\u003c/code\u003e, and \u003ccode\u003ereversePatch\u003c/code\u003e\u003c/strong\u003e.\u003c/p\u003e\n\u003cp\u003ePatches output by \u003ccode\u003egit diff\u003c/code\u003e can include some features that are unlike those output by GNU \u003ccode\u003ediff\u003c/code\u003e, and therefore not handled by an ordinary unified diff format parser. An ordinary diff simply describes the differences between the \u003cem\u003econtent\u003c/em\u003e of two files, but Git diffs can also indicate, via \u0026quot;extended headers\u0026quot;, the creation or deletion of (potentially empty) files, indicate that a file was renamed, and contain information about file mode changes. Furthermore, when these changes appear in a diff in the absence of a content change (e.g. when an empty file is created, or a file is renamed without content changes), the patch will contain no associated \u003ccode\u003e---\u003c/code\u003e/\u003ccode\u003e+++\u003c/code\u003e file headers nor any hunks.\u003c/p\u003e\n\u003cp\u003ejsdiff previously did not support parsing Git's extended headers, nor hunkless patches. Now \u003ccode\u003eparsePatch\u003c/code\u003e parses some of the extended headers, parses hunkless Git patches, and can determine filenames (e.g. from the extended headers) when parsing a patch that includes no \u003ccode\u003e---\u003c/code\u003e or \u003ccode\u003e+++\u003c/code\u003e file headers. The additional information conveyed by the extended headers we support is recorded on new fields on the result object returned by \u003ccode\u003eparsePatch\u003c/code\u003e. See \u003ccode\u003eisGit\u003c/code\u003e and subsequent properties in the docs in the README.md file.\u003c/p\u003e\n\u003cp\u003e\u003ccode\u003eformatPatch\u003c/code\u003e now outputs extended headers based on these new Git-specific properties, and \u003ccode\u003ereversePatch\u003c/code\u003e respects them as far as possible (with one unavoidable caveat noted in the README.md file).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eUnpaired file headers now cause \u003ccode\u003eparsePatch\u003c/code\u003e to throw\u003c/strong\u003e.\u003c/p\u003e\n\u003cp\u003eIt remains acceptable to have a patch with no file headers whatsoever (e.g. one that begins with a \u003ccode\u003e@@\u003c/code\u003e hunk header on the very first line), but a patch with \u003cem\u003eonly\u003c/em\u003e a \u003ccode\u003e---\u003c/code\u003e header or only a \u003ccode\u003e+++\u003c/code\u003e header is now considered an error.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003eparsePatch\u003c/code\u003e is now more tolerant of \u0026quot;trailing garbage\u0026quot;\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eThat is: after a patch, or between files/indexes in a patch, it is now acceptable to have arbitrary lines of \u0026quot;garbage\u0026quot; (so long as they unambiguously have no syntactic meaning - e.g. trailing garbage that leads with a \u003ccode\u003e+\u003c/code\u003e, \u003ccode\u003e-\u003c/code\u003e, or \u003ccode\u003e \u003c/code\u003e and thus is interpretable as part of a hunk still triggers a throw).\u003c/p\u003e\n\u003cp\u003eThis means we no longer reject patches output by tools that include extra data in \u0026quot;garbage\u0026quot; lines not understood by generic unified diff parsers. (For example, SVN patches can include \u0026quot;Property changes on:\u0026quot; lines that generic unified diff parsers should discard as garbage; jsdiff previously threw errors when encountering them.)\u003c/p\u003e\n\u003cp\u003eThis change brings jsdiff's behaviour more in line with GNU \u003ccode\u003epatch\u003c/code\u003e, which is highly permissive of \u0026quot;garbage\u0026quot;.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eThe \u003ccode\u003eoldFileName\u003c/code\u003e and \u003ccode\u003enewFileName\u003c/code\u003e fields of \u003ccode\u003eStructuredPatch\u003c/code\u003e are now typed as \u003ccode\u003estring | undefined\u003c/code\u003e instead of \u003ccode\u003estring\u003c/code\u003e\u003c/strong\u003e. This type change reflects the (pre-existing) reality that \u003ccode\u003eparsePatch\u003c/code\u003e can produce patches without filenames (e.g. when parsing a patch that simply contains hunks with no file headers).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.0.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/667\"\u003e#667\u003c/a\u003e - \u003cstrong\u003efix another bug in \u003ccode\u003ediffWords\u003c/code\u003e when used with an \u003ccode\u003eIntl.Segmenter\u003c/code\u003e\u003c/strong\u003e. If the text to be diffed included a combining mark after a whitespace character (i.e. roughly speaking, an accented space), \u003ccode\u003ediffWords\u003c/code\u003e would previously crash. Now this case is handled correctly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.0.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/631\"\u003e#631\u003c/a\u003e - \u003cstrong\u003efix support for using an \u003ccode\u003eIntl.Segmenter\u003c/code\u003e with \u003ccode\u003ediffWords\u003c/code\u003e\u003c/strong\u003e. This has been almost completely broken since the feature was added in v6.0.0, since it would outright crash on any text that featured two consecutive newlines between a pair of words (a very common case).\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/635\"\u003e#635\u003c/a\u003e - \u003cstrong\u003esmall tweaks to tokenization behaviour of \u003ccode\u003ediffWords\u003c/code\u003e\u003c/strong\u003e when used \u003cem\u003ewithout\u003c/em\u003e an \u003ccode\u003eIntl.Segmenter\u003c/code\u003e. Specifically, the soft hyphen (U+00AD) is no longer considered to be a word break, and the multiplication and division signs (\u003ccode\u003e×\u003c/code\u003e and \u003ccode\u003e÷\u003c/code\u003e) are now treated as punctuation instead of as letters / word characters.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/ed13aca03aa25735fafc0645d1185e7a1c68fd8c\"\u003e\u003ccode\u003eed13aca\u003c/code\u003e\u003c/a\u003e Update version in package.json and in release notes (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/683\"\u003e#683\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/7a49317b503a932b88fc72ad9c57a481df038e24\"\u003e\u003ccode\u003e7a49317\u003c/code\u003e\u003c/a\u003e Bump dependencies again (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/682\"\u003e#682\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/afe5aecad189c9f5941ad3feb3c94c46b32ecb0a\"\u003e\u003ccode\u003eafe5aec\u003c/code\u003e\u003c/a\u003e Add Git support, and otherwise variously improve \u0026amp; fix parsePatch (and other ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/2e46779d8866ce7da1303a03db33ed038590c6f6\"\u003e\u003ccode\u003e2e46779\u003c/code\u003e\u003c/a\u003e Fix a typo (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/679\"\u003e#679\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/dd2f99497703a1540b2ae406b51c49b74b5fc1a1\"\u003e\u003ccode\u003edd2f994\u003c/code\u003e\u003c/a\u003e 8.0.4 release (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/678\"\u003e#678\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/3cc438434db53c5d1c40412b727ea7650f6f145a\"\u003e\u003ccode\u003e3cc4384\u003c/code\u003e\u003c/a\u003e Update docs on releasing to reflect migration to yarn berry (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/677\"\u003e#677\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/6fc2aa6b7672af08774b50aae00d97b99c5b5715\"\u003e\u003ccode\u003e6fc2aa6\u003c/code\u003e\u003c/a\u003e yarn up '*' \u0026amp;\u0026amp; yarn up -R '**' (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/676\"\u003e#676\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/af7393ac3404565dc8da655c2e7aeeed28c01ff7\"\u003e\u003ccode\u003eaf7393a\u003c/code\u003e\u003c/a\u003e yarn up '*' \u0026amp;\u0026amp; yarn up -R '**' (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/670\"\u003e#670\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/4b5d1800370bf29b61a3378fb8086aeb231d3ef7\"\u003e\u003ccode\u003e4b5d180\u003c/code\u003e\u003c/a\u003e Fix another bug in diffWords's \u0026quot;intlSegmenter\u0026quot; mode (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/667\"\u003e#667\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/10da50c466709e7bd4b192dac96af0af46f8b7bd\"\u003e\u003ccode\u003e10da50c\u003c/code\u003e\u003c/a\u003e yarn up '*' \u0026amp;\u0026amp; yarn up -R '**' (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/666\"\u003e#666\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kpdecker/jsdiff/compare/7.0.0...v9.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `undici` from 7.10.0 to 7.25.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodejs/undici/releases\"\u003eundici's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.25.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.24.8...v7.25.0\"\u003ehttps://github.com/nodejs/undici/compare/v7.24.8...v7.25.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.24.8\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: backport 401 stream-backed body fix to v7.x by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/5006\"\u003enodejs/undici#5006\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.24.7...v7.24.8\"\u003ehttps://github.com/nodejs/undici/compare/v7.24.7...v7.24.8\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.24.7\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: update broken links in file \u0026quot;Dispatcher.md\u0026quot; by \u003ca href=\"https://github.com/samuel871211\"\u003e\u003ccode\u003e@​samuel871211\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4924\"\u003enodejs/undici#4924\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edoc: remove unused parameter \u003ccode\u003eredirectionLimitReached\u003c/code\u003e by \u003ca href=\"https://github.com/samuel871211\"\u003e\u003ccode\u003e@​samuel871211\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4933\"\u003enodejs/undici#4933\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: skip flaky macOS Node 20 cookie fetch cases by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4932\"\u003enodejs/undici#4932\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(types): align Response with DOM fetch types by \u003ca href=\"https://github.com/theamodhshetty\"\u003e\u003ccode\u003e@​theamodhshetty\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4867\"\u003enodejs/undici#4867\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(types): Fix clone method type declaration to be an instance method rather than instance property by \u003ca href=\"https://github.com/mistval\"\u003e\u003ccode\u003e@​mistval\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4925\"\u003enodejs/undici#4925\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: skip IPv6 tests when IPv6 is not available by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4939\"\u003enodejs/undici#4939\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: correctly handle multi-value rawHeaders in fetch by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4938\"\u003enodejs/undici#4938\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eignore AGENTS.md by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4942\"\u003enodejs/undici#4942\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/samuel871211\"\u003e\u003ccode\u003e@​samuel871211\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4924\"\u003enodejs/undici#4924\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mistval\"\u003e\u003ccode\u003e@​mistval\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4925\"\u003enodejs/undici#4925\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.24.6...v7.24.7\"\u003ehttps://github.com/nodejs/undici/compare/v7.24.6...v7.24.7\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.24.6\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(test): client wasm compatible with clang 22 by \u003ca href=\"https://github.com/rozzilla\"\u003e\u003ccode\u003e@​rozzilla\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4909\"\u003enodejs/undici#4909\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(mock): improve error message when intercepts are exhausted by \u003ca href=\"https://github.com/travisbreaks\"\u003e\u003ccode\u003e@​travisbreaks\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4912\"\u003enodejs/undici#4912\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(websocket): support open diagnostics over h2 by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4921\"\u003enodejs/undici#4921\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: assume http/https scheme for scheme-less proxy env vars by \u003ca href=\"https://github.com/travisbreaks\"\u003e\u003ccode\u003e@​travisbreaks\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4914\"\u003enodejs/undici#4914\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(cache): check Authorization on request headers per RFC 9111 §3.5 by \u003ca href=\"https://github.com/metalix2\"\u003e\u003ccode\u003e@​metalix2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4911\"\u003enodejs/undici#4911\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: wrap kConnector call in try/catch to prevent client hang by \u003ca href=\"https://github.com/veeceey\"\u003e\u003ccode\u003e@​veeceey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4834\"\u003enodejs/undici#4834\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: clarify fetch and FormData pairing by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4922\"\u003enodejs/undici#4922\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: support Connection header with connection-specific header names per RFC 7230 by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4775\"\u003enodejs/undici#4775\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: avoid prototype collisions in parseHeaders by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4923\"\u003enodejs/undici#4923\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump typescript from 5.9.3 to 6.0.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4926\"\u003enodejs/undici#4926\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: auto-init WPT submodule by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4930\"\u003enodejs/undici#4930\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rozzilla\"\u003e\u003ccode\u003e@​rozzilla\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4909\"\u003enodejs/undici#4909\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/veeceey\"\u003e\u003ccode\u003e@​veeceey\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4834\"\u003enodejs/undici#4834\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.24.5...v7.24.6\"\u003ehttps://github.com/nodejs/undici/compare/v7.24.5...v7.24.6\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/12d9045923b7caebb1ae6975ef34c29dbcfd95d0\"\u003e\u003ccode\u003e12d9045\u003c/code\u003e\u003c/a\u003e Bumped v7.25.0 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/5025\"\u003e#5025\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/7a6f7febb30a30748a04f38c21e3641c77d21b0e\"\u003e\u003ccode\u003e7a6f7fe\u003c/code\u003e\u003c/a\u003e Bumped v7.24.8 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/5020\"\u003e#5020\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/1f85ae4b27ed6401e7ccc35eb546ad2e5976121f\"\u003e\u003ccode\u003e1f85ae4\u003c/code\u003e\u003c/a\u003e fix: avoid 401 failures for stream-backed request bodies (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4941\"\u003e#4941\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/5006\"\u003e#5006\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/c6610674dfad7c205ddf0f27831133973ad7894e\"\u003e\u003ccode\u003ec661067\u003c/code\u003e\u003c/a\u003e chore: update v7.x maintenance release flow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/84f23e2a19cd0f585579c4257d801e4ec2d65dbd\"\u003e\u003ccode\u003e84f23e2\u003c/code\u003e\u003c/a\u003e Bumped v7.24.7 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4947\"\u003e#4947\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/a770b1033201984b9e8082a9bf955414bff5dc2e\"\u003e\u003ccode\u003ea770b10\u003c/code\u003e\u003c/a\u003e ignore AGENTS.md (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4942\"\u003e#4942\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/6acd19beaf67c1a2d07bcd38f40d0b751a81e7cc\"\u003e\u003ccode\u003e6acd19b\u003c/code\u003e\u003c/a\u003e fix: correctly handle multi-value rawHeaders in fetch (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4938\"\u003e#4938\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/1da1c747c7d6e01b93ab295e0efb86623f3c8e06\"\u003e\u003ccode\u003e1da1c74\u003c/code\u003e\u003c/a\u003e test: skip IPv6 tests when IPv6 is not available (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4939\"\u003e#4939\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/04cb77327f7ada95c2e5b67424cddcb22d7bf882\"\u003e\u003ccode\u003e04cb773\u003c/code\u003e\u003c/a\u003e fix(types): Fix clone method type declaration to be an instance method rather...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/5145a7c47080d1715b2723591def3a75b0c3ba63\"\u003e\u003ccode\u003e5145a7c\u003c/code\u003e\u003c/a\u003e fix(types): align Response with DOM fetch types (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4867\"\u003e#4867\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nodejs/undici/compare/v7.10.0...v7.25.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for undici since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ajv` from 8.17.1 to 8.18.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ajv-validator/ajv/releases\"\u003eajv's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.18.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: allow tree-shaking by adding \u003ccode\u003e\u0026quot;sideEffects\u0026quot;: false\u003c/code\u003e to \u003ccode\u003epackage.json\u003c/code\u003e by \u003ca href=\"https://github.com/josdejong\"\u003e\u003ccode\u003e@​josdejong\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2480\"\u003eajv-validator/ajv#2480\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2482\"\u003e#2482\u003c/a\u003e Infinity and NaN serialise to null by \u003ca href=\"https://github.com/jasoniangreen\"\u003e\u003ccode\u003e@​jasoniangreen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2487\"\u003eajv-validator/ajv#2487\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: small grammatical error in managing-schemas.md by \u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2508\"\u003eajv-validator/ajv#2508\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: typos in schema-language.md by \u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2507\"\u003eajv-validator/ajv#2507\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(pattern): use configured RegExp engine with $data keyword to mitigate ReDoS attacks (CVE-2025-69873) by \u003ca href=\"https://github.com/epoberezkin\"\u003e\u003ccode\u003e@​epoberezkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2586\"\u003eajv-validator/ajv#2586\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/josdejong\"\u003e\u003ccode\u003e@​josdejong\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2480\"\u003eajv-validator/ajv#2480\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2508\"\u003eajv-validator/ajv#2508\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0\"\u003ehttps://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/142ce84b807c4fe66e619c22480a28d0e4bd50fa\"\u003e\u003ccode\u003e142ce84\u003c/code\u003e\u003c/a\u003e 8.18.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/720a23fa453ffae8340e92c9b0fe886c54cfe0d5\"\u003e\u003ccode\u003e720a23f\u003c/code\u003e\u003c/a\u003e fix(pattern): use configured RegExp engine with $data keyword to mitigate ReD...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/82735a15826a30cc51e97a1bbfb59b3d388e4b98\"\u003e\u003ccode\u003e82735a1\u003c/code\u003e\u003c/a\u003e fix: typos in schema-language.md (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2507\"\u003e#2507\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/b17ec32cd97542e90ae27231d8a8bce88b9e53b6\"\u003e\u003ccode\u003eb17ec32\u003c/code\u003e\u003c/a\u003e fix: small grammatical error in managing-schemas.md (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2508\"\u003e#2508\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/69568d08564303e2c32a2de61feb833b41075f96\"\u003e\u003ccode\u003e69568d0\u003c/code\u003e\u003c/a\u003e fix: \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2482\"\u003e#2482\u003c/a\u003e Infinity and NaN serialise to null (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2487\"\u003e#2487\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/f06766f33ed7291f84c19f22a1286a34475fbdaf\"\u003e\u003ccode\u003ef06766f\u003c/code\u003e\u003c/a\u003e feat: allow tree-shaking by adding ``\u0026quot;sideEffects\u0026quot;: false\u003ccode\u003eto\u003c/code\u003epackage.json` ...\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fast-uri` from 3.0.6 to 3.1.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastify/fast-uri/releases\"\u003efast-uri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.1.2\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc\"\u003ehttps://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHandle malformed fragment decoding as a parse error by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/171\"\u003efastify/fast-uri#171\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.1.1...v3.1.2\"\u003ehttps://github.com/fastify/fast-uri/compare/v3.1.1...v3.1.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.1\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6\"\u003ehttps://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps-dev): bump tsd from 0.32.0 to 0.33.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/148\"\u003efastify/fast-uri#148\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/149\"\u003efastify/fast-uri#149\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(.npmrc): ignore scripts by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/150\"\u003efastify/fast-uri#150\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): remove \u003ccode\u003e@​fastify/pre-commit\u003c/code\u003e by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/151\"\u003efastify/fast-uri#151\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-node from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/152\"\u003efastify/fast-uri#152\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(ci): add concurrency config by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/153\"\u003efastify/fast-uri#153\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-node from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/154\"\u003efastify/fast-uri#154\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/156\"\u003efastify/fast-uri#156\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(license): standardise license notice by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/159\"\u003efastify/fast-uri#159\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003estyle: remove trailing whitespace by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/161\"\u003efastify/fast-uri#161\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: remove unused github files by \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/162\"\u003efastify/fast-uri#162\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: update readme by \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/164\"\u003efastify/fast-uri#164\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump fastify/workflows/.github/workflows/plugins-ci-package-manager.yml from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/165\"\u003efastify/fast-uri#165\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/166\"\u003efastify/fast-uri#166\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump neostandard from 0.12.2 to 0.13.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/167\"\u003efastify/fast-uri#167\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add lock-threads workflow by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/169\"\u003efastify/fast-uri#169\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/162\"\u003efastify/fast-uri#162\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.1\"\u003ehttps://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eci: remove master branch support by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/126\"\u003efastify/fast-uri#126\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(test) remove .gitkeep by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/128\"\u003efastify/fast-uri#128\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(ci): set job permissions by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/129\"\u003efastify/fast-uri#129\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: set permissions at workflow level by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/131\"\u003efastify/fast-uri#131\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: set workflow permissions to read-only by default by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/132\"\u003efastify/fast-uri#132\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(ci): restore job level permissions by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/133\"\u003efastify/fast-uri#133\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump tsd from 0.31.2 to 0.32.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/134\"\u003efastify/fast-uri#134\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(ci): pin actions to commit-hash by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/135\"\u003efastify/fast-uri#135\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add node 24 to test matrix by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/136\"\u003efastify/fast-uri#136\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/919dd8ea7689fcc220d0d9b71307f5095e723ef9\"\u003e\u003ccode\u003e919dd8e\u003c/code\u003e\u003c/a\u003e Bumped v3.1.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/c65ba573714af6b8e19e481d9444c27bc4355d07\"\u003e\u003ccode\u003ec65ba57\u003c/code\u003e\u003c/a\u003e fixup: linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/com...\n\n_Description has been truncated_","html_url":"https://github.com/balajirajput96/gemini-cli/pull/26","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/balajirajput96%2Fgemini-cli/issues/26","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/26/packages"}],"issue_packages":[{"old_version":"3.2.2","new_version":"3.2.3","update_type":"patch","path":null,"pr_created_at":"2026-05-27T06:05:11.000Z","version_change":"3.2.2 → 3.2.3","issue":{"uuid":"4529953014","node_id":"PR_kwDOP9i2uc7fsrek","number":9,"state":"closed","title":"chore(deps): bump the npm_and_yarn group across 3 directories with 20 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-27T06:12:43.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-27T06:05:11.000Z","updated_at":"2026-05-27T06:12:45.000Z","time_to_close":452,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"npm_and_yarn","update_count":20,"packages":[{"name":"axios","old_version":"1.8.4","new_version":"1.15.2","repository_url":"https://github.com/axios/axios"},{"name":"postcss","old_version":"8.5.3","new_version":"8.5.10","repository_url":"https://github.com/postcss/postcss"},{"name":"ajv","old_version":"6.12.6","new_version":"6.15.0","repository_url":"https://github.com/ajv-validator/ajv"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"picomatch","old_version":"4.0.2","new_version":"4.0.4","repository_url":"https://github.com/micromatch/picomatch"},{"name":"@tootallnate/once","old_version":"2.0.0","new_version":"2.0.1","repository_url":"https://github.com/TooTallNate/once"},{"name":"minimatch","old_version":"3.1.2","new_version":"3.1.5","repository_url":"https://github.com/isaacs/minimatch"},{"name":"yaml","old_version":"1.10.2","new_version":"1.10.3","repository_url":"https://github.com/eemeli/yaml"},{"name":"fast-uri","old_version":"3.0.1","new_version":"3.1.2","repository_url":"https://github.com/fastify/fast-uri"},{"name":"fast-xml-parser","old_version":"4.5.0","new_version":"4.5.6","repository_url":"https://github.com/NaturalIntelligence/fast-xml-parser"},{"name":"flatted","old_version":"3.3.1","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"handlebars","old_version":"4.7.8","new_version":"4.7.9","repository_url":"https://github.com/handlebars-lang/handlebars.js"},{"name":"jws","old_version":"3.2.2","new_version":"3.2.3","repository_url":"https://github.com/brianloveswords/node-jws"},{"name":"node-forge","old_version":"1.3.1","new_version":"1.4.0","repository_url":"https://github.com/digitalbazaar/forge"},{"name":"path-to-regexp","old_version":"0.1.12","new_version":"0.1.13","repository_url":"https://github.com/pillarjs/path-to-regexp"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 14 updates in the /genkit/postcard-generator directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [axios](https://github.com/axios/axios) | `1.8.4` | `1.15.2` |\n| [postcss](https://github.com/postcss/postcss) | `8.5.3` | `8.5.10` |\n| [ajv](https://github.com/ajv-validator/ajv) | `6.12.6` | `6.15.0` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [picomatch](https://github.com/micromatch/picomatch) | `4.0.2` | `4.0.4` |\n| [@tootallnate/once](https://github.com/TooTallNate/once) | `2.0.0` | `2.0.1` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [yaml](https://github.com/eemeli/yaml) | `1.10.2` | `1.10.3` |\n| [fast-uri](https://github.com/fastify/fast-uri) | `3.0.1` | `3.1.2` |\n| [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) | `4.5.0` | `4.5.6` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.1` | `3.4.2` |\n| [handlebars](https://github.com/handlebars-lang/handlebars.js) | `4.7.8` | `4.7.9` |\n| [jws](https://github.com/brianloveswords/node-jws) | `3.2.2` | `3.2.3` |\n| [node-forge](https://github.com/digitalbazaar/forge) | `1.3.1` | `1.4.0` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `0.1.12` | `0.1.13` |\n\nBumps the npm_and_yarn group with 3 updates in the /vision/sample-apps/V-Start directory: [jws](https://github.com/brianloveswords/node-jws), [path-to-regexp](https://github.com/pillarjs/path-to-regexp) and [ws](https://github.com/websockets/ws).\nBumps the npm_and_yarn group with 6 updates in the /vision/use-cases/hey_llm directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [ajv](https://github.com/ajv-validator/ajv) | `6.12.6` | `6.15.0` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.1` | `3.4.2` |\n| [jws](https://github.com/brianloveswords/node-jws) | `4.0.0` | `4.0.1` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n\n\nUpdates `axios` from 1.8.4 to 1.15.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/releases\"\u003eaxios's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.15.2\u003c/h2\u003e\n\u003cp\u003eThis release delivers prototype-pollution hardening for the Node HTTP adapter, adds an opt-in \u003ccode\u003eallowedSocketPaths\u003c/code\u003e allowlist to mitigate SSRF via Unix domain sockets, fixes a keep-alive socket memory leak, and ships supply-chain hardening across CI and security docs.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution Hardening (HTTP Adapter):\u003c/strong\u003e Hardened the Node HTTP adapter and \u003ccode\u003eresolveConfig\u003c/code\u003e/\u003ccode\u003emergeConfig\u003c/code\u003e/validator paths to read only own properties and use null-prototype config objects, preventing polluted \u003ccode\u003eauth\u003c/code\u003e, \u003ccode\u003ebaseURL\u003c/code\u003e, \u003ccode\u003esocketPath\u003c/code\u003e, \u003ccode\u003ebeforeRedirect\u003c/code\u003e, and \u003ccode\u003einsecureHTTPParser\u003c/code\u003e from influencing requests. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10779\"\u003e#10779\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSSRF via \u003ccode\u003esocketPath\u003c/code\u003e:\u003c/strong\u003e Rejects non-string \u003ccode\u003esocketPath\u003c/code\u003e values and adds an opt-in \u003ccode\u003eallowedSocketPaths\u003c/code\u003e config option to restrict permitted Unix domain socket paths, returning \u003ccode\u003eAxiosError\u003c/code\u003e \u003ccode\u003eERR_BAD_OPTION_VALUE\u003c/code\u003e on mismatch. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10777\"\u003e#10777\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSupply-chain Hardening:\u003c/strong\u003e Added \u003ccode\u003e.npmrc\u003c/code\u003e with \u003ccode\u003eignore-scripts=true\u003c/code\u003e, lockfile lint CI, non-blocking reproducible build diff, scoped CODEOWNERS, expanded \u003ccode\u003eSECURITY.md\u003c/code\u003e/\u003ccode\u003eTHREATMODEL.md\u003c/code\u003e with provenance verification (\u003ccode\u003enpm audit signatures\u003c/code\u003e), 60-day resolution policy, and maintainer incident-response runbook. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10776\"\u003e#10776\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eallowedSocketPaths\u003c/code\u003e Config Option:\u003c/strong\u003e New request config option (and TypeScript types) to allowlist Unix domain socket paths used by the Node http adapter; backwards compatible when unset. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10777\"\u003e#10777\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eKeep-alive Socket Memory Leak:\u003c/strong\u003e Installs a single per-socket \u003ccode\u003eerror\u003c/code\u003e listener tracking the active request via \u003ccode\u003ekAxiosSocketListener\u003c/code\u003e/\u003ccode\u003ekAxiosCurrentReq\u003c/code\u003e, eliminating per-request listener accumulation, \u003ccode\u003eMaxListenersExceededWarning\u003c/code\u003e, and linear heap growth under concurrent or long-running keep-alive workloads (fixes \u003ca href=\"https://redirect.github.com/axios/axios/issues/10780\"\u003e#10780\u003c/a\u003e). (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10788\"\u003e#10788\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eChangelog:\u003c/strong\u003e Updated \u003ccode\u003eCHANGELOG.md\u003c/code\u003e with v1.15.1 release notes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10781\"\u003e#10781\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/axios/axios/compare/v1.15.1...v1.15.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.15.1\u003c/h2\u003e\n\u003cp\u003eThis release ships a coordinated set of security hardening fixes across headers, body/redirect limits, multipart handling, and XSRF/prototype-pollution vectors, alongside a broad sweep of bug fixes, test migrations, and threat-model documentation updates.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eHeader Injection Hardening:\u003c/strong\u003e Tightened validation and sanitisation across request header construction to close the header-injection attack surface. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10749\"\u003e#10749\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eCRLF Stripping in Multipart Headers:\u003c/strong\u003e Correctly strips CR/LF from multipart header values to prevent injection via field names and filenames. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10758\"\u003e#10758\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution / Auth Bypass:\u003c/strong\u003e Replaced unsafe \u003ccode\u003ein\u003c/code\u003e checks with \u003ccode\u003ehasOwnProperty\u003c/code\u003e to prevent authentication bypass via prototype pollution on config objects, with additional regression tests. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10761\"\u003e#10761\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10760\"\u003e#10760\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ewithXSRFToken\u003c/code\u003e Truthy Bypass:\u003c/strong\u003e Short-circuits on any truthy non-boolean value, so an ambiguous config no longer silently leaks the XSRF token cross-origin. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10762\"\u003e#10762\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003emaxBodyLength\u003c/code\u003e With Zero Redirects:\u003c/strong\u003e Enforces \u003ccode\u003emaxBodyLength\u003c/code\u003e even when \u003ccode\u003emaxRedirects\u003c/code\u003e is set to \u003ccode\u003e0\u003c/code\u003e, closing a bypass path for oversized request bodies. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10753\"\u003e#10753\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eStreamed Response \u003ccode\u003emaxContentLength\u003c/code\u003e Bypass:\u003c/strong\u003e Applies \u003ccode\u003emaxContentLength\u003c/code\u003e to streamed responses that previously bypassed the cap. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10754\"\u003e#10754\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eFollow-up CVE Completion:\u003c/strong\u003e Completes an earlier incomplete CVE fix to fully close the regression window. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10755\"\u003e#10755\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eAI-Based Docs Translations:\u003c/strong\u003e Initial scaffold for AI-assisted translations of the documentation site. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10705\"\u003e#10705\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eLocation\u003c/code\u003e Request Header Type:\u003c/strong\u003e Adds \u003ccode\u003eLocation\u003c/code\u003e to \u003ccode\u003eCommonRequestHeadersList\u003c/code\u003e for accurate typing of redirect-aware requests. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7528\"\u003e#7528\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFormData Handling:\u003c/strong\u003e Removes \u003ccode\u003eContent-Type\u003c/code\u003e when no boundary is present on \u003ccode\u003eFormData\u003c/code\u003e fetch requests, supports multi-select fields, cancels \u003ccode\u003erequest.body\u003c/code\u003e instead of the source stream on fetch abort, and fixes a recursion bug in form-data serialisation. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7314\"\u003e#7314\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10676\"\u003e#10676\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10702\"\u003e#10702\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10726\"\u003e#10726\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP Adapter:\u003c/strong\u003e Handles socket-only request errors without leaking keep-alive listeners. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10576\"\u003e#10576\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProgress Events:\u003c/strong\u003e Clamps \u003ccode\u003eloaded\u003c/code\u003e to \u003ccode\u003etotal\u003c/code\u003e for computable upload/download progress events. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7458\"\u003e#7458\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTypes:\u003c/strong\u003e Aligns \u003ccode\u003erunWhen\u003c/code\u003e type with the runtime behaviour in \u003ccode\u003eInterceptorManager\u003c/code\u003e and makes response header keys case-insensitive. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7529\"\u003e#7529\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10677\"\u003e#10677\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ebuildFullPath\u003c/code\u003e:\u003c/strong\u003e Uses strict equality in the base/relative URL check. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7252\"\u003e#7252\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eAxiosURLSearchParams\u003c/code\u003e Regex:\u003c/strong\u003e Improves the regex used for param serialisation to avoid edge-case mismatches. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10736\"\u003e#10736\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eResilient Value Parsing:\u003c/strong\u003e Parses out header/config values instead of throwing on malformed input. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10687\"\u003e#10687\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/blob/v1.x/CHANGELOG.md\"\u003eaxios's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.15.2 - April 21, 2026\u003c/h2\u003e\n\u003cp\u003eThis release delivers prototype-pollution hardening for the Node HTTP adapter, adds an opt-in \u003ccode\u003eallowedSocketPaths\u003c/code\u003e allowlist to mitigate SSRF via Unix domain sockets, fixes a keep-alive socket memory leak, and ships supply-chain hardening across CI and security docs.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution Hardening (HTTP Adapter):\u003c/strong\u003e Hardened the Node HTTP adapter and \u003ccode\u003eresolveConfig\u003c/code\u003e/\u003ccode\u003emergeConfig\u003c/code\u003e/validator paths to read only own properties and use null-prototype config objects, preventing polluted \u003ccode\u003eauth\u003c/code\u003e, \u003ccode\u003ebaseURL\u003c/code\u003e, \u003ccode\u003esocketPath\u003c/code\u003e, \u003ccode\u003ebeforeRedirect\u003c/code\u003e, and \u003ccode\u003einsecureHTTPParser\u003c/code\u003e from influencing requests. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10779\"\u003e#10779\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSSRF via \u003ccode\u003esocketPath\u003c/code\u003e:\u003c/strong\u003e Rejects non-string \u003ccode\u003esocketPath\u003c/code\u003e values and adds an opt-in \u003ccode\u003eallowedSocketPaths\u003c/code\u003e config option to restrict permitted Unix domain socket paths, returning \u003ccode\u003eAxiosError\u003c/code\u003e \u003ccode\u003eERR_BAD_OPTION_VALUE\u003c/code\u003e on mismatch. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10777\"\u003e#10777\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSupply-chain Hardening:\u003c/strong\u003e Added \u003ccode\u003e.npmrc\u003c/code\u003e with \u003ccode\u003eignore-scripts=true\u003c/code\u003e, lockfile lint CI, non-blocking reproducible build diff, scoped CODEOWNERS, expanded \u003ccode\u003eSECURITY.md\u003c/code\u003e/\u003ccode\u003eTHREATMODEL.md\u003c/code\u003e with provenance verification (\u003ccode\u003enpm audit signatures\u003c/code\u003e), 60-day resolution policy, and maintainer incident-response runbook. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10776\"\u003e#10776\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eallowedSocketPaths\u003c/code\u003e Config Option:\u003c/strong\u003e New request config option (and TypeScript types) to allowlist Unix domain socket paths used by the Node http adapter; backwards compatible when unset. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10777\"\u003e#10777\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eKeep-alive Socket Memory Leak:\u003c/strong\u003e Installs a single per-socket \u003ccode\u003eerror\u003c/code\u003e listener tracking the active request via \u003ccode\u003ekAxiosSocketListener\u003c/code\u003e/\u003ccode\u003ekAxiosCurrentReq\u003c/code\u003e, eliminating per-request listener accumulation, \u003ccode\u003eMaxListenersExceededWarning\u003c/code\u003e, and linear heap growth under concurrent or long-running keep-alive workloads (fixes \u003ca href=\"https://redirect.github.com/axios/axios/issues/10780\"\u003e#10780\u003c/a\u003e). (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10788\"\u003e#10788\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eChangelog:\u003c/strong\u003e Updated \u003ccode\u003eCHANGELOG.md\u003c/code\u003e with v1.15.1 release notes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10781\"\u003e#10781\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/axios/axios/compare/v1.15.1...v1.15.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003chr /\u003e\n\u003ch2\u003ev1.15.1 - April 19, 2026\u003c/h2\u003e\n\u003cp\u003eThis release ships a coordinated set of security hardening fixes across headers, body/redirect limits, multipart handling, and XSRF/prototype-pollution vectors, alongside a broad sweep of bug fixes, test migrations, and threat-model documentation updates.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eHeader Injection Hardening:\u003c/strong\u003e Tightened validation and sanitisation across request header construction to close the header-injection attack surface. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10749\"\u003e#10749\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eCRLF Stripping in Multipart Headers:\u003c/strong\u003e Correctly strips CR/LF from multipart header values to prevent injection via field names and filenames. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10758\"\u003e#10758\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003ePrototype Pollution / Auth Bypass:\u003c/strong\u003e Replaced unsafe \u003ccode\u003ein\u003c/code\u003e checks with \u003ccode\u003ehasOwnProperty\u003c/code\u003e to prevent authentication bypass via prototype pollution on config objects, with additional regression tests. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10761\"\u003e#10761\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10760\"\u003e#10760\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003ewithXSRFToken\u003c/code\u003e Truthy Bypass:\u003c/strong\u003e Short-circuits on any truthy non-boolean value, so an ambiguous config no longer silently leaks the XSRF token cross-origin. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10762\"\u003e#10762\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003emaxBodyLength\u003c/code\u003e With Zero Redirects:\u003c/strong\u003e Enforces \u003ccode\u003emaxBodyLength\u003c/code\u003e even when \u003ccode\u003emaxRedirects\u003c/code\u003e is set to \u003ccode\u003e0\u003c/code\u003e, closing a bypass path for oversized request bodies. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10753\"\u003e#10753\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eStreamed Response \u003ccode\u003emaxContentLength\u003c/code\u003e Bypass:\u003c/strong\u003e Applies \u003ccode\u003emaxContentLength\u003c/code\u003e to streamed responses that previously bypassed the cap. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10754\"\u003e#10754\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eFollow-up CVE Completion:\u003c/strong\u003e Completes an earlier incomplete CVE fix to fully close the regression window. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10755\"\u003e#10755\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eAI-Based Docs Translations:\u003c/strong\u003e Initial scaffold for AI-assisted translations of the documentation site. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10705\"\u003e#10705\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/582934382e4e0e0bcb679c628071a4203e93cf57\"\u003e\u003ccode\u003e5829343\u003c/code\u003e\u003c/a\u003e chore(release): prepare release 1.15.2 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10789\"\u003e#10789\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/4709a48fa2717ba97f43f5432d48ca4e26c2d326\"\u003e\u003ccode\u003e4709a48\u003c/code\u003e\u003c/a\u003e fix: added fix for memory leak in sockets (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10788\"\u003e#10788\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/be3336014e01f9a4fc1f8aef15303cf7daaf58db\"\u003e\u003ccode\u003ebe33360\u003c/code\u003e\u003c/a\u003e chore: update changelog (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10781\"\u003e#10781\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/47915144662f2733e6c051bdcb895a8c8f0586aa\"\u003e\u003ccode\u003e4791514\u003c/code\u003e\u003c/a\u003e fix: more header pollutions (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10779\"\u003e#10779\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/6feafcff6c2dbafe206161c5d09e38e1d36af66f\"\u003e\u003ccode\u003e6feafcf\u003c/code\u003e\u003c/a\u003e fix: socket issue (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10777\"\u003e#10777\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/302e2739c602f00e323d4f3f5c79500647633a73\"\u003e\u003ccode\u003e302e273\u003c/code\u003e\u003c/a\u003e docs: update docs, add a couple actions etc (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10776\"\u003e#10776\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/ac42446be51300fe214ba3c6e40cc95f34fd6871\"\u003e\u003ccode\u003eac42446\u003c/code\u003e\u003c/a\u003e chore(release): prepare release 1.15.1 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10767\"\u003e#10767\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/908f2206b6bfeff67236784abce85935698ac1d9\"\u003e\u003ccode\u003e908f220\u003c/code\u003e\u003c/a\u003e docs: update threatmodel (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10765\"\u003e#10765\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/f93f8155250c2e066205521eda05ae22983a1f6d\"\u003e\u003ccode\u003ef93f815\u003c/code\u003e\u003c/a\u003e docs: added docs around potential decompressions bomb (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10763\"\u003e#10763\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/1728aa1b15b8857f970611fd8983c06b423fc486\"\u003e\u003ccode\u003e1728aa1\u003c/code\u003e\u003c/a\u003e fix: short-circuits on any truthy non-boolean in withXSRFToken (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10762\"\u003e#10762\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/axios/axios/compare/v1.8.4...v1.15.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for axios since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `next` from 14.2.26 to 15.4.7\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/f30d815859e932e09222e93bb6e8a376b918d874\"\u003e\u003ccode\u003ef30d815\u003c/code\u003e\u003c/a\u003e v15.4.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/1a026e338d2b8c977c8949a134168952338d6d01\"\u003e\u003ccode\u003e1a026e3\u003c/code\u003e\u003c/a\u003e fix router handling when setting a location response header (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/82588\"\u003e#82588\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/be4aafd4b744fbf6500b311b74c84243f70a3059\"\u003e\u003ccode\u003ebe4aafd\u003c/code\u003e\u003c/a\u003e v15.4.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/91e5b6b84f56c096dc2bb647eb384388e06489fd\"\u003e\u003ccode\u003e91e5b6b\u003c/code\u003e\u003c/a\u003e Backport \u0026quot;fix: add \u003ccode\u003e?dpl\u003c/code\u003e to fonts in \u003ccode\u003e/_next/static/media\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/82384\"\u003e#82384\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/82421\"\u003e#82421\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/f1629d939597cc46ccbe44fe66bda91eac31e219\"\u003e\u003ccode\u003ef1629d9\u003c/code\u003e\u003c/a\u003e Backport \u0026quot;[Pages] fix: \u003ccode\u003e_error\u003c/code\u003e page's \u003ccode\u003ereq.url\u003c/code\u003e can be overwritten t… (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/82377\"\u003e#82377\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/b9aab5dbe926c256d439bfecb226693dcd1a1be4\"\u003e\u003ccode\u003eb9aab5d\u003c/code\u003e\u003c/a\u003e v15.4.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/a8c93c49dd2d42a2ced8a17bc53b3fea11d25c96\"\u003e\u003ccode\u003ea8c93c4\u003c/code\u003e\u003c/a\u003e Disable test new tests jobs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/ed2a6c754831406f8cd724eb52a562bb124c1504\"\u003e\u003ccode\u003eed2a6c7\u003c/code\u003e\u003c/a\u003e [backport]: fix(next/image): improve and simplify detect-content-type (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/82118\"\u003e#82118\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/f00fcc9011e7d0ef027021fc8424f51b8ac97880\"\u003e\u003ccode\u003ef00fcc9\u003c/code\u003e\u003c/a\u003e [backport]: fix(next/image): fix image-optimizer.ts headers (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/82114\"\u003e#82114\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/82175\"\u003e#82175\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/55a7568e9d12459f8c5f5ae120fe2e228af284bb\"\u003e\u003ccode\u003e55a7568\u003c/code\u003e\u003c/a\u003e Backport: Turbopack: update mimalloc (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/81993\"\u003e#81993\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/82166\"\u003e#82166\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vercel/next.js/compare/v14.2.26...v15.4.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `postcss` from 8.5.3 to 8.5.10\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/releases\"\u003epostcss's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcessor#version\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map annotation cleaning performance (by CodeAnt AI).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eContainerWithChildren\u003c/code\u003e type discriminating (by \u003ca href=\"https://github.com/Goodwine\"\u003e\u003ccode\u003e@​Goodwine\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epackage.json\u003c/code\u003e→\u003ccode\u003eexports\u003c/code\u003e compatibility with some tools (by \u003ca href=\"https://github.com/JounQin\"\u003e\u003ccode\u003e@​JounQin\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed Parcel compatibility issue (by \u003ca href=\"https://github.com/git-sumitchaudhary\"\u003e\u003ccode\u003e@​git-sumitchaudhary\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/blob/main/CHANGELOG.md\"\u003epostcss's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcessor#version\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map annotation cleaning performance (by CodeAnt AI).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eContainerWithChildren\u003c/code\u003e type discriminating (by \u003ca href=\"https://github.com/Goodwine\"\u003e\u003ccode\u003e@​Goodwine\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epackage.json\u003c/code\u003e→\u003ccode\u003eexports\u003c/code\u003e compatibility with some tools (by \u003ca href=\"https://github.com/JounQin\"\u003e\u003ccode\u003e@​JounQin\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed Parcel compatibility issue (by \u003ca href=\"https://github.com/git-sumitchaudhary\"\u003e\u003ccode\u003e@​git-sumitchaudhary\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/33b9790263dc1562a46ce45d9532bd63e95b7986\"\u003e\u003ccode\u003e33b9790\u003c/code\u003e\u003c/a\u003e Release 8.5.10 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/536c79e4b01e58a3a56b09c3c0cf2323f4b9a28b\"\u003e\u003ccode\u003e536c79e\u003c/code\u003e\u003c/a\u003e Escape \u0026lt;/style\u0026gt; in CSS output (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2074\"\u003e#2074\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/afa96b2a139ce625c4d27973313479c7c85f39d4\"\u003e\u003ccode\u003eafa96b2\u003c/code\u003e\u003c/a\u003e Update dependencies (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2073\"\u003e#2073\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/effe88bb87cabdc1876e02adbdd30f392f19f40d\"\u003e\u003ccode\u003eeffe88b\u003c/code\u003e\u003c/a\u003e Typo (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2072\"\u003e#2072\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/3ee79a2c4a11e41d52db50b444eebe38299495ad\"\u003e\u003ccode\u003e3ee79a2\u003c/code\u003e\u003c/a\u003e Thread model (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2071\"\u003e#2071\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/2e0683daca4dc2919211b03774f6b2d137136c01\"\u003e\u003ccode\u003e2e0683d\u003c/code\u003e\u003c/a\u003e Create incident response docs (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/fe88ac29c06b7b218be32994cdc6ca1525bdf2c9\"\u003e\u003ccode\u003efe88ac2\u003c/code\u003e\u003c/a\u003e Release 8.5.9 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/c551632496b87ab3f1965bfda5dc386b6c71963e\"\u003e\u003ccode\u003ec551632\u003c/code\u003e\u003c/a\u003e Avoid RegExp when we can use simple JS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/89a6b744060eb8dee743351c785a9fbe37d4525a\"\u003e\u003ccode\u003e89a6b74\u003c/code\u003e\u003c/a\u003e Move SECURITY.txt for docs folder to keep GitHub page cleaner\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/6ceb8a46af9f9de821faee98f861bdf84617347b\"\u003e\u003ccode\u003e6ceb8a4\u003c/code\u003e\u003c/a\u003e Create SECURITY.md\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/postcss/postcss/compare/8.5.3...8.5.10\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ajv` from 6.12.6 to 6.15.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/184bc32745d9d33b2322949b9f3cb5f7609bf5ec\"\u003e\u003ccode\u003e184bc32\u003c/code\u003e\u003c/a\u003e 6.15.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/fea46afd1a76b12ff89493f6dc1bc46730c6d379\"\u003e\u003ccode\u003efea46af\u003c/code\u003e\u003c/a\u003e test/fix prototype pollution via $data ref with format keyword (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2606\"\u003e#2606\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/e3af0a723b4b7ad86eff43be355c706d31e0e915\"\u003e\u003ccode\u003ee3af0a7\u003c/code\u003e\u003c/a\u003e 6.14.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/b552ed66191eb338498df3196065c777e3bb71f2\"\u003e\u003ccode\u003eb552ed6\u003c/code\u003e\u003c/a\u003e add regExp option to address $data exploit via a regular expression (CVE-2025...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/72f228665859eed5e2be3a66f8c4a7aff6b34dcf\"\u003e\u003ccode\u003e72f2286\u003c/code\u003e\u003c/a\u003e docs: update v7 info\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/231e52b3bca62559202b95e5fb5cee02145b226a\"\u003e\u003ccode\u003e231e52b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/1320\"\u003e#1320\u003c/a\u003e from philsturgeon/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/d3475fc20416c33fe030c8aa3b09fa411f325bbd\"\u003e\u003ccode\u003ed3475fc\u003c/code\u003e\u003c/a\u003e Add spectral, an AJV util from a sponsor\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/413afe01f518ea74d1740a7cb211df787c585544\"\u003e\u003ccode\u003e413afe0\u003c/code\u003e\u003c/a\u003e docs: v7.0.0-beta.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/11e997bda2f3eecb445c1e5a07d96ef7e81c5f5d\"\u003e\u003ccode\u003e11e997b\u003c/code\u003e\u003c/a\u003e update readme for v7\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v6.12.6...v6.15.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `picomatch` from 2.3.1 to 2.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/releases\"\u003epicomatch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.3.2\u003c/h2\u003e\n\u003cp\u003eThis is a security release fixing several security relevant issues.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: exception when glob pattern contains constructor by \u003ca href=\"https://github.com/Jason3S\"\u003e\u003ccode\u003e@​Jason3S\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/micromatch/picomatch/pull/144\"\u003emicromatch/picomatch#144\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj\"\u003eCVE-2026-33671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p\"\u003eCVE-2026-33672\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ehttps://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md\"\u003epicomatch's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eRelease history\u003c/h1\u003e\n\u003cp\u003e\u003cstrong\u003eAll notable changes to this project will be documented in this file.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"http://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e\nand this project adheres to \u003ca href=\"http://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003eChangelogs are for humans, not machines.\u003c/li\u003e\n\u003cli\u003eThere should be an entry for every single version.\u003c/li\u003e\n\u003cli\u003eThe same types of changes should be grouped.\u003c/li\u003e\n\u003cli\u003eVersions and sections should be linkable.\u003c/li\u003e\n\u003cli\u003eThe latest version comes first.\u003c/li\u003e\n\u003cli\u003eThe release date of each versions is displayed.\u003c/li\u003e\n\u003cli\u003eMention whether you follow Semantic Versioning.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003eChangelog entries are classified using the following labels \u003cem\u003e(from \u003ca href=\"http://keepachangelog.com/\"\u003ekeep-a-changelog\u003c/a\u003e\u003c/em\u003e):\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eAdded\u003c/code\u003e for new features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eChanged\u003c/code\u003e for changes in existing functionality.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eDeprecated\u003c/code\u003e for soon-to-be removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRemoved\u003c/code\u003e for now removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFixed\u003c/code\u003e for any bug fixes.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eSecurity\u003c/code\u003e in case of vulnerabilities.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003e4.0.0 (2024-02-07)\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bad text values in parse \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/126\"\u003e#126\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/connor4312\"\u003e\u003ccode\u003e@​connor4312\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRemove process global to work outside of node \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/129\"\u003e#129\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/styfle\"\u003e\u003ccode\u003e@​styfle\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd sideEffects to package.json \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/128\"\u003e#128\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/frandiox\"\u003e\u003ccode\u003e@​frandiox\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemoved \u003ccode\u003eos\u003c/code\u003e, make compatible browser environment. See \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/124\"\u003e#124\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/gwsbhqt\"\u003e\u003ccode\u003e@​gwsbhqt\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.1\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/81cba8d4b767cab3cb29d26eb4f691eed75b73b2\"\u003e\u003ccode\u003e81cba8d\u003c/code\u003e\u003c/a\u003e Publish 2.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/fc1f6b69006e9435caf8fb40d8aff378bc0b7bce\"\u003e\u003ccode\u003efc1f6b6\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/eec17aee5428a7249e9ca5adbb8a0d28fa29619b\"\u003e\u003ccode\u003eeec17ae\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/78f8ca4362d9e66cadea97b93e292f10096452ed\"\u003e\u003ccode\u003e78f8ca4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/156\"\u003e#156\u003c/a\u003e from micromatch/backport-144\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/3f4f10eaa65bf3a52e8f2999674cd27e11fa3c9b\"\u003e\u003ccode\u003e3f4f10e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/144\"\u003e#144\u003c/a\u003e from Jason3S/jdent-object-properties\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `picomatch` from 4.0.2 to 4.0.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/releases\"\u003epicomatch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.3.2\u003c/h2\u003e\n\u003cp\u003eThis is a security release fixing several security relevant issues.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: exception when glob pattern contains constructor by \u003ca href=\"https://github.com/Jason3S\"\u003e\u003ccode\u003e@​Jason3S\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/micromatch/picomatch/pull/144\"\u003emicromatch/picomatch#144\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj\"\u003eCVE-2026-33671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p\"\u003eCVE-2026-33672\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ehttps://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md\"\u003epicomatch's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eRelease history\u003c/h1\u003e\n\u003cp\u003e\u003cstrong\u003eAll notable changes to this project will be documented in this file.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"http://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e\nand this project adheres to \u003ca href=\"http://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003eChangelogs are for humans, not machines.\u003c/li\u003e\n\u003cli\u003eThere should be an entry for every single version.\u003c/li\u003e\n\u003cli\u003eThe same types of changes should be grouped.\u003c/li\u003e\n\u003cli\u003eVersions and sections should be linkable.\u003c/li\u003e\n\u003cli\u003eThe latest version comes first.\u003c/li\u003e\n\u003cli\u003eThe release date of each versions is displayed.\u003c/li\u003e\n\u003cli\u003eMention whether you follow Semantic Versioning.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003eChangelog entries are classified using the following labels \u003cem\u003e(from \u003ca href=\"http://keepachangelog.com/\"\u003ekeep-a-changelog\u003c/a\u003e\u003c/em\u003e):\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eAdded\u003c/code\u003e for new features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eChanged\u003c/code\u003e for changes in existing functionality.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eDeprecated\u003c/code\u003e for soon-to-be removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRemoved\u003c/code\u003e for now removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFixed\u003c/code\u003e for any bug fixes.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eSecurity\u003c/code\u003e in case of vulnerabilities.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003e4.0.0 (2024-02-07)\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bad text values in parse \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/126\"\u003e#126\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/connor4312\"\u003e\u003ccode\u003e@​connor4312\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRemove process global to work outside of node \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/129\"\u003e#129\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/styfle\"\u003e\u003ccode\u003e@​styfle\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd sideEffects to package.json \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/128\"\u003e#128\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/frandiox\"\u003e\u003ccode\u003e@​frandiox\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemoved \u003ccode\u003eos\u003c/code\u003e, make compatible browser environment. See \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/124\"\u003e#124\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/gwsbhqt\"\u003e\u003ccode\u003e@​gwsbhqt\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.1\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/81cba8d4b767cab3cb29d26eb4f691eed75b73b2\"\u003e\u003ccode\u003e81cba8d\u003c/code\u003e\u003c/a\u003e Publish 2.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/fc1f6b69006e9435caf8fb40d8aff378bc0b7bce\"\u003e\u003ccode\u003efc1f6b6\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/eec17aee5428a7249e9ca5adbb8a0d28fa29619b\"\u003e\u003ccode\u003eeec17ae\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/78f8ca4362d9e66cadea97b93e292f10096452ed\"\u003e\u003ccode\u003e78f8ca4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/156\"\u003e#156\u003c/a\u003e from micromatch/backport-144\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/3f4f10eaa65bf3a52e8f2999674cd27e11fa3c9b\"\u003e\u003ccode\u003e3f4f10e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/144\"\u003e#144\u003c/a\u003e from Jason3S/jdent-object-properties\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@tootallnate/once` from 2.0.0 to 2.0.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/TooTallNate/once/releases\"\u003e@​tootallnate/once's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.0.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ea1e5e2d: Fix promise hang when AbortSignal is aborted\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/TooTallNate/once/blob/v2.0.1/CHANGELOG.md\"\u003e@​tootallnate/once's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.0.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ea1e5e2d: Fix promise hang when AbortSignal is aborted\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TooTallNate/once/commit/bcbb21d387e5fb2d0bf8ec2fd8d0ac97d4553241\"\u003e\u003ccode\u003ebcbb21d\u003c/code\u003e\u003c/a\u003e ci: fix OIDC publishing — Node 24, npm latest, provenance\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TooTallNate/once/commit/dc24387be8e3405f1e7c911caf76c87b72a0e145\"\u003e\u003ccode\u003edc24387\u003c/code\u003e\u003c/a\u003e Version Packages (2.x) (\u003ca href=\"https://redirect.github.com/TooTallNate/once/issues/12\"\u003e#12\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TooTallNate/once/commit/b8a6f80afcfd2482b4bdb1e29d784340a05e0ce3\"\u003e\u003ccode\u003eb8a6f80\u003c/code\u003e\u003c/a\u003e CI: test all Node versions on Linux only\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TooTallNate/once/commit/dabcc0fb6202663cd83994f0a21ea1c710395327\"\u003e\u003ccode\u003edabcc0f\u003c/code\u003e\u003c/a\u003e ci: drop EOL Node.js 14.x/16.x, add 22.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TooTallNate/once/commit/b464efcf4238d92590245b4d211d2fc05a94d28a\"\u003e\u003ccode\u003eb464efc\u003c/code\u003e\u003c/a\u003e Update CI: modern Node versions, fix macOS ARM64 compat\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TooTallNate/once/commit/a1e5e2d784bcd1c65e49fac1524c6c94fe81f871\"\u003e\u003ccode\u003ea1e5e2d\u003c/code\u003e\u003c/a\u003e Fix promise hang when AbortSignal is aborted\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/TooTallNate/once/compare/2.0.0...v2.0.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for \u003ccode\u003e@​tootallnate/once\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 3.1.2 to 3.1.5\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7bba97888a27a6162983056bcce2a6e28f668712\"\u003e\u003ccode\u003e7bba978\u003c/code\u003e\u003c/a\u003e 3.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/bd259425b2ca17b42897997f93e890314155522d\"\u003e\u003ccode\u003ebd25942\u003c/code\u003e\u003c/a\u003e docs: add warning about ReDoS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a9c27c75725474dbde57db2995b6281b267756d\"\u003e\u003ccode\u003e1a9c27c\u003c/code\u003e\u003c/a\u003e fix partial matching of globstar patterns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a2e084af579731af66c221214e3ca8222c9bf23\"\u003e\u003ccode\u003e1a2e084\u003c/code\u003e\u003c/a\u003e 3.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/ae24656237c3d58067442f790ce17eff84463a47\"\u003e\u003ccode\u003eae24656\u003c/code\u003e\u003c/a\u003e update lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/b1003749228b2a79e1f237963a0d559ef7a0941e\"\u003e\u003ccode\u003eb100374\u003c/code\u003e\u003c/a\u003e limit recursion for **, improve perf considerably\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/26ffeaa091b9f660833e23f42e07165b33e85c13\"\u003e\u003ccode\u003e26ffeaa\u003c/code\u003e\u003c/a\u003e lockfile update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/9eca892a4e5dbb20534f9f30483b85cdeee6c2eb\"\u003e\u003ccode\u003e9eca892\u003c/code\u003e\u003c/a\u003e lock node version to 14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/00c323b188b704e5d4bc534ecec2268cfa70a32a\"\u003e\u003ccode\u003e00c323b\u003c/code\u003e\u003c/a\u003e 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/30486b2048929264f44d18822891cfffa02af78b\"\u003e\u003ccode\u003e30486b2\u003c/code\u003e\u003c/a\u003e update CI matrix and actions\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `yaml` from 1.10.2 to 1.10.3\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/cfe8f0437054ff5fbfe6499894f55b3316a54959\"\u003e\u003ccode\u003ecfe8f04\u003c/code\u003e\u003c/a\u003e 1.10.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/7abcf45dd63f0bc626890ad9a8cdeb397f92be73\"\u003e\u003ccode\u003e7abcf45\u003c/code\u003e\u003c/a\u003e fix: Catch stack overflow during CST composition\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/a0252f8b056f49875d1b79edb8709cff7d7d0dc6\"\u003e\u003ccode\u003ea0252f8\u003c/code\u003e\u003c/a\u003e chore: Add rules avoiding processing of tests/json-test-suite\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/a5e83b05f7124c31b4784b613f0c669959a5ed48\"\u003e\u003ccode\u003ea5e83b0\u003c/code\u003e\u003c/a\u003e style: Apply updates Prettier rules\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/b8ddca0a5d4794a3c60f252d3513e6ff7068fdf0\"\u003e\u003ccode\u003eb8ddca0\u003c/code\u003e\u003c/a\u003e chore: Refresh lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/395f892ec9a26b9038c8db388b675c3281ab8cd3\"\u003e\u003ccode\u003e395f892\u003c/code\u003e\u003c/a\u003e ci: Use a different (working) submodule checkout\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/6fd272052751775e48196024d4bed639cc1e0350\"\u003e\u003ccode\u003e6fd2720\u003c/code\u003e\u003c/a\u003e test-events: Add {} and [] indicators to flow maps \u0026amp; sequences\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/eemeli/yaml/compare/v1.10.2...v1.10.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fast-uri` from 3.0.1 to 3.1.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastify/fast-uri/releases\"\u003efast-uri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.1.2\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc\"\u003ehttps://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHandle malformed fragment decoding as a parse error by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/171\"\u003efastify/fast-uri#171\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.1.1...v3.1.2\"\u003ehttps://github.com/fastify/fast-uri/compare/v3.1.1...v3.1.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.1\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6\"\u003ehttps://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps-dev): bump tsd from 0.32.0 to 0.33.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/148\"\u003efastify/fast-uri#148\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/149\"\u003efastify/fast-uri#149\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(.npmrc): ignore scripts by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/150\"\u003efastify/fast-uri#150\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): remove \u003ccode\u003e@​fastify/pre-commit\u003c/code\u003e by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/151\"\u003efastify/fast-uri#151\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-node from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/152\"\u003efastify/fast-uri#152\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(ci): add concurrency config by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/153\"\u003efastify/fast-uri#153\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-node from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/154\"\u003efastify/fast-uri#154\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/156\"\u003efastify/fast-uri#156\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(license): standardise license notice by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/159\"\u003efastify/fast-uri#159\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003estyle: remove trailing whitespace by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/161\"\u003efastify/fast-uri#161\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: remove unused github files by \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/162\"\u003efastify/fast-uri#162\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: update readme by \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/164\"\u003efastify/fast-uri#164\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump fastify/workflows/.github/workflows/plugins-ci-package-manager.yml from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/165\"\u003efastify/fast-uri#165\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/166\"\u003efastify/fast-uri#166\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump neostandard from 0.12.2 to 0.13.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/167\"\u003efastify/fast-uri#167\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add lock-threads workflow by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/169\"\u003efastify/fast-uri#169\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/162\"\u003efastify/fast-uri#162\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.1\"\u003ehttps://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eci: remove master branch support by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/126\"\u003efastify/fast-uri#126\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(test) remove .gitkeep by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/128\"\u003efastify/fast-uri#128\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(ci): set job permissions by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/129\"\u003efastify/fast-uri#129\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: set permissions at workflow level by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/131\"\u003efastify/fast-uri#131\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: set workflow permissions to read-only by default by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/132\"\u003efastify/fast-uri#132\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(ci): restore job level permissions by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/133\"\u003efastify/fast-uri#133\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump tsd from 0.31.2 to 0.32.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/134\"\u003efastify/fast-uri#134\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(ci): pin actions to commit-hash by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/135\"\u003efastify/fast-uri#135\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add node 24 to test matrix by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/136\"\u003efastify/fast-uri#136\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/919dd8ea7689fcc220d0d9b71307f5095e723ef9\"\u003e\u003ccode\u003e919dd8e\u003c/code\u003e\u003c/a\u003e Bumped v3.1.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/c65ba573714af6b8e19e481d9444c27bc4355d07\"\u003e\u003ccode\u003ec65ba57\u003c/code\u003e\u003c/a\u003e fixup: linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/6c86c17c3d76fb93aa3700ec6c0fa00faeb97293\"\u003e\u003ccode\u003e6c86c17\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/a95158ad308df4d92bbde4eba699ce5165e9f796\"\u003e\u003ccode\u003ea95158a\u003c/code\u003e\u003c/a\u003e Handle malformed fragment decoding without throwing (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/171\"\u003e#171\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/cea547c91c6aae610041b17b75792ca4aa035a6d\"\u003e\u003ccode\u003ecea547c\u003c/code\u003e\u003c/a\u003e Bumped v3.1.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/876ce79b662c3e5015e4e7dffe6f37752ad34f35\"\u003e\u003ccode\u003e876ce79\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/dcdf690b71a7bb3a19887ada65a9ab160d83bcc0\"\u003e\u003ccode\u003edcdf690\u003c/code\u003e\u003c/a\u003e ci: add lock-threads workflow (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/169\"\u003e#169\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/c860e6589b1ac346f66e114b4eadb9613768108c\"\u003e\u003ccode\u003ec860e65\u003c/code\u003e\u003c/a\u003e build(deps-dev): bump neostandard from 0.12.2 to 0.13.0 (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/167\"\u003e#167\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/9b4c6dc82fde0ca44e674403ece9185d85bb6d5f\"\u003e\u003ccode\u003e9b4c6dc\u003c/code\u003e\u003c/a\u003e build(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/166\"\u003e#166\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/85d09a9f7aa76b32c2bb005a90a71e144c361d24\"\u003e\u003ccode\u003e85d09a9\u003c/code\u003e\u003c/a\u003e build(deps): bump fastify/workflows/.github/workflows/plugins-ci-package-mana...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.0.1...v3.1.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fast-xml-parser` from 4.5.0 to 4.5.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/releases\"\u003efast-xml-parser's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eSummary update on all the previous releases from v4.2.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMultiple minor fixes provided in the validator and parser\u003c/li\u003e\n\u003cli\u003ev6 is added for experimental use.\u003c/li\u003e\n\u003cli\u003eignoreAttributes support function, and array of string or regex\u003c/li\u003e\n\u003cli\u003eAdd support for parsing HTML numeric entities\u003c/li\u003e\n\u003cli\u003ev5 of the application is ESM module now. However, JS is also supported\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eNote\u003c/strong\u003e: Release section in not updated frequently. Please check \u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md\"\u003eCHANGELOG\u003c/a\u003e or \u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/tags\"\u003eTags\u003c/a\u003e for latest release information.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/42fbb0bc95e753e03fe52cb0805a8774bba4bf28\"\u003e\u003ccode\u003e42fbb0b\u003c/code\u003e\u003c/a\u003e update release info\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/805671cb6c19108b171b876cf3e8865f18cdb8fd\"\u003e\u003ccode\u003e805671c\u003c/code\u003e\u003c/a\u003e increase expansion limit as many system need it\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/9a2cf097c2961d4ad878f618e39fb0a9f5a0e9e5\"\u003e\u003ccode\u003e9a2cf09\u003c/code\u003e\u003c/a\u003e update version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/88d0936a23dabe51bfbf42255e2ce912dfee2221\"\u003e\u003ccode\u003e88d0936\u003c/code\u003e\u003c/a\u003e apply all fixes from v5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/d4eb6b4713a8d11e6730943392419040898ecbc0\"\u003e\u003ccode\u003ed4eb6b4\u003c/code\u003e\u003c/a\u003e update release version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/b1b9f633ff30cb4708337355c2789f08bc0558d2\"\u003e\u003ccode\u003eb1b9f63\u003c/code\u003e\u003c/a\u003e update release info\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/faccca126e1db96b90084adda6fbe2ea2ed434e7\"\u003e\u003ccode\u003efaccca1\u003c/code\u003e\u003c/a\u003e sync with v5.3.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/ab00cdc49c681b44effbe95d6ee4392616a74aaa\"\u003e\u003ccode\u003eab00cdc\u003c/code\u003e\u003c/a\u003e update package bundle for minor fixes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/57c61876b47be10616ba47da904c8add26efcb58\"\u003e\u003ccode\u003e57c6187\u003c/code\u003e\u003c/a\u003e Update ReadMe\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/caeda37ebd919c799bf06ccf2f80d1e90e99d474\"\u003e\u003ccode\u003ecaeda37\u003c/code\u003e\u003c/a\u003e fix: emit full JSON string from CLI when no output filename specified (\u003ca href=\"https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/710\"\u003e#710\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/compare/v4.5.0...v4.5.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `flatted` from 3.3.1 to 3.4.2\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/3bf09091c3562e17a0647bc06710dd6097079cf7\"\u003e\u003ccode\u003e3bf0909\u003c/code\u003e\u003c/a\u003e 3.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/885ddcc33cf9657caf38c57c7be45ae1c5272802\"\u003e\u003ccode\u003e885ddcc\u003c/code\u003e\u003c/a\u003e fix CWE-1321\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/0bdba705d130f00892b1b8fcc80cf4cdea0631e3\"\u003e\u003ccode\u003e0bdba70\u003c/code\u003e\u003c/a\u003e added flatted-view to the benchmark\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/2a02dce7c641dec31194c67663f9b0b12e62da20\"\u003e\u003ccode\u003e2a02dce\u003c/code\u003e\u003c/a\u003e 3.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/fba4e8f2e113665da275b19cd0f695f3d98e9416\"\u003e\u003ccode\u003efba4e8f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/WebReflection/flatted/issues/89\"\u003e#89\u003c/a\u003e from WebReflection/python-fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/5fe86485e6df7f7f34a07a2a85498bd3e17384e7\"\u003e\u003ccode\u003e5fe8648\u003c/code\u003e\u003c/a\u003e added \u0026quot;when in Rome\u0026quot; also a test for PHP\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/53517adbefe724fe472b2f9ebcdb01910d0ae3f0\"\u003e\u003ccode\u003e53517ad\u003c/code\u003e\u003c/a\u003e some minor improvement\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/b3e2a0c387bf446435fec45ad7f05299f012346f\"\u003e\u003ccode\u003eb3e2a0c\u003c/code\u003e\u003c/a\u003e Fixing recursion issue in Python too\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/c4b46dbcbf782326e54ea1b65d3ebb1dc7a23fad\"\u003e\u003ccode\u003ec4b46db\u003c/code\u003e\u003c/a\u003e Add SECURITY.md for security policy and reporting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/f86d071e0f70de5a7d8200198824a3f07fc9c988\"\u003e\u003ccode\u003ef86d071\u003c/code\u003e\u003c/a\u003e Create dependabot.yml for version updates\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/WebReflection/flatted/compare/v3.3.1...v3.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `follow-redirects` from 1.15.9 to 1.16.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/0c23a223067201c368035e82954c11eb2578a33b\"\u003e\u003ccode\u003e0c23a22\u003c/code\u003e\u003c/a\u003e Release version 1.16.0 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/844c4d302ac963d29bdb5dc1754ec7df3d70d7f9\"\u003e\u003ccode\u003e844c4d3\u003c/code\u003e\u003c/a\u003e Add sensitiveHeaders option.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5e8b8d024e2c76f804a284258e585ecb49a575be\"\u003e\u003ccode\u003e5e8b8d0\u003c/code\u003e\u003c/a\u003e ci: add Node.js 24.x to the CI matrix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7953e2255aa0b93602eed3804f3bc5e6923a03af\"\u003e\u003ccode\u003e7953e22\u003c/code\u003e\u003c/a\u003e ci: upgrade GitHub Actions to use setup-node@v6 and checkout@v6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/86dc1f86e4b56bcd642c78384d51f10f123aea75\"\u003e\u003ccode\u003e86dc1f8\u003c/code\u003e\u003c/a\u003e Sanitizing input.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/21ef28a544c5e57f4c34b8476d75f2144609a1eb\"\u003e\u003ccode\u003e21ef28a\u003c/code\u003e\u003c/a\u003e Release version 1.15.11 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7c88135da3bd0681a7e156ee66b16b2f6f98b480\"\u003e\u003ccode\u003e7c88135\u003c/code\u003e\u003c/a\u003e Roll back tree shaking.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/6e389ba094beec211a8847788a146917a16c1bdb\"\u003e\u003ccode\u003e6e389ba\u003c/code\u003e\u003c/a\u003e Release version 1.15.10 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5bc496e0229abda823221e0c6267926a3f93f262\"\u003e\u003ccode\u003e5bc496e\u003c/code\u003e\u003c/a\u003e Shake me up before you go-go.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/694d6b47a42bc8377e5ef1480394de451e16bd5b\"\u003e\u003ccode\u003e694d6b4\u003c/code\u003e\u003c/a\u003e Bump minimist from 1.2.5 to 1.2.8\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/follow-redirects/follow-redirects/compare/v1.15.9...v1.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `handlebars` from 4.7.8 to 4.7.9\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/handlebars-lang/handlebars.js/releases\"\u003ehandlebars's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.7.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: enable shell mode for spawn to resolve Windows EINVAL issue - e0137c2\u003c/li\u003e\n\u003cli\u003efix type \u0026quot;RuntimeOptions\u0026quot; also accepting string partials - eab1d14\u003c/li\u003e\n\u003cli\u003efeat(types): set \u003ccode\u003ehash\u003c/code\u003e to be a \u003ccode\u003eRecord\u0026lt;string, any\u0026gt;\u003c/code\u003e - de4414d\u003c/li\u003e\n\u003cli\u003efix non-contiguous program indices - 4512766\u003c/li\u003e\n\u003cli\u003erefactor: rename i to startPartIndex - e497a35\u003c/li\u003e\n\u003cli\u003esecurity: fix security issues - 68d8df5\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2w6w-674q-4c4q\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2w6w-674q-4c4q\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-3mfm-83xf-c92r\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-3mfm-83xf-c92r\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xhpv-hc6g-r9c6\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xhpv-hc6g-r9c6\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xjpj-3mr7-gcpf\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xjpj-3mr7-gcpf\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-9cx6-37pm-9jff\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-9cx6-37pm-9jff\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2qvq-rjwj-gvw9\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2qvq-rjwj-gvw9\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-7rx3-28cr-v5wh\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-7rx3-28cr-v5wh\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-442j-39wm-28r2\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-442j-39wm-28r2\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.8...v4.7.9\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/handlebars-lang/handlebars.js/blob/v4.7.9/release-notes.md\"\u003ehandlebars's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.7.9 - March 26th, 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: enable shell mode for spawn to resolve Windows EINVAL issue - e0137c2\u003c/li\u003e\n\u003cli\u003efix type \u0026quot;RuntimeOptions\u0026quot; also accepting string partials - eab1d14\u003c/li\u003e\n\u003cli\u003efeat(types): set \u003ccode\u003ehash\u003c/code\u003e to be a \u003ccode\u003eRecord\u0026lt;string, any\u0026gt;\u003c/code\u003e - de4414d\u003c/li\u003e\n\u003cli\u003efix non-contiguous program indices - 4512766\u003c/li\u003e\n\u003cli\u003erefactor: rename i to startPartIndex - e497a35\u003c/li\u003e\n\u003cli\u003esecurity: fix security issues - 68d8df5\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.8...v4.7.9\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/dce542c9a660048d31f0981ac8a45c08b919bddb\"\u003e\u003ccode\u003edce542c\u003c/code\u003e\u003c/a\u003e v4.7.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/8a41389ba5b2624b6f43a5463d8e2533b843a562\"\u003e\u003ccode\u003e8a41389\u003c/code\u003e\u003c/a\u003e Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/68d8df5a88e0a26fe9e6084c5c6aaebe67b07da2\"\u003e\u003ccode\u003e68d8df5\u003c/code\u003e\u003c/a\u003e Fix security issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/b2a083136b11e1da9f0f47a11f749a9830a49328\"\u003e\u003ccode\u003eb2a0831\u003c/code\u003e\u003c/a\u003e Fix browser tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/9f98c1629834abf8de5a127caff8a2eab03d2c12\"\u003e\u003ccode\u003e9f98c16\u003c/code\u003e\u003c/a\u003e Fix release script\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/45443b4290475dfb7cec32a85d344f12ab345eb9\"\u003e\u003ccode\u003e45443b4\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Improve partial indenting performance\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/8841a5f6d35096aee95d68e1e49636a4cb5c661e\"\u003e\u003ccode\u003e8841a5f\u003c/code\u003e\u003c/a\u003e Fix CI errors with linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/e0137c26f2202593bca7cc25184e733e87d54709\"\u003e\u003ccode\u003ee0137c2\u003c/code\u003e\u003c/a\u003e fix: enable shell mode for spawn to resolve Windows EINVAL issue\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/e914d6037ffb0dd371f7e4823cdb019732ae66d7\"\u003e\u003ccode\u003ee914d60\u003c/code\u003e\u003c/a\u003e Improve rendering performance\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/7de4b41c344a5d702edca93d1841b59642fa32bd\"\u003e\u003ccode\u003e7de4b41\u003c/code\u003e\u003c/a\u003e Upgrade GitHub Actions checkout and setup-node on 4.x branch\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.8...v4.7.9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jws` from 3.2.2 to 3.2.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/brianloveswords/node-jws/releases\"\u003ejws's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.2.3\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix advisory GHSA-869p-cjfg-cm3x: createSign and createVerify now require\nthat a non empty secret is provided (via opts.secret, opts.privateKey or opts.key)\nwhen using HMAC algorithms.\u003c/li\u003e\n\u003cli\u003eUpgrading JWA version to 1.4.2, addressing a compatibility issue for Node \u0026gt;= 25.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/auth0/node-jws/blob/master/CHANGELOG.md\"\u003ejws's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[3.2.3]\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix advisory GHSA-869p-cjfg-cm3x: createSign and createVerify now require\nthat a non empty secret is provided (via opts.secret, opts.privateKey or opts.key)\nwhen using HMAC algorithms.\u003c/li\u003e\n\u003cli\u003eUpgrading JWA version to 1.4.2, adressing a compatibility issue f...\n\n_Description has been truncated_","html_url":"https://github.com/theinsightcentre/generative-ai-google/pull/9","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/theinsightcentre%2Fgenerative-ai-google/issues/9","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/9/packages"}},{"old_version":"4.0.0","new_version":"4.0.1","update_type":"patch","path":null,"pr_created_at":"2026-05-27T01:07:43.000Z","version_change":"4.0.0 → 4.0.1","issue":{"uuid":"4528633867","node_id":"PR_kwDOC8MFD87fof8U","number":6352,"state":"open","title":"chore(deps): bump the minor-security group across 2 directories with 4 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":4,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-27T01:07:43.000Z","updated_at":"2026-05-27T01:11:01.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"minor-security","update_count":4,"packages":[{"name":"webpack","old_version":"5.98.0","new_version":"5.104.1","repository_url":"https://github.com/webpack/webpack"},{"name":"jws","old_version":"4.0.0","new_version":"4.0.1","repository_url":"https://github.com/brianloveswords/node-jws"},{"name":"markdown-it","old_version":"14.1.0","new_version":"14.2.0","repository_url":"https://github.com/markdown-it/markdown-it"},{"name":"webpack","old_version":"5.98.0","new_version":"5.104.1","repository_url":"https://github.com/webpack/webpack"},{"name":"validator","old_version":"13.9.0","new_version":"13.15.35","repository_url":"https://github.com/validatorjs/validator.js"}],"path":null,"ecosystem":"npm"},"body":"Bumps the minor-security group with 3 updates in the / directory: [webpack](https://github.com/webpack/webpack), [jws](https://github.com/brianloveswords/node-jws) and [markdown-it](https://github.com/markdown-it/markdown-it).\nBumps the minor-security group with 2 updates in the /api directory: [webpack](https://github.com/webpack/webpack) and [validator](https://github.com/validatorjs/validator.js).\n\nUpdates `webpack` from 5.98.0 to 5.104.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack/releases\"\u003ewebpack's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.104.1\u003c/h2\u003e\n\u003ch2\u003e5.104.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e2efd21b: Reexports runtime calculation should not accessing \u003cstrong\u003eWEBPACK_IMPORT_KEY\u003c/strong\u003e decl with var.\u003c/li\u003e\n\u003cli\u003ec510070: Fixed a user information bypass vulnerability in the HttpUriPlugin plugin.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.104.0\u003c/h2\u003e\n\u003ch2\u003e5.104.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ed3dd841: Use method shorthand to render module content in \u003ccode\u003e__webpack_modules__\u003c/code\u003e object.\u003c/li\u003e\n\u003cli\u003ed3dd841: Enhance \u003ccode\u003eimport.meta.env\u003c/code\u003e to support object access.\u003c/li\u003e\n\u003cli\u003e4baab4e: Optimize dependency sorting in updateParent: sort each module only once by deferring to finishUpdateParent(), and reduce traversal count in sortWithSourceOrder by caching WeakMap values upfront.\u003c/li\u003e\n\u003cli\u003e04cd530: Handle more at-rules for CSS modules.\u003c/li\u003e\n\u003cli\u003ecafae23: Added options to control the renaming of at-rules and various identifiers in CSS modules.\u003c/li\u003e\n\u003cli\u003ed3dd841: Added \u003ccode\u003ebase64url\u003c/code\u003e, \u003ccode\u003ebase62\u003c/code\u003e, \u003ccode\u003ebase58\u003c/code\u003e, \u003ccode\u003ebase52\u003c/code\u003e, \u003ccode\u003ebase49\u003c/code\u003e, \u003ccode\u003ebase36\u003c/code\u003e, \u003ccode\u003ebase32\u003c/code\u003e and \u003ccode\u003ebase25\u003c/code\u003e digests.\u003c/li\u003e\n\u003cli\u003e5983843: Provide a stable runtime function variable \u003ccode\u003e__webpack_global__\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003ed3dd841: Improved \u003ccode\u003elocalIdentName\u003c/code\u003e hashing for CSS.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e22c48fb: Added module existence check for informative error message in development mode.\u003c/li\u003e\n\u003cli\u003e50689e1: Use the fully qualified class name (or export name) for \u003ccode\u003e[fullhash]\u003c/code\u003e placeholder in CSS modules.\u003c/li\u003e\n\u003cli\u003ed3dd841: Support universal lazy compilation.\u003c/li\u003e\n\u003cli\u003ed3dd841: Fixed module library export definitions when multiple runtimes.\u003c/li\u003e\n\u003cli\u003ed3dd841: Fixed CSS nesting and CSS custom properties parsing.\u003c/li\u003e\n\u003cli\u003ed3dd841: Don't write fragment from URL to filename and apply fragment to module URL.\u003c/li\u003e\n\u003cli\u003eaab1da9: Fixed bugs for \u003ccode\u003ecss/global\u003c/code\u003e type.\u003c/li\u003e\n\u003cli\u003ed3dd841: Compatibility \u003ccode\u003eimport.meta.filename\u003c/code\u003e and \u003ccode\u003eimport.meta.dirname\u003c/code\u003e with \u003ccode\u003eeval\u003c/code\u003e devtools.\u003c/li\u003e\n\u003cli\u003ed3dd841: Handle nested \u003ccode\u003e__webpack_require__\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e728ddb7: The speed of identifier parsing has been improved.\u003c/li\u003e\n\u003cli\u003e0f8b31b: Improve types.\u003c/li\u003e\n\u003cli\u003ed3dd841: Don't corrupt \u003ccode\u003edebugId\u003c/code\u003e injection when \u003ccode\u003ehidden-source-map\u003c/code\u003e is used.\u003c/li\u003e\n\u003cli\u003e2179fdb: Re-validate HttpUriPlugin redirects against allowedUris, restrict to http(s) and add a conservative redirect limit to prevent SSRF and untrusted content inclusion. Redirects failing policy are rejected before caching/lockfile writes.\u003c/li\u003e\n\u003cli\u003ed3dd841: Serialize \u003ccode\u003eHookWebpackError\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003ed3dd841: Added ability to use built-in properties in dotenv and define plugin.\u003c/li\u003e\n\u003cli\u003e3c4319f: Optimizing the regular expression character class by specifying ranges for runtime code.\u003c/li\u003e\n\u003cli\u003ed3dd841: Reduce collision for local indent name in CSS.\u003c/li\u003e\n\u003cli\u003ed3dd841: Remove CSS link tags when CSS imports are removed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.103.0\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003eDotenvPlugin\u003c/code\u003e and top level \u003ccode\u003edotenv\u003c/code\u003e option to enable this plugin\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eWebpackManifestPlugin\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdded support the \u003ccode\u003eignoreList\u003c/code\u003e option in devtool plugins\u003c/li\u003e\n\u003cli\u003eAllow to use custom javascript parse function\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack/blob/main/CHANGELOG.md\"\u003ewebpack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.104.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e2efd21b: Reexports runtime calculation should not accessing \u003cstrong\u003eWEBPACK_IMPORT_KEY\u003c/strong\u003e decl with var.\u003c/li\u003e\n\u003cli\u003ec510070: Fixed a user information bypass vulnerability in the HttpUriPlugin plugin.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.104.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ed3dd841: Use method shorthand to render module content in \u003ccode\u003e__webpack_modules__\u003c/code\u003e object.\u003c/li\u003e\n\u003cli\u003ed3dd841: Enhance \u003ccode\u003eimport.meta.env\u003c/code\u003e to support object access.\u003c/li\u003e\n\u003cli\u003e4baab4e: Optimize dependency sorting in updateParent: sort each module only once by deferring to finishUpdateParent(), and reduce traversal count in sortWithSourceOrder by caching WeakMap values upfront.\u003c/li\u003e\n\u003cli\u003e04cd530: Handle more at-rules for CSS modules.\u003c/li\u003e\n\u003cli\u003ecafae23: Added options to control the renaming of at-rules and various identifiers in CSS modules.\u003c/li\u003e\n\u003cli\u003ed3dd841: Added \u003ccode\u003ebase64url\u003c/code\u003e, \u003ccode\u003ebase62\u003c/code\u003e, \u003ccode\u003ebase58\u003c/code\u003e, \u003ccode\u003ebase52\u003c/code\u003e, \u003ccode\u003ebase49\u003c/code\u003e, \u003ccode\u003ebase36\u003c/code\u003e, \u003ccode\u003ebase32\u003c/code\u003e and \u003ccode\u003ebase25\u003c/code\u003e digests.\u003c/li\u003e\n\u003cli\u003e5983843: Provide a stable runtime function variable \u003ccode\u003e__webpack_global__\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003ed3dd841: Improved \u003ccode\u003elocalIdentName\u003c/code\u003e hashing for CSS.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e22c48fb: Added module existence check for informative error message in development mode.\u003c/li\u003e\n\u003cli\u003e50689e1: Use the fully qualified class name (or export name) for \u003ccode\u003e[fullhash]\u003c/code\u003e placeholder in CSS modules.\u003c/li\u003e\n\u003cli\u003ed3dd841: Support universal lazy compilation.\u003c/li\u003e\n\u003cli\u003ed3dd841: Fixed module library export definitions when multiple runtimes.\u003c/li\u003e\n\u003cli\u003ed3dd841: Fixed CSS nesting and CSS custom properties parsing.\u003c/li\u003e\n\u003cli\u003ed3dd841: Don't write fragment from URL to filename and apply fragment to module URL.\u003c/li\u003e\n\u003cli\u003eaab1da9: Fixed bugs for \u003ccode\u003ecss/global\u003c/code\u003e type.\u003c/li\u003e\n\u003cli\u003ed3dd841: Compatibility \u003ccode\u003eimport.meta.filename\u003c/code\u003e and \u003ccode\u003eimport.meta.dirname\u003c/code\u003e with \u003ccode\u003eeval\u003c/code\u003e devtools.\u003c/li\u003e\n\u003cli\u003ed3dd841: Handle nested \u003ccode\u003e__webpack_require__\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e728ddb7: The speed of identifier parsing has been improved.\u003c/li\u003e\n\u003cli\u003e0f8b31b: Improve types.\u003c/li\u003e\n\u003cli\u003ed3dd841: Don't corrupt \u003ccode\u003edebugId\u003c/code\u003e injection when \u003ccode\u003ehidden-source-map\u003c/code\u003e is used.\u003c/li\u003e\n\u003cli\u003e2179fdb: Re-validate HttpUriPlugin redirects against allowedUris, restrict to http(s) and add a conservative redirect limit to prevent SSRF and untrusted content inclusion. Redirects failing policy are rejected before caching/lockfile writes.\u003c/li\u003e\n\u003cli\u003ed3dd841: Serialize \u003ccode\u003eHookWebpackError\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003ed3dd841: Added ability to use built-in properties in dotenv and define plugin.\u003c/li\u003e\n\u003cli\u003e3c4319f: Optimizing the regular expression character class by specifying ranges for runtime code.\u003c/li\u003e\n\u003cli\u003ed3dd841: Reduce collision for local indent name in CSS.\u003c/li\u003e\n\u003cli\u003ed3dd841: Remove CSS link tags when CSS imports are removed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/24e3c2d2c9f8c6d60810302b2ea70ed86e2863dc\"\u003e\u003ccode\u003e24e3c2d\u003c/code\u003e\u003c/a\u003e chore(release): new release (\u003ca href=\"https://redirect.github.com/webpack/webpack/issues/20253\"\u003e#20253\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/2efd21b0b06baa9b1a7f009b336379dcef24c1a5\"\u003e\u003ccode\u003e2efd21b\u003c/code\u003e\u003c/a\u003e fix(re-exports): reexports runtime calculation should not accessing `__WEBPAC...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/c5100702335a9cdcb75558ccd80def2329bd4abf\"\u003e\u003ccode\u003ec510070\u003c/code\u003e\u003c/a\u003e fix(security): userinfo bypass vulnerability in HttpUriPlugin allowedUris\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/4b0501c69700963bad1285b56f9cfa74704cb963\"\u003e\u003ccode\u003e4b0501c\u003c/code\u003e\u003c/a\u003e ci: fix release (\u003ca href=\"https://redirect.github.com/webpack/webpack/issues/20252\"\u003e#20252\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/0c213cecf2906bc41102c3a4cfdd1ad3522d0171\"\u003e\u003ccode\u003e0c213ce\u003c/code\u003e\u003c/a\u003e ci: use \u003ccode\u003e\\\u0026lt;@\u0026amp;1450591255485743204\u0026gt;\u003c/code\u003e over \u003ccode\u003e@here\u003c/code\u003e for discord notificationw\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/5bf8bc51bcfb49d25b73aae450b246cd8b8b423a\"\u003e\u003ccode\u003e5bf8bc5\u003c/code\u003e\u003c/a\u003e refactor: types for benchmarks and tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/505a5e744fbcf4471ddb534bf1d4aebea9643c1b\"\u003e\u003ccode\u003e505a5e7\u003c/code\u003e\u003c/a\u003e chore(release): new release (\u003ca href=\"https://redirect.github.com/webpack/webpack/issues/20188\"\u003e#20188\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/0c066808d59e4f9406e11bab4ffa2e0feacbd0e2\"\u003e\u003ccode\u003e0c06680\u003c/code\u003e\u003c/a\u003e refactor: update eslint configuration\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/2eb0d6a410513960bd7d65bf15baf15704a612eb\"\u003e\u003ccode\u003e2eb0d6a\u003c/code\u003e\u003c/a\u003e ci: release announcement (\u003ca href=\"https://redirect.github.com/webpack/webpack/issues/20238\"\u003e#20238\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/b2b24590a08755b706d2009ca97a226addf9e83b\"\u003e\u003ccode\u003eb2b2459\u003c/code\u003e\u003c/a\u003e ci: cancel in progress (\u003ca href=\"https://redirect.github.com/webpack/webpack/issues/20239\"\u003e#20239\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/webpack/webpack/compare/v5.98.0...v5.104.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jws` from 4.0.0 to 4.0.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/brianloveswords/node-jws/releases\"\u003ejws's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.0.1\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix advisory GHSA-869p-cjfg-cm3x: createSign and createVerify now require\nthat a non empty secret is provided (via opts.secret, opts.privateKey or opts.key)\nwhen using HMAC algorithms.\u003c/li\u003e\n\u003cli\u003eUpgrading JWA version to 2.0.1, addressing a compatibility issue for Node \u0026gt;= 25.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/auth0/node-jws/blob/master/CHANGELOG.md\"\u003ejws's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[4.0.1]\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix advisory GHSA-869p-cjfg-cm3x: createSign and createVerify now require\nthat a non empty secret is provided (via opts.secret, opts.privateKey or opts.key)\nwhen using HMAC algorithms.\u003c/li\u003e\n\u003cli\u003eUpgrading JWA version to 2.0.1, adressing a compatibility issue for Node \u0026gt;= 25.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.2.3]\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix advisory GHSA-869p-cjfg-cm3x: createSign and createVerify now require\nthat a non empty secret is provided (via opts.secret, opts.privateKey or opts.key)\nwhen using HMAC algorithms.\u003c/li\u003e\n\u003cli\u003eUpgrading JWA version to 1.4.2, adressing a compatibility issue for Node \u0026gt;= 25.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.0.0]\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eBREAKING\u003c/strong\u003e: \u003ccode\u003ejwt.verify\u003c/code\u003e now requires an \u003ccode\u003ealgorithm\u003c/code\u003e parameter, and\n\u003ccode\u003ejws.createVerify\u003c/code\u003e requires an \u003ccode\u003ealgorithm\u003c/code\u003e option. The \u003ccode\u003e\u0026quot;alg\u0026quot;\u003c/code\u003e field\nsignature headers is ignored. This mitigates a critical security flaw\nin the library which would allow an attacker to generate signatures with\narbitrary contents that would be accepted by \u003ccode\u003ejwt.verify\u003c/code\u003e. See\n\u003ca href=\"https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/\"\u003ehttps://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/\u003c/a\u003e\nfor details.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/brianloveswords/node-jws/compare/v1.0.1...v2.0.0\"\u003e2.0.0\u003c/a\u003e - 2015-01-30\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eBREAKING\u003c/strong\u003e: Default payload encoding changed from \u003ccode\u003ebinary\u003c/code\u003e to\n\u003ccode\u003eutf8\u003c/code\u003e. \u003ccode\u003eutf8\u003c/code\u003e is a is a more sensible default than \u003ccode\u003ebinary\u003c/code\u003e because\nmany payloads, as far as I can tell, will contain user-facing\nstrings that could be in any language. (\u003c!-- raw HTML omitted --\u003e[6b6de48]\u003c!-- raw HTML omitted --\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCode reorganization, thanks [\u003ca href=\"https://github.com/fearphage\"\u003e\u003ccode\u003e@​fearphage\u003c/code\u003e\u003c/a\u003e]! (\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/brianloveswords/node-jws/commit/7880050\"\u003e7880050\u003c/a\u003e\u003c!-- raw HTML omitted --\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eOption in all relevant methods for \u003ccode\u003eencoding\u003c/code\u003e. For those few users\nthat might be depending on a \u003ccode\u003ebinary\u003c/code\u003e encoding of the messages, this\nis for them. (\u003c!-- raw HTML omitted --\u003e[6b6de48]\u003c!-- raw HTML omitted --\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/auth0/node-jws/commit/34c45b2c04434f925b638de6a061de9339c0ea2e\"\u003e\u003ccode\u003e34c45b2\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/auth0/node-jws/commit/49bc39b1f5509a630e0c6849527d8bc66b29ddf5\"\u003e\u003ccode\u003e49bc39b\u003c/code\u003e\u003c/a\u003e version 4.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/auth0/node-jws/commit/d42350ccab74db06c95f2279d1674d7d6a1692f4\"\u003e\u003ccode\u003ed42350c\u003c/code\u003e\u003c/a\u003e Enhance tests for HMAC streaming sign and verify\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/auth0/node-jws/commit/5cb007cf826c70f178c9975d31e949adff75e61b\"\u003e\u003ccode\u003e5cb007c\u003c/code\u003e\u003c/a\u003e Improve secretOrKey initialization in VerifyStream\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/auth0/node-jws/commit/f9a2e1c8c61ed80d1aa97f03ec32ccb920cf51cb\"\u003e\u003ccode\u003ef9a2e1c\u003c/code\u003e\u003c/a\u003e Improve secret handling in SignStream\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/auth0/node-jws/commit/b9fb8d30e9c009ade6379f308590f1b0703eefc3\"\u003e\u003ccode\u003eb9fb8d3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/brianloveswords/node-jws/issues/102\"\u003e#102\u003c/a\u003e from auth0/SRE-57-Upload-opslevel-yaml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/auth0/node-jws/commit/95b75ee56c64d4f8c09c70e9e9662d813bab5685\"\u003e\u003ccode\u003e95b75ee\u003c/code\u003e\u003c/a\u003e Upload OpsLevel YAML\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/auth0/node-jws/commit/8857ee77623104e5cf9955932165ddf9cea1b72c\"\u003e\u003ccode\u003e8857ee7\u003c/code\u003e\u003c/a\u003e test: remove unused variable (\u003ca href=\"https://redirect.github.com/brianloveswords/node-jws/issues/96\"\u003e#96\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/brianloveswords/node-jws/compare/v4.0.0...v4.0.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~julien.wollscheid\"\u003ejulien.wollscheid\u003c/a\u003e, a new releaser for jws since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `markdown-it` from 14.1.0 to 14.2.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/markdown-it/markdown-it/blob/master/CHANGELOG.md\"\u003emarkdown-it's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[14.2.0] - 2026-05-24\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eisPunctCharCode\u003c/code\u003e to utilities.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDon't end HTML comment blocks on a blank line, \u003ca href=\"https://redirect.github.com/markdown-it/markdown-it/issues/1155\"\u003e#1155\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eProperly recognize astral chars (surrogates) in delimiter scans for\nemphasis-like markers, \u003ca href=\"https://redirect.github.com/markdown-it/markdown-it/issues/1072\"\u003e#1072\u003c/a\u003e. Big thanks to \u003ca href=\"https://github.com/tats-u\"\u003e\u003ccode\u003e@​tats-u\u003c/code\u003e\u003c/a\u003e for his global efforts\nwith improving CJK support.\u003c/li\u003e\n\u003cli\u003ePreserve unicode whitespaces when trimm headings/paragraphs, \u003ca href=\"https://redirect.github.com/markdown-it/markdown-it/issues/1074\"\u003e#1074\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eMore strict entities decode to avoid false positives \u003ccode\u003e;\u003c/code\u003e, \u003ca href=\"https://redirect.github.com/markdown-it/markdown-it/issues/1096\"\u003e#1096\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eRestore block parser state on fail in \u003ccode\u003elheading\u003c/code\u003e rule, \u003ca href=\"https://redirect.github.com/markdown-it/markdown-it/issues/1131\"\u003e#1131\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed poor smartquotes perfomance on \u0026gt; 70k quotes in single block\u003c/li\u003e\n\u003cli\u003eBumped linkify-it to 5.0.1 with fixed potential perfomance issues.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[14.1.1] - 2026-01-11\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed regression from v13 in linkify inline rule. Specific patterns could\ncause high CPU use. Thanks to \u003ca href=\"https://github.com/ltduc147\"\u003e\u003ccode\u003e@​ltduc147\u003c/code\u003e\u003c/a\u003e for report.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/markdown-it/markdown-it/commit/829797aa00353ce0b62ddeb9b4583b837b1ffd9b\"\u003e\u003ccode\u003e829797a\u003c/code\u003e\u003c/a\u003e 14.2.0 released\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/markdown-it/markdown-it/commit/9ce2087562c45d1e5ddd9f76b990f4b3fbe040e5\"\u003e\u003ccode\u003e9ce2087\u003c/code\u003e\u003c/a\u003e Fix smartquotes perfomance\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/markdown-it/markdown-it/commit/02e73b88fdbaddf7ecee7e567a3da62b98e57a4d\"\u003e\u003ccode\u003e02e73b8\u003c/code\u003e\u003c/a\u003e linkify-it bump\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/markdown-it/markdown-it/commit/68cfb8c0792ba87992d21ffb4d22ee6cf635afb7\"\u003e\u003ccode\u003e68cfb8c\u003c/code\u003e\u003c/a\u003e fix: don't end HTML comment blocks on a blank line (\u003ca href=\"https://redirect.github.com/markdown-it/markdown-it/issues/1155\"\u003e#1155\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/markdown-it/markdown-it/commit/108313756cfffba31166df0140e27dd58e4da115\"\u003e\u003ccode\u003e1083137\u003c/code\u003e\u003c/a\u003e Readme cleanup\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/markdown-it/markdown-it/commit/97c7ca2571f4255ff1d0f465958dda5293d20fe8\"\u003e\u003ccode\u003e97c7ca2\u003c/code\u003e\u003c/a\u003e Update funding info\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/markdown-it/markdown-it/commit/c471b55c10501aba7b62817df613adc5f451da43\"\u003e\u003ccode\u003ec471b55\u003c/code\u003e\u003c/a\u003e Changelog update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/markdown-it/markdown-it/commit/77696210d1c7c56e4ffd49ff28ba15b460cb01e4\"\u003e\u003ccode\u003e7769621\u003c/code\u003e\u003c/a\u003e isPunctChar =\u0026gt; isPunctCharCode\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/markdown-it/markdown-it/commit/aa2aa70b3001ed6aea67c22f1ff52e1ca158d2e1\"\u003e\u003ccode\u003eaa2aa70\u003c/code\u003e\u003c/a\u003e fix: always reset parentType in lheading rule (\u003ca href=\"https://redirect.github.com/markdown-it/markdown-it/issues/1131\"\u003e#1131\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/markdown-it/markdown-it/commit/59955f2ad35cbb0e3f41ad779c7363a94b4bf38e\"\u003e\u003ccode\u003e59955f2\u003c/code\u003e\u003c/a\u003e Polish PRs \u003ca href=\"https://redirect.github.com/markdown-it/markdown-it/issues/1072\"\u003e#1072\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/markdown-it/markdown-it/issues/1074\"\u003e#1074\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/markdown-it/markdown-it/compare/14.1.0...14.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `webpack` from 5.98.0 to 5.104.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack/releases\"\u003ewebpack's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.104.1\u003c/h2\u003e\n\u003ch2\u003e5.104.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e2efd21b: Reexports runtime calculation should not accessing \u003cstrong\u003eWEBPACK_IMPORT_KEY\u003c/strong\u003e decl with var.\u003c/li\u003e\n\u003cli\u003ec510070: Fixed a user information bypass vulnerability in the HttpUriPlugin plugin.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.104.0\u003c/h2\u003e\n\u003ch2\u003e5.104.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ed3dd841: Use method shorthand to render module content in \u003ccode\u003e__webpack_modules__\u003c/code\u003e object.\u003c/li\u003e\n\u003cli\u003ed3dd841: Enhance \u003ccode\u003eimport.meta.env\u003c/code\u003e to support object access.\u003c/li\u003e\n\u003cli\u003e4baab4e: Optimize dependency sorting in updateParent: sort each module only once by deferring to finishUpdateParent(), and reduce traversal count in sortWithSourceOrder by caching WeakMap values upfront.\u003c/li\u003e\n\u003cli\u003e04cd530: Handle more at-rules for CSS modules.\u003c/li\u003e\n\u003cli\u003ecafae23: Added options to control the renaming of at-rules and various identifiers in CSS modules.\u003c/li\u003e\n\u003cli\u003ed3dd841: Added \u003ccode\u003ebase64url\u003c/code\u003e, \u003ccode\u003ebase62\u003c/code\u003e, \u003ccode\u003ebase58\u003c/code\u003e, \u003ccode\u003ebase52\u003c/code\u003e, \u003ccode\u003ebase49\u003c/code\u003e, \u003ccode\u003ebase36\u003c/code\u003e, \u003ccode\u003ebase32\u003c/code\u003e and \u003ccode\u003ebase25\u003c/code\u003e digests.\u003c/li\u003e\n\u003cli\u003e5983843: Provide a stable runtime function variable \u003ccode\u003e__webpack_global__\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003ed3dd841: Improved \u003ccode\u003elocalIdentName\u003c/code\u003e hashing for CSS.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e22c48fb: Added module existence check for informative error message in development mode.\u003c/li\u003e\n\u003cli\u003e50689e1: Use the fully qualified class name (or export name) for \u003ccode\u003e[fullhash]\u003c/code\u003e placeholder in CSS modules.\u003c/li\u003e\n\u003cli\u003ed3dd841: Support universal lazy compilation.\u003c/li\u003e\n\u003cli\u003ed3dd841: Fixed module library export definitions when multiple runtimes.\u003c/li\u003e\n\u003cli\u003ed3dd841: Fixed CSS nesting and CSS custom properties parsing.\u003c/li\u003e\n\u003cli\u003ed3dd841: Don't write fragment from URL to filename and apply fragment to module URL.\u003c/li\u003e\n\u003cli\u003eaab1da9: Fixed bugs for \u003ccode\u003ecss/global\u003c/code\u003e type.\u003c/li\u003e\n\u003cli\u003ed3dd841: Compatibility \u003ccode\u003eimport.meta.filename\u003c/code\u003e and \u003ccode\u003eimport.meta.dirname\u003c/code\u003e with \u003ccode\u003eeval\u003c/code\u003e devtools.\u003c/li\u003e\n\u003cli\u003ed3dd841: Handle nested \u003ccode\u003e__webpack_require__\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e728ddb7: The speed of identifier parsing has been improved.\u003c/li\u003e\n\u003cli\u003e0f8b31b: Improve types.\u003c/li\u003e\n\u003cli\u003ed3dd841: Don't corrupt \u003ccode\u003edebugId\u003c/code\u003e injection when \u003ccode\u003ehidden-source-map\u003c/code\u003e is used.\u003c/li\u003e\n\u003cli\u003e2179fdb: Re-validate HttpUriPlugin redirects against allowedUris, restrict to http(s) and add a conservative redirect limit to prevent SSRF and untrusted content inclusion. Redirects failing policy are rejected before caching/lockfile writes.\u003c/li\u003e\n\u003cli\u003ed3dd841: Serialize \u003ccode\u003eHookWebpackError\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003ed3dd841: Added ability to use built-in properties in dotenv and define plugin.\u003c/li\u003e\n\u003cli\u003e3c4319f: Optimizing the regular expression character class by specifying ranges for runtime code.\u003c/li\u003e\n\u003cli\u003ed3dd841: Reduce collision for local indent name in CSS.\u003c/li\u003e\n\u003cli\u003ed3dd841: Remove CSS link tags when CSS imports are removed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.103.0\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003eDotenvPlugin\u003c/code\u003e and top level \u003ccode\u003edotenv\u003c/code\u003e option to enable this plugin\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eWebpackManifestPlugin\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdded support the \u003ccode\u003eignoreList\u003c/code\u003e option in devtool plugins\u003c/li\u003e\n\u003cli\u003eAllow to use custom javascript parse function\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack/blob/main/CHANGELOG.md\"\u003ewebpack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.104.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e2efd21b: Reexports runtime calculation should not accessing \u003cstrong\u003eWEBPACK_IMPORT_KEY\u003c/strong\u003e decl with var.\u003c/li\u003e\n\u003cli\u003ec510070: Fixed a user information bypass vulnerability in the HttpUriPlugin plugin.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.104.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ed3dd841: Use method shorthand to render module content in \u003ccode\u003e__webpack_modules__\u003c/code\u003e object.\u003c/li\u003e\n\u003cli\u003ed3dd841: Enhance \u003ccode\u003eimport.meta.env\u003c/code\u003e to support object access.\u003c/li\u003e\n\u003cli\u003e4baab4e: Optimize dependency sorting in updateParent: sort each module only once by deferring to finishUpdateParent(), and reduce traversal count in sortWithSourceOrder by caching WeakMap values upfront.\u003c/li\u003e\n\u003cli\u003e04cd530: Handle more at-rules for CSS modules.\u003c/li\u003e\n\u003cli\u003ecafae23: Added options to control the renaming of at-rules and various identifiers in CSS modules.\u003c/li\u003e\n\u003cli\u003ed3dd841: Added \u003ccode\u003ebase64url\u003c/code\u003e, \u003ccode\u003ebase62\u003c/code\u003e, \u003ccode\u003ebase58\u003c/code\u003e, \u003ccode\u003ebase52\u003c/code\u003e, \u003ccode\u003ebase49\u003c/code\u003e, \u003ccode\u003ebase36\u003c/code\u003e, \u003ccode\u003ebase32\u003c/code\u003e and \u003ccode\u003ebase25\u003c/code\u003e digests.\u003c/li\u003e\n\u003cli\u003e5983843: Provide a stable runtime function variable \u003ccode\u003e__webpack_global__\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003ed3dd841: Improved \u003ccode\u003elocalIdentName\u003c/code\u003e hashing for CSS.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e22c48fb: Added module existence check for informative error message in development mode.\u003c/li\u003e\n\u003cli\u003e50689e1: Use the fully qualified class name (or export name) for \u003ccode\u003e[fullhash]\u003c/code\u003e placeholder in CSS modules.\u003c/li\u003e\n\u003cli\u003ed3dd841: Support universal lazy compilation.\u003c/li\u003e\n\u003cli\u003ed3dd841: Fixed module library export definitions when multiple runtimes.\u003c/li\u003e\n\u003cli\u003ed3dd841: Fixed CSS nesting and CSS custom properties parsing.\u003c/li\u003e\n\u003cli\u003ed3dd841: Don't write fragment from URL to filename and apply fragment to module URL.\u003c/li\u003e\n\u003cli\u003eaab1da9: Fixed bugs for \u003ccode\u003ecss/global\u003c/code\u003e type.\u003c/li\u003e\n\u003cli\u003ed3dd841: Compatibility \u003ccode\u003eimport.meta.filename\u003c/code\u003e and \u003ccode\u003eimport.meta.dirname\u003c/code\u003e with \u003ccode\u003eeval\u003c/code\u003e devtools.\u003c/li\u003e\n\u003cli\u003ed3dd841: Handle nested \u003ccode\u003e__webpack_require__\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e728ddb7: The speed of identifier parsing has been improved.\u003c/li\u003e\n\u003cli\u003e0f8b31b: Improve types.\u003c/li\u003e\n\u003cli\u003ed3dd841: Don't corrupt \u003ccode\u003edebugId\u003c/code\u003e injection when \u003ccode\u003ehidden-source-map\u003c/code\u003e is used.\u003c/li\u003e\n\u003cli\u003e2179fdb: Re-validate HttpUriPlugin redirects against allowedUris, restrict to http(s) and add a conservative redirect limit to prevent SSRF and untrusted content inclusion. Redirects failing policy are rejected before caching/lockfile writes.\u003c/li\u003e\n\u003cli\u003ed3dd841: Serialize \u003ccode\u003eHookWebpackError\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003ed3dd841: Added ability to use built-in properties in dotenv and define plugin.\u003c/li\u003e\n\u003cli\u003e3c4319f: Optimizing the regular expression character class by specifying ranges for runtime code.\u003c/li\u003e\n\u003cli\u003ed3dd841: Reduce collision for local indent name in CSS.\u003c/li\u003e\n\u003cli\u003ed3dd841: Remove CSS link tags when CSS imports are removed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/24e3c2d2c9f8c6d60810302b2ea70ed86e2863dc\"\u003e\u003ccode\u003e24e3c2d\u003c/code\u003e\u003c/a\u003e chore(release): new release (\u003ca href=\"https://redirect.github.com/webpack/webpack/issues/20253\"\u003e#20253\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/2efd21b0b06baa9b1a7f009b336379dcef24c1a5\"\u003e\u003ccode\u003e2efd21b\u003c/code\u003e\u003c/a\u003e fix(re-exports): reexports runtime calculation should not accessing `__WEBPAC...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/c5100702335a9cdcb75558ccd80def2329bd4abf\"\u003e\u003ccode\u003ec510070\u003c/code\u003e\u003c/a\u003e fix(security): userinfo bypass vulnerability in HttpUriPlugin allowedUris\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/4b0501c69700963bad1285b56f9cfa74704cb963\"\u003e\u003ccode\u003e4b0501c\u003c/code\u003e\u003c/a\u003e ci: fix release (\u003ca href=\"https://redirect.github.com/webpack/webpack/issues/20252\"\u003e#20252\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/0c213cecf2906bc41102c3a4cfdd1ad3522d0171\"\u003e\u003ccode\u003e0c213ce\u003c/code\u003e\u003c/a\u003e ci: use \u003ccode\u003e\\\u0026lt;@\u0026amp;1450591255485743204\u0026gt;\u003c/code\u003e over \u003ccode\u003e@here\u003c/code\u003e for discord notificationw\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/5bf8bc51bcfb49d25b73aae450b246cd8b8b423a\"\u003e\u003ccode\u003e5bf8bc5\u003c/code\u003e\u003c/a\u003e refactor: types for benchmarks and tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/505a5e744fbcf4471ddb534bf1d4aebea9643c1b\"\u003e\u003ccode\u003e505a5e7\u003c/code\u003e\u003c/a\u003e chore(release): new release (\u003ca href=\"https://redirect.github.com/webpack/webpack/issues/20188\"\u003e#20188\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/0c066808d59e4f9406e11bab4ffa2e0feacbd0e2\"\u003e\u003ccode\u003e0c06680\u003c/code\u003e\u003c/a\u003e refactor: update eslint configuration\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/2eb0d6a410513960bd7d65bf15baf15704a612eb\"\u003e\u003ccode\u003e2eb0d6a\u003c/code\u003e\u003c/a\u003e ci: release announcement (\u003ca href=\"https://redirect.github.com/webpack/webpack/issues/20238\"\u003e#20238\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/b2b24590a08755b706d2009ca97a226addf9e83b\"\u003e\u003ccode\u003eb2b2459\u003c/code\u003e\u003c/a\u003e ci: cancel in progress (\u003ca href=\"https://redirect.github.com/webpack/webpack/issues/20239\"\u003e#20239\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/webpack/webpack/compare/v5.98.0...v5.104.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `validator` from 13.9.0 to 13.15.35\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/validatorjs/validator.js/releases\"\u003evalidator's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e13.15.35\u003c/h2\u003e\n\u003ch3\u003eFixes, New Locales and Enhancements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2663\"\u003e#2663\u003c/a\u003e \u003ccode\u003eisISO31661Alpha2\u003c/code\u003e/\u003ccode\u003eisISO31661Alpha3\u003c/code\u003e: add support for Kosovo (\u003ccode\u003eXK\u003c/code\u003e / \u003ccode\u003eXXK\u003c/code\u003e) \u003ca href=\"https://github.com/johanpoirier-d4\"\u003e\u003ccode\u003e@​johanpoirier-d4\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2661\"\u003e#2661\u003c/a\u003e \u003ccode\u003eisHexColor\u003c/code\u003e: ignore non-object options \u003ca href=\"https://github.com/yuna0831\"\u003e\u003ccode\u003e@​yuna0831\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eisTaxID\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2644\"\u003e#2644\u003c/a\u003e improve \u003ccode\u003ept-BR\u003c/code\u003e locale by adding support for alphanumeric CNPJ format \u003ca href=\"https://github.com/easedu\"\u003e\u003ccode\u003e@​easedu\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2675\"\u003e#2675\u003c/a\u003e improve \u003ccode\u003ept-BR\u003c/code\u003e locale by adding support for formatted CPF values \u003ca href=\"https://github.com/easedu\"\u003e\u003ccode\u003e@​easedu\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2643\"\u003e#2643\u003c/a\u003e \u003ccode\u003eisPassportNumber\u003c/code\u003e: improve \u003ccode\u003eMX\u003c/code\u003e locale \u003ca href=\"https://github.com/jesroffrouk\"\u003e\u003ccode\u003e@​jesroffrouk\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2676\"\u003e#2676\u003c/a\u003e \u003ccode\u003eisMobilePhone\u003c/code\u003e: add \u003ccode\u003efr-DJ\u003c/code\u003e locale \u003ca href=\"https://github.com/Kartikeya-guthub\"\u003e\u003ccode\u003e@​Kartikeya-guthub\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2682\"\u003e#2682\u003c/a\u003e \u003ccode\u003eisPostalCode\u003c/code\u003e: add \u003ccode\u003eMC\u003c/code\u003e locale \u003ca href=\"https://github.com/moogblob\"\u003e\u003ccode\u003e@​moogblob\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2690\"\u003e#2690\u003c/a\u003e \u003ccode\u003eisJSON\u003c/code\u003e: allow any valid JSON value to pass \u003ca href=\"https://github.com/relu91\"\u003e\u003ccode\u003e@​relu91\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2693\"\u003e#2693\u003c/a\u003e \u003ccode\u003eisSlug\u003c/code\u003e: restrict allowed characters to valid slug charset \u003ca href=\"https://github.com/Shrawak\"\u003e\u003ccode\u003e@​Shrawak\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDoc fixes and others:\u003c/strong\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2658\"\u003e#2658\u003c/a\u003e \u003ca href=\"https://github.com/Manaskarthik28\"\u003e\u003ccode\u003e@​Manaskarthik28\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2592\"\u003e#2592\u003c/a\u003e \u003ca href=\"https://github.com/noritaka1166\"\u003e\u003ccode\u003e@​noritaka1166\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2591\"\u003e#2591\u003c/a\u003e \u003ca href=\"https://github.com/noritaka1166\"\u003e\u003ccode\u003e@​noritaka1166\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Manaskarthik28\"\u003e\u003ccode\u003e@​Manaskarthik28\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2658\"\u003evalidatorjs/validator.js#2658\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/johanpoirier-d4\"\u003e\u003ccode\u003e@​johanpoirier-d4\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2663\"\u003evalidatorjs/validator.js#2663\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yuna0831\"\u003e\u003ccode\u003e@​yuna0831\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2661\"\u003evalidatorjs/validator.js#2661\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/easedu\"\u003e\u003ccode\u003e@​easedu\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2644\"\u003evalidatorjs/validator.js#2644\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jesroffrouk\"\u003e\u003ccode\u003e@​jesroffrouk\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2643\"\u003evalidatorjs/validator.js#2643\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kartikeya-guthub\"\u003e\u003ccode\u003e@​Kartikeya-guthub\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2676\"\u003evalidatorjs/validator.js#2676\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moogblob\"\u003e\u003ccode\u003e@​moogblob\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2682\"\u003evalidatorjs/validator.js#2682\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/noritaka1166\"\u003e\u003ccode\u003e@​noritaka1166\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2592\"\u003evalidatorjs/validator.js#2592\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/relu91\"\u003e\u003ccode\u003e@​relu91\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2690\"\u003evalidatorjs/validator.js#2690\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Shrawak\"\u003e\u003ccode\u003e@​Shrawak\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2693\"\u003evalidatorjs/validator.js#2693\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/validatorjs/validator.js/compare/13.15.26...13.15.35\"\u003ehttps://github.com/validatorjs/validator.js/compare/13.15.26...13.15.35\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e13.15.26\u003c/h2\u003e\n\u003ch3\u003eFixes, New Locales and Enhancements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2535\"\u003e#2535\u003c/a\u003e \u003ccode\u003eisHexColor\u003c/code\u003e: add \u003ccode\u003erequire_hashtag\u003c/code\u003e option \u003ca href=\"https://github.com/Numbers0689\"\u003e\u003ccode\u003e@​Numbers0689\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2633\"\u003e#2633\u003c/a\u003e \u003ccode\u003eisURL\u003c/code\u003e: handle possible bypass with URL-encoded content \u003ca href=\"https://github.com/WikiRik\"\u003e\u003ccode\u003e@​WikiRik\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2634\"\u003e#2634\u003c/a\u003e \u003ccode\u003eisIBAN\u003c/code\u003e: improve \u003ccode\u003eIR\u003c/code\u003e locale \u003ca href=\"https://github.com/ds1371dani\"\u003e\u003ccode\u003e@​ds1371dani\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDoc fixes and others:\u003c/strong\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2640\"\u003e#2640\u003c/a\u003e \u003ca href=\"https://github.com/WikiRik\"\u003e\u003ccode\u003e@​WikiRik\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ds1371dani\"\u003e\u003ccode\u003e@​ds1371dani\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2634\"\u003evalidatorjs/validator.js#2634\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Numbers0689\"\u003e\u003ccode\u003e@​Numbers0689\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2535\"\u003evalidatorjs/validator.js#2535\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/validatorjs/validator.js/compare/13.15.23...13.15.26\"\u003ehttps://github.com/validatorjs/validator.js/compare/13.15.23...13.15.26\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e13.15.23\u003c/h2\u003e\n\u003ch3\u003eFixes, New Locales and Enhancements\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/validatorjs/validator.js/blob/master/CHANGELOG.md\"\u003evalidator's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e13.15.35\u003c/h1\u003e\n\u003ch3\u003eFixes, New Locales and Enhancements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2663\"\u003e#2663\u003c/a\u003e \u003ccode\u003eisISO31661Alpha2\u003c/code\u003e/\u003ccode\u003eisISO31661Alpha3\u003c/code\u003e: add support for Kosovo (\u003ccode\u003eXK\u003c/code\u003e / \u003ccode\u003eXXK\u003c/code\u003e) \u003ca href=\"https://github.com/johanpoirier-d4\"\u003e\u003ccode\u003e@​johanpoirier-d4\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2661\"\u003e#2661\u003c/a\u003e \u003ccode\u003eisHexColor\u003c/code\u003e: ignore non-object options \u003ca href=\"https://github.com/yuna0831\"\u003e\u003ccode\u003e@​yuna0831\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eisTaxID\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2644\"\u003e#2644\u003c/a\u003e improve \u003ccode\u003ept-BR\u003c/code\u003e locale by adding support for alphanumeric CNPJ format \u003ca href=\"https://github.com/easedu\"\u003e\u003ccode\u003e@​easedu\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2675\"\u003e#2675\u003c/a\u003e improve \u003ccode\u003ept-BR\u003c/code\u003e locale by adding support for formatted CPF values \u003ca href=\"https://github.com/easedu\"\u003e\u003ccode\u003e@​easedu\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2643\"\u003e#2643\u003c/a\u003e \u003ccode\u003eisPassportNumber\u003c/code\u003e: improve \u003ccode\u003eMX\u003c/code\u003e locale \u003ca href=\"https://github.com/jesroffrouk\"\u003e\u003ccode\u003e@​jesroffrouk\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2676\"\u003e#2676\u003c/a\u003e \u003ccode\u003eisMobilePhone\u003c/code\u003e: add \u003ccode\u003efr-DJ\u003c/code\u003e locale \u003ca href=\"https://github.com/Kartikeya-guthub\"\u003e\u003ccode\u003e@​Kartikeya-guthub\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2682\"\u003e#2682\u003c/a\u003e \u003ccode\u003eisPostalCode\u003c/code\u003e: add \u003ccode\u003eMC\u003c/code\u003e locale \u003ca href=\"https://github.com/moogblob\"\u003e\u003ccode\u003e@​moogblob\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2690\"\u003e#2690\u003c/a\u003e \u003ccode\u003eisJSON\u003c/code\u003e: allow any valid JSON value to pass \u003ca href=\"https://github.com/relu91\"\u003e\u003ccode\u003e@​relu91\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2693\"\u003e#2693\u003c/a\u003e \u003ccode\u003eisSlug\u003c/code\u003e: restrict allowed characters to valid slug charset \u003ca href=\"https://github.com/Shrawak\"\u003e\u003ccode\u003e@​Shrawak\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDoc fixes and others:\u003c/strong\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2658\"\u003e#2658\u003c/a\u003e \u003ca href=\"https://github.com/Manaskarthik28\"\u003e\u003ccode\u003e@​Manaskarthik28\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2592\"\u003e#2592\u003c/a\u003e \u003ca href=\"https://github.com/noritaka1166\"\u003e\u003ccode\u003e@​noritaka1166\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2591\"\u003e#2591\u003c/a\u003e \u003ca href=\"https://github.com/noritaka1166\"\u003e\u003ccode\u003e@​noritaka1166\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e13.15.26\u003c/h1\u003e\n\u003ch3\u003eFixes, New Locales and Enhancements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2535\"\u003e#2535\u003c/a\u003e \u003ccode\u003eisHexColor\u003c/code\u003e: add \u003ccode\u003erequire_hashtag\u003c/code\u003e option \u003ca href=\"https://github.com/Numbers0689\"\u003e\u003ccode\u003e@​Numbers0689\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2633\"\u003e#2633\u003c/a\u003e \u003ccode\u003eisURL\u003c/code\u003e: handle possible bypass with URL-encoded content \u003ca href=\"https://github.com/WikiRik\"\u003e\u003ccode\u003e@​WikiRik\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2634\"\u003e#2634\u003c/a\u003e \u003ccode\u003eisIBAN\u003c/code\u003e: improve \u003ccode\u003eIR\u003c/code\u003e locale \u003ca href=\"https://github.com/ds1371dani\"\u003e\u003ccode\u003e@​ds1371dani\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDoc fixes and others:\u003c/strong\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2640\"\u003e#2640\u003c/a\u003e \u003ca href=\"https://github.com/WikiRik\"\u003e\u003ccode\u003e@​WikiRik\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e13.15.23\u003c/h1\u003e\n\u003ch3\u003eFixes, New Locales and Enhancements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eDoc fixes and others:\u003c/strong\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2631\"\u003e#2631\u003c/a\u003e \u003ca href=\"https://github.com/WikiRik\"\u003e\u003ccode\u003e@​WikiRik\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e13.15.22\u003c/h1\u003e\n\u003ch3\u003eFixes, New Locales and Enhancements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2622\"\u003e#2622\u003c/a\u003e \u003ccode\u003eisURL\u003c/code\u003e: fix regression with hostnames with ports \u003ca href=\"https://github.com/mbtools\"\u003e\u003ccode\u003e@​mbtools\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2616\"\u003e#2616\u003c/a\u003e \u003ccode\u003eisLength\u003c/code\u003e: improve handling Unicode variation selectors \u003ca href=\"https://github.com/koral\"\u003e\u003ccode\u003e@​koral\u003c/code\u003e\u003c/a\u003e--\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDoc fixes and others:\u003c/strong\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2621\"\u003e#2621\u003c/a\u003e \u003ca href=\"https://github.com/mbtools\"\u003e\u003ccode\u003e@​mbtools\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e13.15.20\u003c/h1\u003e\n\u003ch3\u003eFixes, New Locales and Enhancements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2556\"\u003e#2556\u003c/a\u003e \u003ccode\u003eisMobilePhone\u003c/code\u003e: add \u003ccode\u003ear-QA\u003c/code\u003e locale \u003ca href=\"https://github.com/WardKhaddour\"\u003e\u003ccode\u003e@​WardKhaddour\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/validatorjs/validator.js/commit/7a8079709cd4cb27b2a1846e6f6508d68c9d928f\"\u003e\u003ccode\u003e7a80797\u003c/code\u003e\u003c/a\u003e maintenance: 2604 release (\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/issues/2695\"\u003e#2695\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/validatorjs/validator.js/commit/941db7fac5263cc7e0df0eba37253678f92989b0\"\u003e\u003ccode\u003e941db7f\u003c/code\u003e\u003c/a\u003e fix(isSlug): restrict allowed characters to valid slug charset (\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/issues/2693\"\u003e#2693\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/validatorjs/validator.js/commit/2758f7029798df0361ace21143e7169eeb22df88\"\u003e\u003ccode\u003e2758f70\u003c/code\u003e\u003c/a\u003e chore: fix typo in comment (\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/issues/2591\"\u003e#2591\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/validatorjs/validator.js/commit/fcfbff59f754b2fe81b4f91560a33455236a7f01\"\u003e\u003ccode\u003efcfbff5\u003c/code\u003e\u003c/a\u003e feat(isJson): allow any valid JSON value to pass (\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/issues/2690\"\u003e#2690\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/validatorjs/validator.js/commit/f06caee798c0c70d8f1774426a03c1d05ed0bd07\"\u003e\u003ccode\u003ef06caee\u003c/code\u003e\u003c/a\u003e refactor: replace if-then-else flow by a single return statement (\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/issues/2592\"\u003e#2592\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/validatorjs/validator.js/commit/9fa1e3a44a3fb371bc91cf8bb7e127ee4e049331\"\u003e\u003ccode\u003e9fa1e3a\u003c/code\u003e\u003c/a\u003e feat(isPostalCode): Add postal code for Monaco (\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/issues/2682\"\u003e#2682\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/validatorjs/validator.js/commit/b1aea75a5e64929eab32d9e83e957b7f5660e9bd\"\u003e\u003ccode\u003eb1aea75\u003c/code\u003e\u003c/a\u003e feat(isMobilePhone): add Djibouti (fr-DJ) mobile phone validation (\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/issues/2676\"\u003e#2676\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/validatorjs/validator.js/commit/f715cddd592169a93cce1ac04d33bfb47ec53048\"\u003e\u003ccode\u003ef715cdd\u003c/code\u003e\u003c/a\u003e fix(isPassportNumber): improve \u003ccode\u003eMX\u003c/code\u003e locale (\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/issues/2643\"\u003e#2643\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/validatorjs/validator.js/commit/e8c6914f72f8a176ecffe034b8324265e8b4d3fe\"\u003e\u003ccode\u003ee8c6914\u003c/code\u003e\u003c/a\u003e fix(isTaxID): add formatted CPF support and additional test cases for pt-BR l...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/validatorjs/validator.js/commit/90b0a9a40bdce395f74e43f8b7158c992297e71e\"\u003e\u003ccode\u003e90b0a9a\u003c/code\u003e\u003c/a\u003e fix(isTaxID): improve \u003ccode\u003ept-BR\u003c/code\u003e locale by adding support for alphanumeric CNPJ ...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/validatorjs/validator.js/compare/13.9.0...13.15.35\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for validator since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/bloom-housing/bloom/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/bloom-housing/bloom/pull/6352","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/bloom-housing%2Fbloom/issues/6352","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/6352/packages"}},{"old_version":"3.2.2","new_version":"3.2.3","update_type":"patch","path":null,"pr_created_at":"2026-05-25T00:09:50.000Z","version_change":"3.2.2 → 3.2.3","issue":{"uuid":"4513395873","node_id":"PR_kwDOGn7O-c7e3L81","number":21,"state":"closed","title":"Bump the npm_and_yarn group across 16 directories with 20 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-25T03:02:50.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-25T00:09:50.000Z","updated_at":"2026-05-25T03:02:53.000Z","time_to_close":10380,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":20,"packages":[{"name":"express","old_version":"4.17.0","new_version":"4.22.0","repository_url":"https://github.com/expressjs/express"},{"name":"minimatch","old_version":"3.0.4","new_version":"3.1.4","repository_url":"https://github.com/isaacs/minimatch"},{"name":"tar","old_version":"4.4.10","new_version":"7.5.11","repository_url":"https://github.com/isaacs/node-tar"},{"name":"devalue","old_version":"2.0.1","new_version":"5.8.1","repository_url":"https://github.com/sveltejs/devalue"},{"name":"uuid","old_version":"8.3.2","new_version":"14.0.0","repository_url":"https://github.com/uuidjs/uuid"},{"name":"ws","old_version":"8.2.3","new_version":"8.20.1","repository_url":"https://github.com/websockets/ws"},{"name":"@babel/plugin-transform-modules-systemjs","old_version":"7.12.1","new_version":"7.29.4","repository_url":"https://github.com/babel/babel"},{"name":"bn.js","old_version":"4.11.9","new_version":"4.12.3","repository_url":"https://github.com/indutny/bn.js"},{"name":"cipher-base","old_version":"1.0.4","new_version":"1.0.7","repository_url":"https://github.com/crypto-browserify/cipher-base"},{"name":"flatted","old_version":"3.1.1","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"follow-redirects","old_version":"1.9.0","new_version":"1.16.0","repository_url":"https://github.com/follow-redirects/follow-redirects"},{"name":"handlebars","old_version":"4.7.6","new_version":"4.7.9","repository_url":"https://github.com/handlebars-lang/handlebars.js"},{"name":"js-yaml","old_version":"3.13.1","new_version":"3.14.2","repository_url":"https://github.com/nodeca/js-yaml"},{"name":"jws","old_version":"3.2.2","new_version":"3.2.3","repository_url":"https://github.com/brianloveswords/node-jws"},{"name":"rollup","old_version":"2.35.1","new_version":"2.80.0","repository_url":"https://github.com/rollup/rollup"},{"name":"sha.js","old_version":"2.4.11","new_version":"2.4.12","repository_url":"https://github.com/crypto-browserify/sha.js"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 16 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [express](https://github.com/expressjs/express) | `4.17.0` | `4.22.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.4` |\n| [tar](https://github.com/isaacs/node-tar) | `4.4.10` | `7.5.11` |\n| [devalue](https://github.com/sveltejs/devalue) | `2.0.1` | `5.8.1` |\n| [uuid](https://github.com/uuidjs/uuid) | `8.3.2` | `14.0.0` |\n| [ws](https://github.com/websockets/ws) | `8.2.3` | `8.20.1` |\n| [@babel/plugin-transform-modules-systemjs](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs) | `7.12.1` | `7.29.4` |\n| [bn.js](https://github.com/indutny/bn.js) | `4.11.9` | `4.12.3` |\n| [cipher-base](https://github.com/crypto-browserify/cipher-base) | `1.0.4` | `1.0.7` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.1.1` | `3.4.2` |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.9.0` | `1.16.0` |\n| [handlebars](https://github.com/handlebars-lang/handlebars.js) | `4.7.6` | `4.7.9` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.13.1` | `3.14.2` |\n| [jws](https://github.com/brianloveswords/node-jws) | `3.2.2` | `3.2.3` |\n| [rollup](https://github.com/rollup/rollup) | `2.35.1` | `2.80.0` |\n| [sha.js](https://github.com/crypto-browserify/sha.js) | `2.4.11` | `2.4.12` |\n\nBumps the npm_and_yarn group with 1 update in the /examples/api-routes-apollo-server-and-client-auth directory: [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 1 update in the /examples/api-routes-rate-limit directory: [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 1 update in the /examples/auth-with-stytch directory: [next](https://github.com/vercel/next.js).\nBumps the npm_and_yarn group with 1 update in the /examples/blog-with-comment directory: [next](https://github.com/vercel/next.js).\nBumps the npm_and_yarn group with 1 update in the /examples/styled-jsx-with-csp directory: [next](https://github.com/vercel/next.js).\nBumps the npm_and_yarn group with 1 update in the /examples/using-preact directory: [next](https://github.com/vercel/next.js).\nBumps the npm_and_yarn group with 1 update in the /examples/with-aws-amplify-typescript directory: [next](https://github.com/vercel/next.js).\nBumps the npm_and_yarn group with 1 update in the /examples/with-i18n-next-intl directory: [next-intl](https://github.com/amannn/next-intl).\nBumps the npm_and_yarn group with 1 update in the /examples/with-next-translate directory: [next](https://github.com/vercel/next.js).\nBumps the npm_and_yarn group with 1 update in the /examples/with-nhost-auth-realtime-graphql directory: [next](https://github.com/vercel/next.js).\nBumps the npm_and_yarn group with 1 update in the /examples/with-paste-typescript directory: [next](https://github.com/vercel/next.js).\nBumps the npm_and_yarn group with 1 update in the /examples/with-react-intl directory: [next](https://github.com/vercel/next.js).\nBumps the npm_and_yarn group with 1 update in the /examples/with-redis directory: [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 1 update in the /examples/with-tesfy directory: [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 3 updates in the /packages/next directory: [devalue](https://github.com/sveltejs/devalue), [uuid](https://github.com/uuidjs/uuid) and [ws](https://github.com/websockets/ws).\n\nUpdates `express` from 4.17.0 to 4.22.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/expressjs/express/releases\"\u003eexpress's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.22.0\u003c/h2\u003e\n\u003ch2\u003eImportant: Security\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity fix for \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2024-51999\"\u003eCVE-2024-51999\u003c/a\u003e (\u003ca href=\"https://github.com/expressjs/express/security/advisories/GHSA-pj86-cfqh-vqx6\"\u003eGHSA-pj86-cfqh-vqx6\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRefactor: improve readability by \u003ca href=\"https://github.com/sazk07\"\u003e\u003ccode\u003e@​sazk07\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6190\"\u003eexpressjs/express#6190\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add support for Node.js@23.0 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6080\"\u003eexpressjs/express#6080\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMethod functions with no path should error by \u003ca href=\"https://github.com/wesleytodd\"\u003e\u003ccode\u003e@​wesleytodd\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/5957\"\u003eexpressjs/express#5957\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: updated github actions ci workflow by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6323\"\u003eexpressjs/express#6323\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: reorder \u003ccode\u003enpm i\u003c/code\u003e steps to fix ci for older node versions by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6336\"\u003eexpressjs/express#6336\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBackport: ci: add node.js 24 to test matrix by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6506\"\u003eexpressjs/express#6506\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(4.x): wider range for query test skip by \u003ca href=\"https://github.com/jonchurch\"\u003e\u003ccode\u003e@​jonchurch\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6513\"\u003eexpressjs/express#6513\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003euse tilde notation for certain dependencies by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6905\"\u003eexpressjs/express#6905\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeps: qs@6.14.0 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6909\"\u003eexpressjs/express#6909\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeps: use tilde notation for \u003ccode\u003eqs\u003c/code\u003e by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6919\"\u003eexpressjs/express#6919\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelease: 4.22.0 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6921\"\u003eexpressjs/express#6921\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/expressjs/express/compare/4.21.2...4.22.0\"\u003ehttps://github.com/expressjs/express/compare/4.21.2...4.22.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e4.21.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd funding field (v4) by \u003ca href=\"https://github.com/bjohansebas\"\u003e\u003ccode\u003e@​bjohansebas\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6065\"\u003eexpressjs/express#6065\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeps: path-to-regexp@0.1.11 by \u003ca href=\"https://github.com/blakeembrey\"\u003e\u003ccode\u003e@​blakeembrey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/5956\"\u003eexpressjs/express#5956\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeps: bump path-to-regexp@0.1.12 by \u003ca href=\"https://github.com/jonchurch\"\u003e\u003ccode\u003e@​jonchurch\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6209\"\u003eexpressjs/express#6209\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelease: 4.21.2 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6094\"\u003eexpressjs/express#6094\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/expressjs/express/compare/4.21.1...4.21.2\"\u003ehttps://github.com/expressjs/express/compare/4.21.1...4.21.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e4.21.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBackport a fix for CVE-2024-47764 to the 4.x branch by \u003ca href=\"https://github.com/joshbuker\"\u003e\u003ccode\u003e@​joshbuker\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6029\"\u003eexpressjs/express#6029\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelease: 4.21.1 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6031\"\u003eexpressjs/express#6031\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/expressjs/express/compare/4.21.0...4.21.1\"\u003ehttps://github.com/expressjs/express/compare/4.21.0...4.21.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e4.21.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate \u003ccode\u003e\u0026quot;back\u0026quot;\u003c/code\u003e magic string in redirects by \u003ca href=\"https://github.com/blakeembrey\"\u003e\u003ccode\u003e@​blakeembrey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/5935\"\u003eexpressjs/express#5935\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efinalhandler@1.3.1 by \u003ca href=\"https://github.com/wesleytodd\"\u003e\u003ccode\u003e@​wesleytodd\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/5954\"\u003eexpressjs/express#5954\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(deps): serve-static@1.16.2 by \u003ca href=\"https://github.com/wesleytodd\"\u003e\u003ccode\u003e@​wesleytodd\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/5951\"\u003eexpressjs/express#5951\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgraded dependency qs to 6.13.0 to match qs in body-parser by \u003ca href=\"https://github.com/agadzinski93\"\u003e\u003ccode\u003e@​agadzinski93\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/5946\"\u003eexpressjs/express#5946\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agadzinski93\"\u003e\u003ccode\u003e@​agadzinski93\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/5946\"\u003eexpressjs/express#5946\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/expressjs/express/blob/4.22.0/History.md\"\u003eexpress's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e4.22.0 / 2025-12-01\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity fix for \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2024-51999\"\u003eCVE-2024-51999\u003c/a\u003e (\u003ca href=\"https://github.com/expressjs/express/security/advisories/GHSA-pj86-cfqh-vqx6\"\u003eGHSA-pj86-cfqh-vqx6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edeps: use tilde notation for dependencies\u003c/li\u003e\n\u003cli\u003edeps: qs@6.14.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e4.21.2 / 2024-11-06\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003edeps: path-to-regexp@0.1.12\n\u003cul\u003e\n\u003cli\u003eFix backtracking protection\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003edeps: path-to-regexp@0.1.11\n\u003cul\u003e\n\u003cli\u003eThrows an error on invalid path values\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e4.21.1 / 2024-10-08\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eBackported a fix for \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2024-47764\"\u003eCVE-2024-47764\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e4.21.0 / 2024-09-11\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate \u003ccode\u003eres.location(\u0026quot;back\u0026quot;)\u003c/code\u003e and \u003ccode\u003eres.redirect(\u0026quot;back\u0026quot;)\u003c/code\u003e magic string\u003c/li\u003e\n\u003cli\u003edeps: serve-static@1.16.2\n\u003cul\u003e\n\u003cli\u003eincludes send@0.19.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003edeps: finalhandler@1.3.1\u003c/li\u003e\n\u003cli\u003edeps: qs@6.13.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e4.20.0 / 2024-09-10\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003edeps: serve-static@0.16.0\n\u003cul\u003e\n\u003cli\u003eRemove link renderization in html while redirecting\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003edeps: send@0.19.0\n\u003cul\u003e\n\u003cli\u003eRemove link renderization in html while redirecting\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003edeps: body-parser@0.6.0\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003edepth\u003c/code\u003e option to customize the depth level in the parser\u003c/li\u003e\n\u003cli\u003eIMPORTANT: The default \u003ccode\u003edepth\u003c/code\u003e level for parsing URL-encoded data is now \u003ccode\u003e32\u003c/code\u003e (previously was \u003ccode\u003eInfinity\u003c/code\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eRemove link renderization in html while using \u003ccode\u003eres.redirect\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003edeps: path-to-regexp@0.1.10\n\u003cul\u003e\n\u003cli\u003eAdds support for named matching groups in the routes using a regex\u003c/li\u003e\n\u003cli\u003eAdds backtracking protection to parameters without regexes defined\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003edeps: encodeurl@~2.0.0\n\u003cul\u003e\n\u003cli\u003eRemoves encoding of \u003ccode\u003e\\\u003c/code\u003e, \u003ccode\u003e|\u003c/code\u003e, and \u003ccode\u003e^\u003c/code\u003e to align better with URL spec\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eDeprecate passing \u003ccode\u003eoptions.maxAge\u003c/code\u003e and \u003ccode\u003eoptions.expires\u003c/code\u003e to \u003ccode\u003eres.clearCookie\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003eWill be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e4.19.2 / 2024-03-25\u003c/h1\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/49744abd1120484fe64d7bde1cd3197c32523b6e\"\u003e\u003ccode\u003e49744ab\u003c/code\u003e\u003c/a\u003e 4.22.0 (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6921\"\u003e#6921\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/6e97452f600a3b01719fbc5517d833c7646b0bb7\"\u003e\u003ccode\u003e6e97452\u003c/code\u003e\u003c/a\u003e sec: security patch for CVE-2024-51999\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/6a23d34d652b9e69a4486d2a2a0dea54b9685fa5\"\u003e\u003ccode\u003e6a23d34\u003c/code\u003e\u003c/a\u003e deps: use tilde notation for \u003ccode\u003eqs\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6919\"\u003e#6919\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/8c12cdf93b89a4628b59179e3cc0722fc517d6b3\"\u003e\u003ccode\u003e8c12cdf\u003c/code\u003e\u003c/a\u003e deps: qs@6.14.0 (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6909\"\u003e#6909\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/7fea74fcf02764580f38f2a7f1932dfa54cddd90\"\u003e\u003ccode\u003e7fea74f\u003c/code\u003e\u003c/a\u003e deps: use tilde notation for certain dependencies (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6905\"\u003e#6905\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/dac7a0475a99e9dfc57b3b8e6d5bdf52813f1944\"\u003e\u003ccode\u003edac7a04\u003c/code\u003e\u003c/a\u003e chore: wider range for query test skip (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6513\"\u003e#6513\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/997919b48879bbd53171c3b4e5dd1b04ad139241\"\u003e\u003ccode\u003e997919b\u003c/code\u003e\u003c/a\u003e ci: add node.js 24 to test matrix (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6506\"\u003e#6506\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/36fb59c6c7d9dfca0b08dfeafb5b6e4a249234a1\"\u003e\u003ccode\u003e36fb59c\u003c/code\u003e\u003c/a\u003e fix(ci): reorder \u003ccode\u003enpm i\u003c/code\u003e steps to fix ci for older node versions (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6336\"\u003e#6336\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/3a5edfaff06f1a2c7079b08d0635108b371eddfd\"\u003e\u003ccode\u003e3a5edfa\u003c/code\u003e\u003c/a\u003e fix(ci): updated github actions ci workflow (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6323\"\u003e#6323\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/52d978119a7af27667cce5d99ac0739dc269d818\"\u003e\u003ccode\u003e52d9781\u003c/code\u003e\u003c/a\u003e fix(test): add test for method routes without paths \u003ca href=\"https://redirect.github.com/expressjs/express/issues/5955\"\u003e#5955\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/expressjs/express/compare/4.17.0...4.22.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~ulisesgascon\"\u003eulisesgascon\u003c/a\u003e, a new releaser for express since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 3.0.4 to 3.1.4\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a2e084af579731af66c221214e3ca8222c9bf23\"\u003e\u003ccode\u003e1a2e084\u003c/code\u003e\u003c/a\u003e 3.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/ae24656237c3d58067442f790ce17eff84463a47\"\u003e\u003ccode\u003eae24656\u003c/code\u003e\u003c/a\u003e update lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/b1003749228b2a79e1f237963a0d559ef7a0941e\"\u003e\u003ccode\u003eb100374\u003c/code\u003e\u003c/a\u003e limit recursion for **, improve perf considerably\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/26ffeaa091b9f660833e23f42e07165b33e85c13\"\u003e\u003ccode\u003e26ffeaa\u003c/code\u003e\u003c/a\u003e lockfile update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/9eca892a4e5dbb20534f9f30483b85cdeee6c2eb\"\u003e\u003ccode\u003e9eca892\u003c/code\u003e\u003c/a\u003e lock node version to 14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/00c323b188b704e5d4bc534ecec2268cfa70a32a\"\u003e\u003ccode\u003e00c323b\u003c/code\u003e\u003c/a\u003e 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/30486b2048929264f44d18822891cfffa02af78b\"\u003e\u003ccode\u003e30486b2\u003c/code\u003e\u003c/a\u003e update CI matrix and actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/9c31b2d4e0af72a6c2d2d62c5dbc2247da669802\"\u003e\u003ccode\u003e9c31b2d\u003c/code\u003e\u003c/a\u003e update test expectations for coalesced consecutive stars\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/46fe687857cf02f6cf45469cc593b97e11b10c96\"\u003e\u003ccode\u003e46fe687\u003c/code\u003e\u003c/a\u003e coalesce consecutive non-globstar * characters\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/5a9ccbda64befc5d94b965534dbea2853c92aebd\"\u003e\u003ccode\u003e5a9ccbd\u003c/code\u003e\u003c/a\u003e [meta] update publishConfig.tag to legacy-v3\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v3.0.4...v3.1.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `tar` from 4.4.10 to 7.5.11\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/isaacs/node-tar/releases\"\u003etar's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.1.13\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/npm/node-tar/compare/v6.1.12...v6.1.13\"\u003e6.1.13\u003c/a\u003e (2022-12-07)\u003c/h2\u003e\n\u003ch3\u003eDependencies\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-tar/commit/cc4e0ddfe523a0bce383846a67442c637a65d486\"\u003e\u003ccode\u003ecc4e0dd\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-tar/pull/343\"\u003e#343\u003c/a\u003e bump minipass from 3.3.6 to 4.0.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.1.12\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/npm/node-tar/compare/v6.1.11...v6.1.12\"\u003e6.1.12\u003c/a\u003e (2022-10-31)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-tar/commit/57493ee66ece50d62114e02914282fc37be3a91a\"\u003e\u003ccode\u003e57493ee\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-tar/pull/332\"\u003e#332\u003c/a\u003e ensuring close event is emited after stream has ended (\u003ca href=\"https://github.com/webark\"\u003e\u003ccode\u003e@​webark\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-tar/commit/b003c64f624332e24e19b30dc011069bb6708680\"\u003e\u003ccode\u003eb003c64\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-tar/pull/314\"\u003e#314\u003c/a\u003e replace deprecated String.prototype.substr() (\u003ca href=\"https://redirect.github.com/isaacs/node-tar/issues/314\"\u003e#314\u003c/a\u003e) (\u003ca href=\"https://github.com/CommanderRoot\"\u003e\u003ccode\u003e@​CommanderRoot\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/lukekarrys\"\u003e\u003ccode\u003e@​lukekarrys\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-tar/commit/f12992932f171ea248b27fad95e7d489a56d31ed\"\u003e\u003ccode\u003ef129929\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-tar/pull/313\"\u003e#313\u003c/a\u003e remove dead link to benchmarks (\u003ca href=\"https://redirect.github.com/isaacs/node-tar/issues/313\"\u003e#313\u003c/a\u003e) (\u003ca href=\"https://github.com/yetzt\"\u003e\u003ccode\u003e@​yetzt\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-tar/commit/c1faa9f44001dfb0bc7638b2850eb6058bd56a4a\"\u003e\u003ccode\u003ec1faa9f\u003c/code\u003e\u003c/a\u003e add examples/explanation of using tar.t (\u003ca href=\"https://github.com/isaacs\"\u003e\u003ccode\u003e@​isaacs\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md\"\u003etar's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003e7.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003ezstd\u003c/code\u003e compression support.\u003c/li\u003e\n\u003cli\u003eConsistent TOCTOU behavior in sync t.list\u003c/li\u003e\n\u003cli\u003eOnly read from ustar block if not specified in Pax\u003c/li\u003e\n\u003cli\u003eFix sync tar.list when file size reduces while reading\u003c/li\u003e\n\u003cli\u003eSanitize absolute linkpaths properly\u003c/li\u003e\n\u003cli\u003ePrevent writing hardlink entries to the archive ahead of their\nfile target\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate \u003ccode\u003eonentry\u003c/code\u003e in favor of \u003ccode\u003eonReadEntry\u003c/code\u003e for clarity.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eonWriteEntry\u003c/code\u003e option\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDRY the command definitions into a single \u003ccode\u003emakeCommand\u003c/code\u003e method,\nand update the type signatures to more appropriately infer the\nreturn type from the options and arguments provided.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate minipass to v7.1.0\u003c/li\u003e\n\u003cli\u003eUpdate the type definitions of \u003ccode\u003ewrite()\u003c/code\u003e and \u003ccode\u003eend()\u003c/code\u003e methods on\n\u003ccode\u003eUnpack\u003c/code\u003e and \u003ccode\u003eParser\u003c/code\u003e classes to be compatible with the\nNodeJS.WritableStream type in the latest versions of\n\u003ccode\u003e@types/node\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for node \u0026lt;18\u003c/li\u003e\n\u003cli\u003eRewrite in TypeScript, provide ESM and CommonJS hybrid\ninterface\u003c/li\u003e\n\u003cli\u003eAdd tree-shake friendly exports, like \u003ccode\u003eimport('tar/create')\u003c/code\u003e\nand \u003ccode\u003eimport('tar/read-entry')\u003c/code\u003e to get individual functions or\nclasses.\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003echmod\u003c/code\u003e option that defaults to false, and deprecate\n\u003ccode\u003enoChmod\u003c/code\u003e. That is, reverse the default option regarding\nexplicitly setting file system modes to match tar entry\nsettings.\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eprocessUmask\u003c/code\u003e option to avoid having to call\n\u003ccode\u003eprocess.umask()\u003c/code\u003e when \u003ccode\u003echmod: true\u003c/code\u003e (or \u003ccode\u003enoChmod: false\u003c/code\u003e) is\nset.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/bf776f673164215074b62749e0fe80e5834588f4\"\u003e\u003ccode\u003ebf776f6\u003c/code\u003e\u003c/a\u003e 7.5.11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/f48b5fa3b7985ddab96dc0f2125a4ffc9911b6ad\"\u003e\u003ccode\u003ef48b5fa\u003c/code\u003e\u003c/a\u003e prevent escaping symlinks with drive-relative paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/97cff15d3539a37a4095eb3d287147d9d77c2dc3\"\u003e\u003ccode\u003e97cff15\u003c/code\u003e\u003c/a\u003e docs: more security info\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/2b72abc1d47c3570e1ad95c9ab557fc4c2e6e4b1\"\u003e\u003ccode\u003e2b72abc\u003c/code\u003e\u003c/a\u003e 7.5.10\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/7bc755dd85e623c0279e08eb3784909e6d7e4b9f\"\u003e\u003ccode\u003e7bc755d\u003c/code\u003e\u003c/a\u003e parse root off paths before sanitizing .. parts\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/c8cb84629dee649feedde03f2f4ea48f2e44e778\"\u003e\u003ccode\u003ec8cb846\u003c/code\u003e\u003c/a\u003e update deps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/1f0c2c9006b10199cf2686f8ef43e79a1773e1aa\"\u003e\u003ccode\u003e1f0c2c9\u003c/code\u003e\u003c/a\u003e 7.5.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/fbb08518bf290733b68ca4d4135f75becf73fd75\"\u003e\u003ccode\u003efbb0851\u003c/code\u003e\u003c/a\u003e build minified version as default export\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/6b8eba0ef367ac937e703238daa6df94ae6f823f\"\u003e\u003ccode\u003e6b8eba0\u003c/code\u003e\u003c/a\u003e 7.5.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/2cb1120bcefe28d7ecc719b41441ade59c52e384\"\u003e\u003ccode\u003e2cb1120\u003c/code\u003e\u003c/a\u003e fix(unpack): improve UnpackSync symlink error \u0026quot;into\u0026quot; path accuracy\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/node-tar/compare/v4.4.10...v7.5.11\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~isaacs\"\u003eisaacs\u003c/a\u003e, a new releaser for tar since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `devalue` from 2.0.1 to 5.8.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sveltejs/devalue/releases\"\u003edevalue's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.8.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e206ca67: fix: force sparse arrays to allocate sparsely\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.8.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ec5115b0: feat: add \u003ccode\u003estringifyAsync\u003c/code\u003e for async serialization\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.7.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e8becc7c: fix: handle regexes consistently in uneval's value and reference formats\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.7.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edf2e284: feat: use native alternatives to encode/decode base64\u003c/li\u003e\n\u003cli\u003e498656e: feat: add \u003ccode\u003eDataView\u003c/code\u003e support\u003c/li\u003e\n\u003cli\u003ea210130: feat: whitelist \u003ccode\u003eFloat16Array\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003edf2e284: feat: simplify TypedArray slices\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e5590634: fix: get \u003ccode\u003euneval\u003c/code\u003e type handling up to parity with \u003ccode\u003estringify\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e57f73fc: fix: correctly support boxed bigints and sentinel values\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.6.4\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e87c1f3c: fix: reject \u003ccode\u003e__proto__\u003c/code\u003e keys in malformed \u003ccode\u003eObject\u003c/code\u003e wrapper payloads\u003c/p\u003e\n\u003cp\u003eThis validates the \u003ccode\u003e\u0026quot;Object\u0026quot;\u003c/code\u003e parse path and throws when the wrapped value has an own \u003ccode\u003e__proto__\u003c/code\u003e key.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e40f1db1: fix: ensure sparse array indices are integers\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e87c1f3c: fix: disallow \u003ccode\u003e__proto__\u003c/code\u003e keys in null-prototype object parsing\u003c/p\u003e\n\u003cp\u003eThis disallows \u003ccode\u003e__proto__\u003c/code\u003e keys in the \u003ccode\u003e\u0026quot;null\u0026quot;\u003c/code\u003e parse path so null-prototype object hydration cannot carry that key through parse/unflatten.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.6.3\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e0f04d4d: fix: Properly handle \u003ccode\u003e__proto__\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e819f1ac: fix: better encoding for sparse arrays\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.6.2\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sveltejs/devalue/blob/main/CHANGELOG.md\"\u003edevalue's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.8.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e206ca67: fix: force sparse arrays to allocate sparsely\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.8.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ec5115b0: feat: add \u003ccode\u003estringifyAsync\u003c/code\u003e for async serialization\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.7.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e8becc7c: fix: handle regexes consistently in uneval's value and reference formats\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.7.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edf2e284: feat: use native alternatives to encode/decode base64\u003c/li\u003e\n\u003cli\u003e498656e: feat: add \u003ccode\u003eDataView\u003c/code\u003e support\u003c/li\u003e\n\u003cli\u003ea210130: feat: whitelist \u003ccode\u003eFloat16Array\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003edf2e284: feat: simplify TypedArray slices\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e5590634: fix: get \u003ccode\u003euneval\u003c/code\u003e type handling up to parity with \u003ccode\u003estringify\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e57f73fc: fix: correctly support boxed bigints and sentinel values\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.6.4\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e87c1f3c: fix: reject \u003ccode\u003e__proto__\u003c/code\u003e keys in malformed \u003ccode\u003eObject\u003c/code\u003e wrapper payloads\u003c/p\u003e\n\u003cp\u003eThis validates the \u003ccode\u003e\u0026quot;Object\u0026quot;\u003c/code\u003e parse path and throws when the wrapped value has an own \u003ccode\u003e__proto__\u003c/code\u003e key.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e40f1db1: fix: ensure sparse array indices are integers\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e87c1f3c: fix: disallow \u003ccode\u003e__proto__\u003c/code\u003e keys in null-prototype object parsing\u003c/p\u003e\n\u003cp\u003eThis disallows \u003ccode\u003e__proto__\u003c/code\u003e keys in the \u003ccode\u003e\u0026quot;null\u0026quot;\u003c/code\u003e parse path so null-prototype object hydration cannot carry that key through parse/unflatten.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.6.3\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e0f04d4d: fix: Properly handle \u003ccode\u003e__proto__\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e819f1ac: fix: better encoding for sparse arrays\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.6.2\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/devalue/commit/796ea83a76eb7e0f2af376f9c2c875f1d057f50f\"\u003e\u003ccode\u003e796ea83\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://redirect.github.com/sveltejs/devalue/issues/152\"\u003e#152\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/devalue/commit/206ca6712fbc380a4571c59de9ab04b91110792d\"\u003e\u003ccode\u003e206ca67\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/devalue/commit/14933f78ff6b712829162628682b0a1993e75d19\"\u003e\u003ccode\u003e14933f7\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://redirect.github.com/sveltejs/devalue/issues/151\"\u003e#151\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/devalue/commit/c5115b0074ec298fb4077f6cee5616cefbd13902\"\u003e\u003ccode\u003ec5115b0\u003c/code\u003e\u003c/a\u003e feat: \u003ccode\u003estringifyAsync\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/sveltejs/devalue/issues/150\"\u003e#150\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/devalue/commit/67dad450b5db18ea9aa3059d334d8b0ee6704d9e\"\u003e\u003ccode\u003e67dad45\u003c/code\u003e\u003c/a\u003e docs: update README to reflect serialization stability non-goal (\u003ca href=\"https://redirect.github.com/sveltejs/devalue/issues/147\"\u003e#147\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/devalue/commit/6eb920a7db6fe388f24f640d0e4e874a57f148fb\"\u003e\u003ccode\u003e6eb920a\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://redirect.github.com/sveltejs/devalue/issues/146\"\u003e#146\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/devalue/commit/8becc7c436f0d4f85e2e5b32cb49dcfdf4fdec42\"\u003e\u003ccode\u003e8becc7c\u003c/code\u003e\u003c/a\u003e fix: handle regexes consistently in uneval's value and reference formats (\u003ca href=\"https://redirect.github.com/sveltejs/devalue/issues/145\"\u003e#145\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/devalue/commit/2eee2e435ea0ea3d495dc7a266486df95a4eb6ed\"\u003e\u003ccode\u003e2eee2e4\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://redirect.github.com/sveltejs/devalue/issues/144\"\u003e#144\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/devalue/commit/498656e75d36dfc63a386240722bdeac63337b25\"\u003e\u003ccode\u003e498656e\u003c/code\u003e\u003c/a\u003e DataView support (\u003ca href=\"https://redirect.github.com/sveltejs/devalue/issues/143\"\u003e#143\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/devalue/commit/5590634db53ed555d3ce2e2024924b30352a6afc\"\u003e\u003ccode\u003e5590634\u003c/code\u003e\u003c/a\u003e Improve platform types support (\u003ca href=\"https://redirect.github.com/sveltejs/devalue/issues/142\"\u003e#142\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sveltejs/devalue/compare/v2.0.1...v5.8.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for devalue since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `uuid` from 8.3.2 to 14.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/uuidjs/uuid/releases\"\u003euuid's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev14.0.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v14.0.0\"\u003e14.0.0\u003c/a\u003e (2026-04-19)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eexpect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/dc4ddb87272ed2843faccd130bcc41d492688bd3\"\u003edc4ddb8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eexpect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/f2c235f93059325fa43e1106e624b5291bb523c4\"\u003ef2c235f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse GITHUB_TOKEN for release-please and enable npm provenance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/925\"\u003e#925\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/ffa31383e8e4e1f0b4e22e504561272041b8738c\"\u003effa3138\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.2\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.1...v13.0.2\"\u003e13.0.2\u003c/a\u003e (2026-05-04)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ererelease to fix provenance. (\u003ca href=\"https://github.com/uuidjs/uuid/commit/49ccb35f78c0c4ce1409dd2f1d89f83caadba10b\"\u003e49ccb35\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v13.0.1\"\u003e13.0.1\u003c/a\u003e (2026-04-27)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebackport fix for GHSA-w5hq-g745-h8pq (\u003ca href=\"https://github.com/uuidjs/uuid/commit/9d27ddf7046ce496ef39569ff84d948eeff9cb2a\"\u003e9d27ddf\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v12.0.0...v13.0.0\"\u003e13.0.0\u003c/a\u003e (2025-09-08)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/bce9d72a3ae5b9a3dcd8eb21ef6d1820288a427a\"\u003ebce9d72\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev12.0.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v12.0.0...v12.0.1\"\u003e12.0.1\u003c/a\u003e (2026-04-29)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md\"\u003euuid's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v14.0.0\"\u003e14.0.0\u003c/a\u003e (2026-04-19)\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixes \u003ca href=\"https://github.com/uuidjs/uuid/security/advisories/GHSA-w5hq-g745-h8pq\"\u003eGHSA-w5hq-g745-h8pq\u003c/a\u003e: \u003ccode\u003ev3()\u003c/code\u003e, \u003ccode\u003ev5()\u003c/code\u003e, and \u003ccode\u003ev6()\u003c/code\u003e did not validate that writes would remain within the bounds of a caller-supplied buffer, allowing out-of-bounds writes when an invalid \u003ccode\u003eoffset\u003c/code\u003e was provided. A \u003ccode\u003eRangeError\u003c/code\u003e is now thrown if \u003ccode\u003eoffset \u0026lt; 0\u003c/code\u003e or \u003ccode\u003eoffset + 16 \u0026gt; buf.length\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ecrypto\u003c/code\u003e is now expected to be globally defined (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade minimum supported TypeScript version to 5.4.3, in keeping with the project's policy of supporting TypeScript versions released within the last two years\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v12.0.0...v13.0.0\"\u003e13.0.0\u003c/a\u003e (2025-09-08)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/bce9d72a3ae5b9a3dcd8eb21ef6d1820288a427a\"\u003ebce9d72\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v11.1.0...v12.0.0\"\u003e12.0.0\u003c/a\u003e (2025-09-05)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eupdate to typescript@5.2 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/887\"\u003e#887\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove CommonJS support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/886\"\u003e#886\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@16 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/883\"\u003e#883\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd node@24 to ci matrix (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/879\"\u003e#879\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/42b6178aa21a593257f0a72abacd220f0b7b8a92\"\u003e42b6178\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@16 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/883\"\u003e#883\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/0f38cf10366ab074f9328ae2021eea04d5f2e530\"\u003e0f38cf1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove CommonJS support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/886\"\u003e#886\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/ae786e27265f50bcf7cead196c29f1869297c42f\"\u003eae786e2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate to typescript@5.2 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/887\"\u003e#887\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/c7ee40598ed78584d81ab78dffded9fe5ff20b01\"\u003ec7ee405\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eimprove v4() performance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/894\"\u003e#894\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/5fd974c12718c8848035650b69b8948f12ace197\"\u003e5fd974c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erestore node: prefix (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/889\"\u003e#889\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/e1f42a354593093ba0479f0b4047dae82d28c507\"\u003ee1f42a3\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v11.0.5...v11.1.0\"\u003e11.1.0\u003c/a\u003e (2025-02-19)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/7c1ea087a8149b57380fc8bb7f68c3a215cb6e4b\"\u003e\u003ccode\u003e7c1ea08\u003c/code\u003e\u003c/a\u003e chore(main): release 14.0.0 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/926\"\u003e#926\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/3d2c5b0342f0fcb52a5ac681c3d47c13e7444b34\"\u003e\u003ccode\u003e3d2c5b0\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/f2c235f93059325fa43e1106e624b5291bb523c4\"\u003e\u003ccode\u003ef2c235f\u003c/code\u003e\u003c/a\u003e fix!: expect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/529ef0899f5dd503d2ee90d690585d63d78bc212\"\u003e\u003ccode\u003e529ef08\u003c/code\u003e\u003c/a\u003e chore: upgrade TypeScript and fixup types (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/927\"\u003e#927\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/086fd7976f11433edf9ac80be876b3ad243fe087\"\u003e\u003ccode\u003e086fd79\u003c/code\u003e\u003c/a\u003e chore: update dependencies (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/933\"\u003e#933\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/dc4ddb87272ed2843faccd130bcc41d492688bd3\"\u003e\u003ccode\u003edc4ddb8\u003c/code\u003e\u003c/a\u003e feat!: drop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/0f1f9c9c9cedbae5a1d363d5406c5dfbabe81404\"\u003e\u003ccode\u003e0f1f9c9\u003c/code\u003e\u003c/a\u003e chore: switch to Biome for parsing and linting (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/932\"\u003e#932\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/e2879e64bf125add903c1eff6e0860542c605013\"\u003e\u003ccode\u003ee2879e6\u003c/code\u003e\u003c/a\u003e chore: use maintained version of npm-run-all (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/930\"\u003e#930\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/ffa31383e8e4e1f0b4e22e504561272041b8738c\"\u003e\u003ccode\u003effa3138\u003c/code\u003e\u003c/a\u003e fix: Use GITHUB_TOKEN for release-please and enable npm provenance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/925\"\u003e#925\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/0423d49df2dc8efc300c804731d25f4d7e0fccc4\"\u003e\u003ccode\u003e0423d49\u003c/code\u003e\u003c/a\u003e docs: remove obsolete v1 option notes (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/915\"\u003e#915\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/uuidjs/uuid/compare/v8.3.2...v14.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for uuid since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ws` from 8.2.3 to 8.20.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/websockets/ws/releases\"\u003ews's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.20.1\u003c/h2\u003e\n\u003ch1\u003eBug fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an uninitialized memory disclosure issue in \u003ccode\u003ewebsocket.close()\u003c/code\u003e\n(c0327ec1).\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eProviding a \u003ccode\u003eTypedArray\u003c/code\u003e (e.g. \u003ccode\u003eFloat32Array\u003c/code\u003e) as the \u003ccode\u003ereason\u003c/code\u003e argument for\n\u003ccode\u003ewebsocket.close()\u003c/code\u003e, rather than the supported string or \u003ccode\u003eBuffer\u003c/code\u003e types, caused\nuninitialized memory to be disclosed to the remote peer.\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003eimport { deepStrictEqual } from 'node:assert';\r\nimport { WebSocket, WebSocketServer } from 'ws';\r\n\u003cp\u003econst wss = new WebSocketServer(\n{ port: 0, skipUTF8Validation: true },\nfunction () {\nconst { port } = wss.address();\nconst ws = new WebSocket(\u003ccode\u003ews://localhost:${port}\u003c/code\u003e, {\nskipUTF8Validation: true\n});\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003ews.on('close', function (code, reason) {\r\n  deepStrictEqual(reason, Buffer.alloc(80));\r\n});\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003e}\n);\u003c/p\u003e\n\u003cp\u003ewss.on('connection', function (ws) {\nws.close(1000, new Float32Array(20));\n});\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cp\u003eThe issue was privately reported by \u003ca href=\"https://github.com/ChALkeR\"\u003eNikita Skovoroda\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003e8.20.0\u003c/h2\u003e\n\u003ch1\u003eFeatures\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdded exports for the \u003ccode\u003ePerMessageDeflate\u003c/code\u003e class and utilities for the\n\u003ccode\u003eSec-WebSocket-Extensions\u003c/code\u003e and \u003ccode\u003eSec-WebSocket-Protocol\u003c/code\u003e headers (d3503c1f).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.19.0\u003c/h2\u003e\n\u003ch1\u003eFeatures\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdded the \u003ccode\u003ecloseTimeout\u003c/code\u003e option (\u003ca href=\"https://redirect.github.com/websockets/ws/issues/2308\"\u003e#2308\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBug fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eHandled a forthcoming breaking change in Node.js core (19984854).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/5d9b316230ea931532a6671cc450f18c11edd02f\"\u003e\u003ccode\u003e5d9b316\u003c/code\u003e\u003c/a\u003e [dist] 8.20.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/c0327ec15a54d701eb6ccefaa8bef328cfc03086\"\u003e\u003ccode\u003ec0327ec\u003c/code\u003e\u003c/a\u003e [security] Fix uninitialized memory disclosure in \u003ccode\u003ewebsocket.close()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/ce2a3d62437995a47e6056d485a33d21b6a8f867\"\u003e\u003ccode\u003ece2a3d6\u003c/code\u003e\u003c/a\u003e [ci] Test on node 26\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/58e45b872bb0f35a3edd553c27e105300a4f5bd0\"\u003e\u003ccode\u003e58e45b8\u003c/code\u003e\u003c/a\u003e [ci] Do not test on node 25\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/5f26c245231a4b018479a9269e8c3da4773fe42f\"\u003e\u003ccode\u003e5f26c24\u003c/code\u003e\u003c/a\u003e [ci] Run the lint step on node 24\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/843925544e2f4cffe445e0179947f56d6c5b608f\"\u003e\u003ccode\u003e8439255\u003c/code\u003e\u003c/a\u003e [dist] 8.20.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/d3503c1fd36a310985108f62b343bae18346ab67\"\u003e\u003ccode\u003ed3503c1\u003c/code\u003e\u003c/a\u003e [minor] Export the \u003ccode\u003ePerMessageDeflate\u003c/code\u003e class and header utils\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/3ee5349a0b1580f6e1f347b59ec3371011bd8481\"\u003e\u003ccode\u003e3ee5349\u003c/code\u003e\u003c/a\u003e [api] Convert the \u003ccode\u003eisServer\u003c/code\u003e and \u003ccode\u003emaxPayload\u003c/code\u003e parameters to options\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/91707b470ebd803aaa3fd1e896217740f39267d4\"\u003e\u003ccode\u003e91707b4\u003c/code\u003e\u003c/a\u003e [doc] Add missing space\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/8b553192268810a83253e2a4a39ac16768e75bb3\"\u003e\u003ccode\u003e8b55319\u003c/code\u003e\u003c/a\u003e [pkg] Update eslint to version 10.0.1\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/websockets/ws/compare/8.2.3...8.20.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@babel/plugin-transform-modules-systemjs` from 7.12.1 to 7.29.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/babel/babel/releases\"\u003e@​babel/plugin-transform-modules-systemjs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.29.4 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-plugin-transform-modules-systemjs\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17974\"\u003e#17974\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 1\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.3 (2026-04-30)\u003c/h2\u003e\n\u003ch4\u003e:eyeglasses: Spec Compliance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17923\"\u003e#17923\u003c/a\u003e Support flow extends bound (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helper-create-class-features-plugin\u003c/code\u003e, \u003ccode\u003ebabel-plugin-proposal-decorators\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17931\"\u003e#17931\u003c/a\u003e fix(decorators): replace super within all removed static elements (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-register\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17915\"\u003e#17915\u003c/a\u003e Fix thread synchronization issues in \u003ccode\u003e@babel/register\u003c/code\u003e (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-compat-data\u003c/code\u003e, \u003ccode\u003ebabel-plugin-bugfix-safari-rest-destructuring-rhs-array\u003c/code\u003e, \u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17788\"\u003e#17788\u003c/a\u003e Add bugfix plugin for Safari array rest destructuring bug (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:nail_care: Polish\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17782\"\u003e#17782\u003c/a\u003e Improve trailing comma comment handling (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:memo: Documentation\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17847\"\u003e#17847\u003c/a\u003e Replace npmjs.com links with npmx.dev (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:running_woman: Performance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helper-import-to-platform-api\u003c/code\u003e, \u003ccode\u003ebabel-plugin-proposal-import-wasm-source\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-json-modules\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17818\"\u003e#17818\u003c/a\u003e Load async Wasm and JSON imports in parallel (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 4\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eBabel Bot (\u003ca href=\"https://github.com/babel-bot\"\u003e\u003ccode\u003e@​babel-bot\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNicolò Ribaudo (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.2 (2026-03-16)\u003c/h2\u003e\n\u003ch4\u003e:eyeglasses: Spec Compliance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17840\"\u003e#17840\u003c/a\u003e [7.x backport] async x =\u0026gt; {} must be in leading pos (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helpers\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-async-generator-functions\u003c/code\u003e, \u003ccode\u003ebabel-preset-env\u003c/code\u003e, \u003ccode\u003ebabel-runtime-corejs3\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17805\"\u003e#17805\u003c/a\u003e [7.x backport] fix: Properly handle await in finally (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-preset-env\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/a458f66074b97d54773db8159af673d23b26079b\"\u003e\u003ccode\u003ea458f66\u003c/code\u003e\u003c/a\u003e v7.29.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/32ebd5aaf2526ddd176fd6a3d1e3dc594abdc8d9\"\u003e\u003ccode\u003e32ebd5a\u003c/code\u003e\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17974\"\u003e#17974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/aa8394e454337d118ac3d40bfa3ee1a3cb3f3ed2\"\u003e\u003ccode\u003eaa8394e\u003c/code\u003e\u003c/a\u003e v7.29.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/0053db620c05acf0036f593b5aaf4e372daa79d0\"\u003e\u003ccode\u003e0053db6\u003c/code\u003e\u003c/a\u003e Update polyfill packages (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17727\"\u003e#17727\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/61647ae2397c82c3c71f077b5ab109106a5cac0f\"\u003e\u003ccode\u003e61647ae\u003c/code\u003e\u003c/a\u003e v7.28.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/a177d551adba99773f4ff00ea9bf46550def6132\"\u003e\u003ccode\u003ea177d55\u003c/code\u003e\u003c/a\u003e [Babel 8] Use \u003ccode\u003et.traverseFast\u003c/code\u003e to replace some \u003ccode\u003epath.traverse\u003c/code\u003e (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17518\"\u003e#17518\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/eebd3a06021c13d335b5b0bd79734df3abbea678\"\u003e\u003ccode\u003eeebd3a0\u003c/code\u003e\u003c/a\u003e v7.27.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/317e332e650bc04907bc787ab79f930288a3e71e\"\u003e\u003ccode\u003e317e332\u003c/code\u003e\u003c/a\u003e Enforce node protocol import (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17207\"\u003e#17207\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/fdc0fb59e119ee0b38bced63867a344a5b4bc2f3\"\u003e\u003ccode\u003efdc0fb5\u003c/code\u003e\u003c/a\u003e [Babel 8] Bump nodejs requirements to \u003ccode\u003e^20.19.0 || \u0026gt;= 22.12.0\u003c/code\u003e (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17204\"\u003e#17204\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/cd24cc07ef6558b7f6510f9177f6393c91b0549f\"\u003e\u003ccode\u003ecd24cc0\u003c/code\u003e\u003c/a\u003e chore: Update TS 5.7 (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17053\"\u003e#17053\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/babel/babel/commits/v7.29.4/packages/babel-plugin-transform-modules-systemjs\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for \u003ccode\u003e@​babel/plugin-transform-modules-systemjs\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `bn.js` from 4.11.9 to 4.12.3\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/39fe4389c773327ed15f29f77f8b7dbbff4beb4c\"\u003e\u003ccode\u003e39fe438\u003c/code\u003e\u003c/a\u003e 4.12.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/67ecb35dabaf252001b649c12d69c4b57deac6f6\"\u003e\u003ccode\u003e67ecb35\u003c/code\u003e\u003c/a\u003e backport(4.x): fix imaskn state (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/317\"\u003e#317\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/c4098bac2470418f8e0f6bf11fe0cb676a2b9047\"\u003e\u003ccode\u003ec4098ba\u003c/code\u003e\u003c/a\u003e 4.12.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/6277fd705e51edae1c404c65f03ba2e512706945\"\u003e\u003ccode\u003e6277fd7\u003c/code\u003e\u003c/a\u003e backport(4.x): Fix imuln/muln with zero (backport of \u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/313\"\u003e#313\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/314\"\u003e#314\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/ac0d4afaae91701815b9edc19789e44e7690d688\"\u003e\u003ccode\u003eac0d4af\u003c/code\u003e\u003c/a\u003e 4.12.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/a5f14b43ec61bc7cafc6de2e7444913b9f581b00\"\u003e\u003ccode\u003ea5f14b4\u003c/code\u003e\u003c/a\u003e Fix serious issue in \u003ccode\u003e.toString(16)\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/309\"\u003e#309\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/0cd2661b9d08512263c940662586042ef8aaccc6\"\u003e\u003ccode\u003e0cd2661\u003c/code\u003e\u003c/a\u003e Remove package-lock.json added by npm\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/84ae31344a557abb78ddabe3bac923b7503e4fb5\"\u003e\u003ccode\u003e84ae313\u003c/code\u003e\u003c/a\u003e 4.12.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/967ed0a50a9400bbbd83b450550cf37f7fa178b9\"\u003e\u003ccode\u003e967ed0a\u003c/code\u003e\u003c/a\u003e fix: Buffer not using global in browser (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/260\"\u003e#260\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/61962320d7907a1a4d03a665782cb2733160c907\"\u003e\u003ccode\u003e6196232\u003c/code\u003e\u003c/a\u003e Fix LE constructor for HEX (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/265\"\u003e#265\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/indutny/bn.js/compare/v4.11.9...v4.12.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cipher-base` from 1.0.4 to 1.0.7\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/browserify/cipher-base/blob/master/CHANGELOG.md\"\u003ecipher-base's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/browserify/cipher-base/compare/v1.0.6...v1.0.7\"\u003ev1.0.7\u003c/a\u003e - 2025-09-24\u003c/h2\u003e\n\u003ch3\u003eCommits\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Refactor] use \u003ccode\u003eto-buffer\u003c/code\u003e \u003ca href=\"https://github.com/browserify/cipher-base/commit/fd1e5eeafccbc8eaa827ee6b9b60c14608aa784f\"\u003e\u003ccode\u003efd1e5ee\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e \u003ca href=\"https://github.com/browserify/cipher-base/commit/08ba8034223a53d300b7dccf33d8f14e52379a34\"\u003e\u003ccode\u003e08ba803\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/browserify/cipher-base/compare/v1.0.5...v1.0.6\"\u003ev1.0.6\u003c/a\u003e - 2024-11-26\u003c/h2\u003e\n\u003ch3\u003eCommits\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] io.js 3.0 - Node.js 5.3 typed array support \u003ca href=\"https://github.com/browserify/cipher-base/commit/b7ddd2ac24e65cc47befc1e0eb5026422f8ab037\"\u003e\u003ccode\u003eb7ddd2a\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/browserify/cipher-base/compare/v1.0.4...v1.0.5\"\u003ev1.0.5\u003c/a\u003e - 2024-11-17\u003c/h2\u003e\n\u003ch3\u003eCommits\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Tests] standard -\u0026gt; eslint, make test dir, etc \u003ca href=\"https://github.com/browserify/cipher-base/commit/ae02fd6624c41ac4ac18077be797111d1955bc76\"\u003e\u003ccode\u003eae02fd6\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] migrate from travis to GHA \u003ca href=\"https://github.com/browserify/cipher-base/commit/66387d71461287ad9067bb1bcbfdc47403a33ee7\"\u003e\u003ccode\u003e66387d7\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] fix package.json indentation \u003ca href=\"https://github.com/browserify/cipher-base/commit/5c02918ac58c875ed36913c2dc3e1043f4d1c99c\"\u003e\u003ccode\u003e5c02918\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] return valid values on multi-byte-wide TypedArray input \u003ca href=\"https://github.com/browserify/cipher-base/commit/8fd136432ca298a664f5637629cf2b42a6c7f294\"\u003e\u003ccode\u003e8fd1364\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] add \u003ccode\u003eauto-changelog\u003c/code\u003e \u003ca href=\"https://github.com/browserify/cipher-base/commit/88dc806806d3dc41444dbf639c87c00f82c949b3\"\u003e\u003ccode\u003e88dc806\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] add \u003ccode\u003enpmignore\u003c/code\u003e and \u003ccode\u003esafe-publish-latest\u003c/code\u003e \u003ca href=\"https://github.com/browserify/cipher-base/commit/7a137d749ce7ea7ea56b9c096844b1b8ab723f61\"\u003e\u003ccode\u003e7a137d7\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eOnly apps should have lockfiles \u003ca href=\"https://github.com/browserify/cipher-base/commit/42528f291db16bf2e7d5f831ebe2ad87fd0b1f42\"\u003e\u003ccode\u003e42528f2\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003einherits\u003c/code\u003e, \u003ccode\u003esafe-buffer\u003c/code\u003e \u003ca href=\"https://github.com/browserify/cipher-base/commit/0e7a2d9a33a391e82fa9cf512d6e25cc91ab8613\"\u003e\u003ccode\u003e0e7a2d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] add missing \u003ccode\u003eengines.node\u003c/code\u003e \u003ca href=\"https://github.com/browserify/cipher-base/commit/f2dc13e47bbcf3c873db9a9e0f83e5f29d0783fe\"\u003e\u003ccode\u003ef2dc13e\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/00567180c846dd3db3848c9223991c58a0d5490c\"\u003e\u003ccode\u003e0056718\u003c/code\u003e\u003c/a\u003e v1.0.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/fd1e5eeafccbc8eaa827ee6b9b60c14608aa784f\"\u003e\u003ccode\u003efd1e5ee\u003c/code\u003e\u003c/a\u003e [Refactor] use \u003ccode\u003eto-buffer\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/08ba8034223a53d300b7dccf33d8f14e52379a34\"\u003e\u003ccode\u003e08ba803\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/f5249f94611506ef35a8be4d48a3fc5ecf1fac63\"\u003e\u003ccode\u003ef5249f9\u003c/code\u003e\u003c/a\u003e v1.0.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/b7ddd2ac24e65cc47befc1e0eb5026422f8ab037\"\u003e\u003ccode\u003eb7ddd2a\u003c/code\u003e\u003c/a\u003e [Fix] io.js 3.0 - Node.js 5.3 typed array support\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/f03cebfdad1cba1d56614c58affa303b0fa2a43e\"\u003e\u003ccode\u003ef03cebf\u003c/code\u003e\u003c/a\u003e v1.0.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/88dc806806d3dc41444dbf639c87c00f82c949b3\"\u003e\u003ccode\u003e88dc806\u003c/code\u003e\u003c/a\u003e [meta] add \u003ccode\u003eauto-changelog\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/7a137d749ce7ea7ea56b9c096844b1b8ab723f61\"\u003e\u003ccode\u003e7a137d7\u003c/code\u003e\u003c/a\u003e [meta] add \u003ccode\u003enpmignore\u003c/code\u003e and \u003ccode\u003esafe-publish-latest\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/5c02918ac58c875ed36913c2dc3e1043f4d1c99c\"\u003e\u003ccode\u003e5c02918\u003c/code\u003e\u003c/a\u003e [meta] fix package.json indentation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/8fd136432ca298a664f5637629cf2b42a6c7f294\"\u003e\u003ccode\u003e8fd1364\u003c/code\u003e\u003c/a\u003e [Fix] return valid values on multi-byte-wide TypedArray input\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/crypto-browserify/cipher-base/compare/v1.0.4...v1.0.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~ljharb\"\u003eljharb\u003c/a\u003e, a new releaser for cipher-base since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepublish\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `flatted` from 3.1.1 to 3.4.2\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/3bf09091c3562e17a0647bc06710dd6097079cf7\"\u003e\u003ccode\u003e3bf0909\u003c/code\u003e\u003c/a\u003e 3.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/885ddcc33cf9657caf38c57c7be45ae1c5272802\"\u003e\u003ccode\u003e885ddcc\u003c/code\u003e\u003c/a\u003e fix CWE-1321\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/0bdba705d130f00892b1b8fcc80cf4cdea0631e3\"\u003e\u003ccode\u003e0bdba70\u003c/code\u003e\u003c/a\u003e added flatted-view to the benchmark\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/2a02dce7c641dec31194c67663f9b0b12e62da20\"\u003e\u003ccode\u003e2a02dce\u003c/code\u003e\u003c/a\u003e 3.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/fba4e8f2e113665da275b19cd0f695f3d98e9416\"\u003e\u003ccode\u003efba4e8f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/WebReflection/flatted/issues/89\"\u003e#89\u003c/a\u003e from WebReflection/python-fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/5fe86485e6df7f7f34a07a2a85498bd3e17384e7\"\u003e\u003ccode\u003e5fe8648\u003c/code\u003e\u003c/a\u003e added \u0026quot;when in Rome\u0026quot; also a test for PHP\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/53517adbefe724fe472b2f9ebcdb01910d0ae3f0\"\u003e\u003ccode\u003e53517ad\u003c/code\u003e\u003c/a\u003e some minor improvement\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/b3e2a0c387bf446435fec45ad7f05299f012346f\"\u003e\u003ccode\u003eb3e2a0c\u003c/code\u003e\u003c/a\u003e Fixing recursion issue in Python too\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/c4b46dbcbf782326e54ea1b65d3ebb1dc7a23fad\"\u003e\u003ccode\u003ec4b46db\u003c/code\u003e\u003c/a\u003e Add SECURITY.md for security policy and reporting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/f86d071e0f70de5a7d8200198824a3f07fc9c988\"\u003e\u003ccode\u003ef86d071\u003c/code\u003e\u003c/a\u003e Create dependabot.yml for version updates\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/WebReflection/flatted/compare/v3.1.1...v3.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `follow-redirects` from 1.9.0 to 1.16.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/0c23a223067201c368035e82954c11eb2578a33b\"\u003e\u003ccode\u003e0c23a22\u003c/code\u003e\u003c/a\u003e Release version 1.16.0 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/844c4d302ac963d29bdb5dc1754ec7df3d70d7f9\"\u003e\u003ccode\u003e844c4d3\u003c/code\u003e\u003c/a\u003e Add sensitiveHeaders option.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5e8b8d024e2c76f804a284258e585ecb49a575be\"\u003e\u003ccode\u003e5e8b8d0\u003c/code\u003e\u003c/a\u003e ci: add Node.js 24.x to the CI matrix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7953e2255aa0b93602eed3804f3bc5e6923a03af\"\u003e\u003ccode\u003e7953e22\u003c/code\u003e\u003c/a\u003e ci: upgrade GitHub Actions to use setup-node@v6 and checkout@v6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/86dc1f86e4b56bcd642c78384d51f10f123aea75\"\u003e\u003ccode\u003e86dc1f8\u003c/code\u003e\u003c/a\u003e Sanitizing input.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/21ef28a544c5e57f4c34b8476d75f2144609a1eb\"\u003e\u003ccode\u003e21ef28a\u003c/code\u003e\u003c/a\u003e Release version 1.15.11 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7c88135da3bd0681a7e156ee66b16b2f6f98b480\"\u003e\u003ccode\u003e7c88135\u003c/code\u003e\u003c/a\u003e Roll back tree shaking.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/6e389ba094beec211a8847788a146917a16c1bdb\"\u003e\u003ccode\u003e6e389ba\u003c/code\u003e\u003c/a\u003e Release version 1.15.10 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5bc496e0229abda823221e0c6267926a3f93f262\"\u003e\u003ccode\u003e5bc496e\u003c/code\u003e\u003c/a\u003e Shake me up before you go-go.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/694d6b47a42bc8377e5ef1480394de451e16bd5b\"\u003e\u003ccode\u003e694d6b4\u003c/code\u003e\u003c/a\u003e Bump minimist from 1.2.5 to 1.2.8\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/follow-redirects/follow-redirects/compare/v1.9.0...v1.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `handlebars` from 4.7.6 to 4.7.9\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/handlebars-lang/handlebars.js/releases\"\u003ehandlebars's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.7.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: enable shell mode for spawn to resolve Windows EINVAL issue - e0137c2\u003c/li\u003e\n\u003cli\u003efix type \u0026quot;RuntimeOptions\u0026quot; also accepting string partials - eab1d14\u003c/li\u003e\n\u003cli\u003efeat(types): set \u003ccode\u003ehash\u003c/code\u003e to be a \u003ccode\u003eRecord\u0026lt;string, any\u0026gt;\u003c/code\u003e - de4414d\u003c/li\u003e\n\u003cli\u003efix non-contiguous program indices - 4512766\u003c/li\u003e\n\u003cli\u003erefactor: rename i to startPartIndex - e497a35\u003c/li\u003e\n\u003cli\u003esecurity: fix security issues - 68d8df5\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2w6w-674q-4c4q\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2w6w-674q-4c4q\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-3mfm-83xf-c92r\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-3mfm-83xf-c92r\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xhpv-hc6g-r9c6\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xhpv-hc6g-r9c6\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xjpj-3mr7-gcpf\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xjpj-3mr7-gcpf\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-9cx6-37pm-9jff\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-9cx6-37pm-9jff\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2qvq-rjwj-gvw9\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2qvq-rjwj-gvw9\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-7rx3-28cr-v5wh\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-7rx3-28cr-v5wh\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-442j-39wm-28r2\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-442j-39wm-28r2\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.8...v4.7.9\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.7.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMake library compatible with workers (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1894\"\u003e#1894\u003c/a\u003e) - 3d3796c\u003c/li\u003e\n\u003cli\u003eDon't rely on Node.js global object (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1776\"\u003e#1776\u003c/a\u003e) - 2954e7e\u003c/li\u003e\n\u003cli\u003eFix compiling of each block params in strict mode (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1855\"\u003e#1855\u003c/a\u003e) - 30dbf04\u003c/li\u003e\n\u003cli\u003eFix rollup warning when importing Handlebars as ESM - 03d387b\u003c/li\u003e\n\u003cli\u003eFix bundler issue with webpack 5 (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1862\"\u003e#1862\u003c/a\u003e) - c6c6bbb\u003c/li\u003e\n\u003cli\u003eUse https instead of git for mustache submodule - 88ac068\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.7...v4.7.8\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/handlebars-lang/handlebars.js/blob/v4.7.9/release-notes.md\"\u003ehandlebars's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.7.9 - March 26th, 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: enable shell mode for spawn to resolve Windows EINVAL issue - e0137c2\u003c/li\u003e\n\u003cli\u003efix type \u0026quot;RuntimeOptions\u0026quot; also accepting string partials - eab1d14\u003c/li\u003e\n\u003cli\u003efeat(types): set \u003ccode\u003ehash\u003c/code\u003e to be a \u003ccode\u003eRecord\u0026lt;string, any\u0026gt;\u003c/code\u003e - de4414d\u003c/li\u003e\n\u003cli\u003efix non-contiguous program indices - 4512766\u003c/li\u003e\n\u003cli\u003erefactor: rename i to startPartIndex - e497a35\u003c/li\u003e\n\u003cli\u003esecurity: fix security issues - 68d8df5\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.8...v4.7.9\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.7.8 - July 27th, 2023\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMake library compatible with workers (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1894\"\u003e#1894\u003c/a\u003e) - 3d3796c\u003c/li\u003e\n\u003cli\u003eDon't rely on Node.js global object (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1...\n\n_Description has been truncated_","html_url":"https://github.com/jcstein/next.js/pull/21","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/jcstein%2Fnext.js/issues/21","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/21/packages"}},{"old_version":"3.2.2","new_version":"3.2.3","update_type":"patch","path":null,"pr_created_at":"2026-05-24T10:42:32.000Z","version_change":"3.2.2 → 3.2.3","issue":{"uuid":"4511268663","node_id":"PR_kwDOGn7O-c7ewz4S","number":19,"state":"closed","title":"Bump the npm_and_yarn group across 13 directories with 20 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-24T23:53:28.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-24T10:42:32.000Z","updated_at":"2026-05-24T23:53:30.000Z","time_to_close":47456,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":20,"packages":[{"name":"express","old_version":"4.17.0","new_version":"4.22.0","repository_url":"https://github.com/expressjs/express"},{"name":"minimatch","old_version":"3.0.4","new_version":"3.1.4","repository_url":"https://github.com/isaacs/minimatch"},{"name":"tar","old_version":"4.4.10","new_version":"7.5.11","repository_url":"https://github.com/isaacs/node-tar"},{"name":"devalue","old_version":"2.0.1","new_version":"5.8.1","repository_url":"https://github.com/sveltejs/devalue"},{"name":"uuid","old_version":"8.3.2","new_version":"14.0.0","repository_url":"https://github.com/uuidjs/uuid"},{"name":"ws","old_version":"8.2.3","new_version":"8.20.1","repository_url":"https://github.com/websockets/ws"},{"name":"@babel/plugin-transform-modules-systemjs","old_version":"7.12.1","new_version":"7.29.4","repository_url":"https://github.com/babel/babel"},{"name":"bn.js","old_version":"4.11.9","new_version":"4.12.3","repository_url":"https://github.com/indutny/bn.js"},{"name":"cipher-base","old_version":"1.0.4","new_version":"1.0.7","repository_url":"https://github.com/crypto-browserify/cipher-base"},{"name":"flatted","old_version":"3.1.1","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"follow-redirects","old_version":"1.9.0","new_version":"1.16.0","repository_url":"https://github.com/follow-redirects/follow-redirects"},{"name":"handlebars","old_version":"4.7.6","new_version":"4.7.9","repository_url":"https://github.com/handlebars-lang/handlebars.js"},{"name":"js-yaml","old_version":"3.13.1","new_version":"3.14.2","repository_url":"https://github.com/nodeca/js-yaml"},{"name":"jws","old_version":"3.2.2","new_version":"3.2.3","repository_url":"https://github.com/brianloveswords/node-jws"},{"name":"rollup","old_version":"2.35.1","new_version":"2.80.0","repository_url":"https://github.com/rollup/rollup"},{"name":"sha.js","old_version":"2.4.11","new_version":"2.4.12","repository_url":"https://github.com/crypto-browserify/sha.js"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 16 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [express](https://github.com/expressjs/express) | `4.17.0` | `4.22.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.4` |\n| [tar](https://github.com/isaacs/node-tar) | `4.4.10` | `7.5.11` |\n| [devalue](https://github.com/sveltejs/devalue) | `2.0.1` | `5.8.1` |\n| [uuid](https://github.com/uuidjs/uuid) | `8.3.2` | `14.0.0` |\n| [ws](https://github.com/websockets/ws) | `8.2.3` | `8.20.1` |\n| [@babel/plugin-transform-modules-systemjs](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs) | `7.12.1` | `7.29.4` |\n| [bn.js](https://github.com/indutny/bn.js) | `4.11.9` | `4.12.3` |\n| [cipher-base](https://github.com/crypto-browserify/cipher-base) | `1.0.4` | `1.0.7` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.1.1` | `3.4.2` |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.9.0` | `1.16.0` |\n| [handlebars](https://github.com/handlebars-lang/handlebars.js) | `4.7.6` | `4.7.9` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.13.1` | `3.14.2` |\n| [jws](https://github.com/brianloveswords/node-jws) | `3.2.2` | `3.2.3` |\n| [rollup](https://github.com/rollup/rollup) | `2.35.1` | `2.80.0` |\n| [sha.js](https://github.com/crypto-browserify/sha.js) | `2.4.11` | `2.4.12` |\n\nBumps the npm_and_yarn group with 1 update in the /examples/auth-with-stytch directory: [next](https://github.com/vercel/next.js).\nBumps the npm_and_yarn group with 1 update in the /examples/blog-with-comment directory: [next](https://github.com/vercel/next.js).\nBumps the npm_and_yarn group with 1 update in the /examples/styled-jsx-with-csp directory: [next](https://github.com/vercel/next.js).\nBumps the npm_and_yarn group with 1 update in the /examples/using-preact directory: [next](https://github.com/vercel/next.js).\nBumps the npm_and_yarn group with 1 update in the /examples/with-aws-amplify-typescript directory: [next](https://github.com/vercel/next.js).\nBumps the npm_and_yarn group with 1 update in the /examples/with-i18n-next-intl directory: [next-intl](https://github.com/amannn/next-intl).\nBumps the npm_and_yarn group with 1 update in the /examples/with-next-translate directory: [next](https://github.com/vercel/next.js).\nBumps the npm_and_yarn group with 1 update in the /examples/with-nhost-auth-realtime-graphql directory: [next](https://github.com/vercel/next.js).\nBumps the npm_and_yarn group with 1 update in the /examples/with-paste-typescript directory: [next](https://github.com/vercel/next.js).\nBumps the npm_and_yarn group with 1 update in the /examples/with-react-intl directory: [next](https://github.com/vercel/next.js).\nBumps the npm_and_yarn group with 1 update in the /examples/with-redis directory: [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 3 updates in the /packages/next directory: [devalue](https://github.com/sveltejs/devalue), [uuid](https://github.com/uuidjs/uuid) and [ws](https://github.com/websockets/ws).\n\nUpdates `express` from 4.17.0 to 4.22.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/expressjs/express/releases\"\u003eexpress's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.22.0\u003c/h2\u003e\n\u003ch2\u003eImportant: Security\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity fix for \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2024-51999\"\u003eCVE-2024-51999\u003c/a\u003e (\u003ca href=\"https://github.com/expressjs/express/security/advisories/GHSA-pj86-cfqh-vqx6\"\u003eGHSA-pj86-cfqh-vqx6\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRefactor: improve readability by \u003ca href=\"https://github.com/sazk07\"\u003e\u003ccode\u003e@​sazk07\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6190\"\u003eexpressjs/express#6190\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add support for Node.js@23.0 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6080\"\u003eexpressjs/express#6080\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMethod functions with no path should error by \u003ca href=\"https://github.com/wesleytodd\"\u003e\u003ccode\u003e@​wesleytodd\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/5957\"\u003eexpressjs/express#5957\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: updated github actions ci workflow by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6323\"\u003eexpressjs/express#6323\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: reorder \u003ccode\u003enpm i\u003c/code\u003e steps to fix ci for older node versions by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6336\"\u003eexpressjs/express#6336\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBackport: ci: add node.js 24 to test matrix by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6506\"\u003eexpressjs/express#6506\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(4.x): wider range for query test skip by \u003ca href=\"https://github.com/jonchurch\"\u003e\u003ccode\u003e@​jonchurch\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6513\"\u003eexpressjs/express#6513\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003euse tilde notation for certain dependencies by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6905\"\u003eexpressjs/express#6905\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeps: qs@6.14.0 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6909\"\u003eexpressjs/express#6909\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeps: use tilde notation for \u003ccode\u003eqs\u003c/code\u003e by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6919\"\u003eexpressjs/express#6919\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelease: 4.22.0 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6921\"\u003eexpressjs/express#6921\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/expressjs/express/compare/4.21.2...4.22.0\"\u003ehttps://github.com/expressjs/express/compare/4.21.2...4.22.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e4.21.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd funding field (v4) by \u003ca href=\"https://github.com/bjohansebas\"\u003e\u003ccode\u003e@​bjohansebas\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6065\"\u003eexpressjs/express#6065\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeps: path-to-regexp@0.1.11 by \u003ca href=\"https://github.com/blakeembrey\"\u003e\u003ccode\u003e@​blakeembrey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/5956\"\u003eexpressjs/express#5956\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeps: bump path-to-regexp@0.1.12 by \u003ca href=\"https://github.com/jonchurch\"\u003e\u003ccode\u003e@​jonchurch\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6209\"\u003eexpressjs/express#6209\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelease: 4.21.2 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6094\"\u003eexpressjs/express#6094\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/expressjs/express/compare/4.21.1...4.21.2\"\u003ehttps://github.com/expressjs/express/compare/4.21.1...4.21.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e4.21.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBackport a fix for CVE-2024-47764 to the 4.x branch by \u003ca href=\"https://github.com/joshbuker\"\u003e\u003ccode\u003e@​joshbuker\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6029\"\u003eexpressjs/express#6029\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelease: 4.21.1 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6031\"\u003eexpressjs/express#6031\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/expressjs/express/compare/4.21.0...4.21.1\"\u003ehttps://github.com/expressjs/express/compare/4.21.0...4.21.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e4.21.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate \u003ccode\u003e\u0026quot;back\u0026quot;\u003c/code\u003e magic string in redirects by \u003ca href=\"https://github.com/blakeembrey\"\u003e\u003ccode\u003e@​blakeembrey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/5935\"\u003eexpressjs/express#5935\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efinalhandler@1.3.1 by \u003ca href=\"https://github.com/wesleytodd\"\u003e\u003ccode\u003e@​wesleytodd\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/5954\"\u003eexpressjs/express#5954\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(deps): serve-static@1.16.2 by \u003ca href=\"https://github.com/wesleytodd\"\u003e\u003ccode\u003e@​wesleytodd\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/5951\"\u003eexpressjs/express#5951\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgraded dependency qs to 6.13.0 to match qs in body-parser by \u003ca href=\"https://github.com/agadzinski93\"\u003e\u003ccode\u003e@​agadzinski93\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/5946\"\u003eexpressjs/express#5946\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agadzinski93\"\u003e\u003ccode\u003e@​agadzinski93\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/5946\"\u003eexpressjs/express#5946\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/expressjs/express/blob/4.22.0/History.md\"\u003eexpress's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e4.22.0 / 2025-12-01\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity fix for \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2024-51999\"\u003eCVE-2024-51999\u003c/a\u003e (\u003ca href=\"https://github.com/expressjs/express/security/advisories/GHSA-pj86-cfqh-vqx6\"\u003eGHSA-pj86-cfqh-vqx6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edeps: use tilde notation for dependencies\u003c/li\u003e\n\u003cli\u003edeps: qs@6.14.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e4.21.2 / 2024-11-06\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003edeps: path-to-regexp@0.1.12\n\u003cul\u003e\n\u003cli\u003eFix backtracking protection\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003edeps: path-to-regexp@0.1.11\n\u003cul\u003e\n\u003cli\u003eThrows an error on invalid path values\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e4.21.1 / 2024-10-08\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eBackported a fix for \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2024-47764\"\u003eCVE-2024-47764\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e4.21.0 / 2024-09-11\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate \u003ccode\u003eres.location(\u0026quot;back\u0026quot;)\u003c/code\u003e and \u003ccode\u003eres.redirect(\u0026quot;back\u0026quot;)\u003c/code\u003e magic string\u003c/li\u003e\n\u003cli\u003edeps: serve-static@1.16.2\n\u003cul\u003e\n\u003cli\u003eincludes send@0.19.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003edeps: finalhandler@1.3.1\u003c/li\u003e\n\u003cli\u003edeps: qs@6.13.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e4.20.0 / 2024-09-10\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003edeps: serve-static@0.16.0\n\u003cul\u003e\n\u003cli\u003eRemove link renderization in html while redirecting\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003edeps: send@0.19.0\n\u003cul\u003e\n\u003cli\u003eRemove link renderization in html while redirecting\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003edeps: body-parser@0.6.0\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003edepth\u003c/code\u003e option to customize the depth level in the parser\u003c/li\u003e\n\u003cli\u003eIMPORTANT: The default \u003ccode\u003edepth\u003c/code\u003e level for parsing URL-encoded data is now \u003ccode\u003e32\u003c/code\u003e (previously was \u003ccode\u003eInfinity\u003c/code\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eRemove link renderization in html while using \u003ccode\u003eres.redirect\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003edeps: path-to-regexp@0.1.10\n\u003cul\u003e\n\u003cli\u003eAdds support for named matching groups in the routes using a regex\u003c/li\u003e\n\u003cli\u003eAdds backtracking protection to parameters without regexes defined\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003edeps: encodeurl@~2.0.0\n\u003cul\u003e\n\u003cli\u003eRemoves encoding of \u003ccode\u003e\\\u003c/code\u003e, \u003ccode\u003e|\u003c/code\u003e, and \u003ccode\u003e^\u003c/code\u003e to align better with URL spec\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eDeprecate passing \u003ccode\u003eoptions.maxAge\u003c/code\u003e and \u003ccode\u003eoptions.expires\u003c/code\u003e to \u003ccode\u003eres.clearCookie\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003eWill be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e4.19.2 / 2024-03-25\u003c/h1\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/49744abd1120484fe64d7bde1cd3197c32523b6e\"\u003e\u003ccode\u003e49744ab\u003c/code\u003e\u003c/a\u003e 4.22.0 (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6921\"\u003e#6921\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/6e97452f600a3b01719fbc5517d833c7646b0bb7\"\u003e\u003ccode\u003e6e97452\u003c/code\u003e\u003c/a\u003e sec: security patch for CVE-2024-51999\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/6a23d34d652b9e69a4486d2a2a0dea54b9685fa5\"\u003e\u003ccode\u003e6a23d34\u003c/code\u003e\u003c/a\u003e deps: use tilde notation for \u003ccode\u003eqs\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6919\"\u003e#6919\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/8c12cdf93b89a4628b59179e3cc0722fc517d6b3\"\u003e\u003ccode\u003e8c12cdf\u003c/code\u003e\u003c/a\u003e deps: qs@6.14.0 (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6909\"\u003e#6909\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/7fea74fcf02764580f38f2a7f1932dfa54cddd90\"\u003e\u003ccode\u003e7fea74f\u003c/code\u003e\u003c/a\u003e deps: use tilde notation for certain dependencies (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6905\"\u003e#6905\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/dac7a0475a99e9dfc57b3b8e6d5bdf52813f1944\"\u003e\u003ccode\u003edac7a04\u003c/code\u003e\u003c/a\u003e chore: wider range for query test skip (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6513\"\u003e#6513\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/997919b48879bbd53171c3b4e5dd1b04ad139241\"\u003e\u003ccode\u003e997919b\u003c/code\u003e\u003c/a\u003e ci: add node.js 24 to test matrix (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6506\"\u003e#6506\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/36fb59c6c7d9dfca0b08dfeafb5b6e4a249234a1\"\u003e\u003ccode\u003e36fb59c\u003c/code\u003e\u003c/a\u003e fix(ci): reorder \u003ccode\u003enpm i\u003c/code\u003e steps to fix ci for older node versions (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6336\"\u003e#6336\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/3a5edfaff06f1a2c7079b08d0635108b371eddfd\"\u003e\u003ccode\u003e3a5edfa\u003c/code\u003e\u003c/a\u003e fix(ci): updated github actions ci workflow (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6323\"\u003e#6323\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/52d978119a7af27667cce5d99ac0739dc269d818\"\u003e\u003ccode\u003e52d9781\u003c/code\u003e\u003c/a\u003e fix(test): add test for method routes without paths \u003ca href=\"https://redirect.github.com/expressjs/express/issues/5955\"\u003e#5955\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/expressjs/express/compare/4.17.0...4.22.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~ulisesgascon\"\u003eulisesgascon\u003c/a\u003e, a new releaser for express since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 3.0.4 to 3.1.4\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a2e084af579731af66c221214e3ca8222c9bf23\"\u003e\u003ccode\u003e1a2e084\u003c/code\u003e\u003c/a\u003e 3.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/ae24656237c3d58067442f790ce17eff84463a47\"\u003e\u003ccode\u003eae24656\u003c/code\u003e\u003c/a\u003e update lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/b1003749228b2a79e1f237963a0d559ef7a0941e\"\u003e\u003ccode\u003eb100374\u003c/code\u003e\u003c/a\u003e limit recursion for **, improve perf considerably\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/26ffeaa091b9f660833e23f42e07165b33e85c13\"\u003e\u003ccode\u003e26ffeaa\u003c/code\u003e\u003c/a\u003e lockfile update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/9eca892a4e5dbb20534f9f30483b85cdeee6c2eb\"\u003e\u003ccode\u003e9eca892\u003c/code\u003e\u003c/a\u003e lock node version to 14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/00c323b188b704e5d4bc534ecec2268cfa70a32a\"\u003e\u003ccode\u003e00c323b\u003c/code\u003e\u003c/a\u003e 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/30486b2048929264f44d18822891cfffa02af78b\"\u003e\u003ccode\u003e30486b2\u003c/code\u003e\u003c/a\u003e update CI matrix and actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/9c31b2d4e0af72a6c2d2d62c5dbc2247da669802\"\u003e\u003ccode\u003e9c31b2d\u003c/code\u003e\u003c/a\u003e update test expectations for coalesced consecutive stars\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/46fe687857cf02f6cf45469cc593b97e11b10c96\"\u003e\u003ccode\u003e46fe687\u003c/code\u003e\u003c/a\u003e coalesce consecutive non-globstar * characters\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/5a9ccbda64befc5d94b965534dbea2853c92aebd\"\u003e\u003ccode\u003e5a9ccbd\u003c/code\u003e\u003c/a\u003e [meta] update publishConfig.tag to legacy-v3\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v3.0.4...v3.1.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `tar` from 4.4.10 to 7.5.11\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/isaacs/node-tar/releases\"\u003etar's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.1.13\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/npm/node-tar/compare/v6.1.12...v6.1.13\"\u003e6.1.13\u003c/a\u003e (2022-12-07)\u003c/h2\u003e\n\u003ch3\u003eDependencies\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-tar/commit/cc4e0ddfe523a0bce383846a67442c637a65d486\"\u003e\u003ccode\u003ecc4e0dd\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-tar/pull/343\"\u003e#343\u003c/a\u003e bump minipass from 3.3.6 to 4.0.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.1.12\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/npm/node-tar/compare/v6.1.11...v6.1.12\"\u003e6.1.12\u003c/a\u003e (2022-10-31)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-tar/commit/57493ee66ece50d62114e02914282fc37be3a91a\"\u003e\u003ccode\u003e57493ee\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-tar/pull/332\"\u003e#332\u003c/a\u003e ensuring close event is emited after stream has ended (\u003ca href=\"https://github.com/webark\"\u003e\u003ccode\u003e@​webark\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-tar/commit/b003c64f624332e24e19b30dc011069bb6708680\"\u003e\u003ccode\u003eb003c64\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-tar/pull/314\"\u003e#314\u003c/a\u003e replace deprecated String.prototype.substr() (\u003ca href=\"https://redirect.github.com/isaacs/node-tar/issues/314\"\u003e#314\u003c/a\u003e) (\u003ca href=\"https://github.com/CommanderRoot\"\u003e\u003ccode\u003e@​CommanderRoot\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/lukekarrys\"\u003e\u003ccode\u003e@​lukekarrys\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-tar/commit/f12992932f171ea248b27fad95e7d489a56d31ed\"\u003e\u003ccode\u003ef129929\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-tar/pull/313\"\u003e#313\u003c/a\u003e remove dead link to benchmarks (\u003ca href=\"https://redirect.github.com/isaacs/node-tar/issues/313\"\u003e#313\u003c/a\u003e) (\u003ca href=\"https://github.com/yetzt\"\u003e\u003ccode\u003e@​yetzt\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-tar/commit/c1faa9f44001dfb0bc7638b2850eb6058bd56a4a\"\u003e\u003ccode\u003ec1faa9f\u003c/code\u003e\u003c/a\u003e add examples/explanation of using tar.t (\u003ca href=\"https://github.com/isaacs\"\u003e\u003ccode\u003e@​isaacs\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md\"\u003etar's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003e7.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003ezstd\u003c/code\u003e compression support.\u003c/li\u003e\n\u003cli\u003eConsistent TOCTOU behavior in sync t.list\u003c/li\u003e\n\u003cli\u003eOnly read from ustar block if not specified in Pax\u003c/li\u003e\n\u003cli\u003eFix sync tar.list when file size reduces while reading\u003c/li\u003e\n\u003cli\u003eSanitize absolute linkpaths properly\u003c/li\u003e\n\u003cli\u003ePrevent writing hardlink entries to the archive ahead of their\nfile target\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate \u003ccode\u003eonentry\u003c/code\u003e in favor of \u003ccode\u003eonReadEntry\u003c/code\u003e for clarity.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eonWriteEntry\u003c/code\u003e option\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDRY the command definitions into a single \u003ccode\u003emakeCommand\u003c/code\u003e method,\nand update the type signatures to more appropriately infer the\nreturn type from the options and arguments provided.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate minipass to v7.1.0\u003c/li\u003e\n\u003cli\u003eUpdate the type definitions of \u003ccode\u003ewrite()\u003c/code\u003e and \u003ccode\u003eend()\u003c/code\u003e methods on\n\u003ccode\u003eUnpack\u003c/code\u003e and \u003ccode\u003eParser\u003c/code\u003e classes to be compatible with the\nNodeJS.WritableStream type in the latest versions of\n\u003ccode\u003e@types/node\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for node \u0026lt;18\u003c/li\u003e\n\u003cli\u003eRewrite in TypeScript, provide ESM and CommonJS hybrid\ninterface\u003c/li\u003e\n\u003cli\u003eAdd tree-shake friendly exports, like \u003ccode\u003eimport('tar/create')\u003c/code\u003e\nand \u003ccode\u003eimport('tar/read-entry')\u003c/code\u003e to get individual functions or\nclasses.\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003echmod\u003c/code\u003e option that defaults to false, and deprecate\n\u003ccode\u003enoChmod\u003c/code\u003e. That is, reverse the default option regarding\nexplicitly setting file system modes to match tar entry\nsettings.\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eprocessUmask\u003c/code\u003e option to avoid having to call\n\u003ccode\u003eprocess.umask()\u003c/code\u003e when \u003ccode\u003echmod: true\u003c/code\u003e (or \u003ccode\u003enoChmod: false\u003c/code\u003e) is\nset.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/bf776f673164215074b62749e0fe80e5834588f4\"\u003e\u003ccode\u003ebf776f6\u003c/code\u003e\u003c/a\u003e 7.5.11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/f48b5fa3b7985ddab96dc0f2125a4ffc9911b6ad\"\u003e\u003ccode\u003ef48b5fa\u003c/code\u003e\u003c/a\u003e prevent escaping symlinks with drive-relative paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/97cff15d3539a37a4095eb3d287147d9d77c2dc3\"\u003e\u003ccode\u003e97cff15\u003c/code\u003e\u003c/a\u003e docs: more security info\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/2b72abc1d47c3570e1ad95c9ab557fc4c2e6e4b1\"\u003e\u003ccode\u003e2b72abc\u003c/code\u003e\u003c/a\u003e 7.5.10\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/7bc755dd85e623c0279e08eb3784909e6d7e4b9f\"\u003e\u003ccode\u003e7bc755d\u003c/code\u003e\u003c/a\u003e parse root off paths before sanitizing .. parts\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/c8cb84629dee649feedde03f2f4ea48f2e44e778\"\u003e\u003ccode\u003ec8cb846\u003c/code\u003e\u003c/a\u003e update deps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/1f0c2c9006b10199cf2686f8ef43e79a1773e1aa\"\u003e\u003ccode\u003e1f0c2c9\u003c/code\u003e\u003c/a\u003e 7.5.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/fbb08518bf290733b68ca4d4135f75becf73fd75\"\u003e\u003ccode\u003efbb0851\u003c/code\u003e\u003c/a\u003e build minified version as default export\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/6b8eba0ef367ac937e703238daa6df94ae6f823f\"\u003e\u003ccode\u003e6b8eba0\u003c/code\u003e\u003c/a\u003e 7.5.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/2cb1120bcefe28d7ecc719b41441ade59c52e384\"\u003e\u003ccode\u003e2cb1120\u003c/code\u003e\u003c/a\u003e fix(unpack): improve UnpackSync symlink error \u0026quot;into\u0026quot; path accuracy\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/node-tar/compare/v4.4.10...v7.5.11\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~isaacs\"\u003eisaacs\u003c/a\u003e, a new releaser for tar since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `devalue` from 2.0.1 to 5.8.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sveltejs/devalue/releases\"\u003edevalue's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.8.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e206ca67: fix: force sparse arrays to allocate sparsely\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.8.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ec5115b0: feat: add \u003ccode\u003estringifyAsync\u003c/code\u003e for async serialization\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.7.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e8becc7c: fix: handle regexes consistently in uneval's value and reference formats\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.7.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edf2e284: feat: use native alternatives to encode/decode base64\u003c/li\u003e\n\u003cli\u003e498656e: feat: add \u003ccode\u003eDataView\u003c/code\u003e support\u003c/li\u003e\n\u003cli\u003ea210130: feat: whitelist \u003ccode\u003eFloat16Array\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003edf2e284: feat: simplify TypedArray slices\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e5590634: fix: get \u003ccode\u003euneval\u003c/code\u003e type handling up to parity with \u003ccode\u003estringify\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e57f73fc: fix: correctly support boxed bigints and sentinel values\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.6.4\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e87c1f3c: fix: reject \u003ccode\u003e__proto__\u003c/code\u003e keys in malformed \u003ccode\u003eObject\u003c/code\u003e wrapper payloads\u003c/p\u003e\n\u003cp\u003eThis validates the \u003ccode\u003e\u0026quot;Object\u0026quot;\u003c/code\u003e parse path and throws when the wrapped value has an own \u003ccode\u003e__proto__\u003c/code\u003e key.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e40f1db1: fix: ensure sparse array indices are integers\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e87c1f3c: fix: disallow \u003ccode\u003e__proto__\u003c/code\u003e keys in null-prototype object parsing\u003c/p\u003e\n\u003cp\u003eThis disallows \u003ccode\u003e__proto__\u003c/code\u003e keys in the \u003ccode\u003e\u0026quot;null\u0026quot;\u003c/code\u003e parse path so null-prototype object hydration cannot carry that key through parse/unflatten.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.6.3\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e0f04d4d: fix: Properly handle \u003ccode\u003e__proto__\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e819f1ac: fix: better encoding for sparse arrays\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.6.2\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sveltejs/devalue/blob/main/CHANGELOG.md\"\u003edevalue's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.8.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e206ca67: fix: force sparse arrays to allocate sparsely\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.8.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ec5115b0: feat: add \u003ccode\u003estringifyAsync\u003c/code\u003e for async serialization\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.7.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e8becc7c: fix: handle regexes consistently in uneval's value and reference formats\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.7.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edf2e284: feat: use native alternatives to encode/decode base64\u003c/li\u003e\n\u003cli\u003e498656e: feat: add \u003ccode\u003eDataView\u003c/code\u003e support\u003c/li\u003e\n\u003cli\u003ea210130: feat: whitelist \u003ccode\u003eFloat16Array\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003edf2e284: feat: simplify TypedArray slices\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e5590634: fix: get \u003ccode\u003euneval\u003c/code\u003e type handling up to parity with \u003ccode\u003estringify\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e57f73fc: fix: correctly support boxed bigints and sentinel values\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.6.4\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e87c1f3c: fix: reject \u003ccode\u003e__proto__\u003c/code\u003e keys in malformed \u003ccode\u003eObject\u003c/code\u003e wrapper payloads\u003c/p\u003e\n\u003cp\u003eThis validates the \u003ccode\u003e\u0026quot;Object\u0026quot;\u003c/code\u003e parse path and throws when the wrapped value has an own \u003ccode\u003e__proto__\u003c/code\u003e key.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e40f1db1: fix: ensure sparse array indices are integers\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e87c1f3c: fix: disallow \u003ccode\u003e__proto__\u003c/code\u003e keys in null-prototype object parsing\u003c/p\u003e\n\u003cp\u003eThis disallows \u003ccode\u003e__proto__\u003c/code\u003e keys in the \u003ccode\u003e\u0026quot;null\u0026quot;\u003c/code\u003e parse path so null-prototype object hydration cannot carry that key through parse/unflatten.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.6.3\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e0f04d4d: fix: Properly handle \u003ccode\u003e__proto__\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e819f1ac: fix: better encoding for sparse arrays\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.6.2\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/devalue/commit/796ea83a76eb7e0f2af376f9c2c875f1d057f50f\"\u003e\u003ccode\u003e796ea83\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://redirect.github.com/sveltejs/devalue/issues/152\"\u003e#152\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/devalue/commit/206ca6712fbc380a4571c59de9ab04b91110792d\"\u003e\u003ccode\u003e206ca67\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/devalue/commit/14933f78ff6b712829162628682b0a1993e75d19\"\u003e\u003ccode\u003e14933f7\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://redirect.github.com/sveltejs/devalue/issues/151\"\u003e#151\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/devalue/commit/c5115b0074ec298fb4077f6cee5616cefbd13902\"\u003e\u003ccode\u003ec5115b0\u003c/code\u003e\u003c/a\u003e feat: \u003ccode\u003estringifyAsync\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/sveltejs/devalue/issues/150\"\u003e#150\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/devalue/commit/67dad450b5db18ea9aa3059d334d8b0ee6704d9e\"\u003e\u003ccode\u003e67dad45\u003c/code\u003e\u003c/a\u003e docs: update README to reflect serialization stability non-goal (\u003ca href=\"https://redirect.github.com/sveltejs/devalue/issues/147\"\u003e#147\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/devalue/commit/6eb920a7db6fe388f24f640d0e4e874a57f148fb\"\u003e\u003ccode\u003e6eb920a\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://redirect.github.com/sveltejs/devalue/issues/146\"\u003e#146\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/devalue/commit/8becc7c436f0d4f85e2e5b32cb49dcfdf4fdec42\"\u003e\u003ccode\u003e8becc7c\u003c/code\u003e\u003c/a\u003e fix: handle regexes consistently in uneval's value and reference formats (\u003ca href=\"https://redirect.github.com/sveltejs/devalue/issues/145\"\u003e#145\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/devalue/commit/2eee2e435ea0ea3d495dc7a266486df95a4eb6ed\"\u003e\u003ccode\u003e2eee2e4\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://redirect.github.com/sveltejs/devalue/issues/144\"\u003e#144\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/devalue/commit/498656e75d36dfc63a386240722bdeac63337b25\"\u003e\u003ccode\u003e498656e\u003c/code\u003e\u003c/a\u003e DataView support (\u003ca href=\"https://redirect.github.com/sveltejs/devalue/issues/143\"\u003e#143\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/devalue/commit/5590634db53ed555d3ce2e2024924b30352a6afc\"\u003e\u003ccode\u003e5590634\u003c/code\u003e\u003c/a\u003e Improve platform types support (\u003ca href=\"https://redirect.github.com/sveltejs/devalue/issues/142\"\u003e#142\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sveltejs/devalue/compare/v2.0.1...v5.8.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for devalue since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `uuid` from 8.3.2 to 14.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/uuidjs/uuid/releases\"\u003euuid's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev14.0.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v14.0.0\"\u003e14.0.0\u003c/a\u003e (2026-04-19)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eexpect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/dc4ddb87272ed2843faccd130bcc41d492688bd3\"\u003edc4ddb8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eexpect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/f2c235f93059325fa43e1106e624b5291bb523c4\"\u003ef2c235f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse GITHUB_TOKEN for release-please and enable npm provenance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/925\"\u003e#925\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/ffa31383e8e4e1f0b4e22e504561272041b8738c\"\u003effa3138\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.2\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.1...v13.0.2\"\u003e13.0.2\u003c/a\u003e (2026-05-04)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ererelease to fix provenance. (\u003ca href=\"https://github.com/uuidjs/uuid/commit/49ccb35f78c0c4ce1409dd2f1d89f83caadba10b\"\u003e49ccb35\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v13.0.1\"\u003e13.0.1\u003c/a\u003e (2026-04-27)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebackport fix for GHSA-w5hq-g745-h8pq (\u003ca href=\"https://github.com/uuidjs/uuid/commit/9d27ddf7046ce496ef39569ff84d948eeff9cb2a\"\u003e9d27ddf\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v12.0.0...v13.0.0\"\u003e13.0.0\u003c/a\u003e (2025-09-08)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/bce9d72a3ae5b9a3dcd8eb21ef6d1820288a427a\"\u003ebce9d72\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev12.0.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v12.0.0...v12.0.1\"\u003e12.0.1\u003c/a\u003e (2026-04-29)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md\"\u003euuid's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v14.0.0\"\u003e14.0.0\u003c/a\u003e (2026-04-19)\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixes \u003ca href=\"https://github.com/uuidjs/uuid/security/advisories/GHSA-w5hq-g745-h8pq\"\u003eGHSA-w5hq-g745-h8pq\u003c/a\u003e: \u003ccode\u003ev3()\u003c/code\u003e, \u003ccode\u003ev5()\u003c/code\u003e, and \u003ccode\u003ev6()\u003c/code\u003e did not validate that writes would remain within the bounds of a caller-supplied buffer, allowing out-of-bounds writes when an invalid \u003ccode\u003eoffset\u003c/code\u003e was provided. A \u003ccode\u003eRangeError\u003c/code\u003e is now thrown if \u003ccode\u003eoffset \u0026lt; 0\u003c/code\u003e or \u003ccode\u003eoffset + 16 \u0026gt; buf.length\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ecrypto\u003c/code\u003e is now expected to be globally defined (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade minimum supported TypeScript version to 5.4.3, in keeping with the project's policy of supporting TypeScript versions released within the last two years\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v12.0.0...v13.0.0\"\u003e13.0.0\u003c/a\u003e (2025-09-08)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/bce9d72a3ae5b9a3dcd8eb21ef6d1820288a427a\"\u003ebce9d72\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v11.1.0...v12.0.0\"\u003e12.0.0\u003c/a\u003e (2025-09-05)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eupdate to typescript@5.2 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/887\"\u003e#887\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove CommonJS support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/886\"\u003e#886\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@16 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/883\"\u003e#883\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd node@24 to ci matrix (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/879\"\u003e#879\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/42b6178aa21a593257f0a72abacd220f0b7b8a92\"\u003e42b6178\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@16 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/883\"\u003e#883\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/0f38cf10366ab074f9328ae2021eea04d5f2e530\"\u003e0f38cf1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove CommonJS support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/886\"\u003e#886\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/ae786e27265f50bcf7cead196c29f1869297c42f\"\u003eae786e2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate to typescript@5.2 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/887\"\u003e#887\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/c7ee40598ed78584d81ab78dffded9fe5ff20b01\"\u003ec7ee405\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eimprove v4() performance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/894\"\u003e#894\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/5fd974c12718c8848035650b69b8948f12ace197\"\u003e5fd974c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erestore node: prefix (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/889\"\u003e#889\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/e1f42a354593093ba0479f0b4047dae82d28c507\"\u003ee1f42a3\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v11.0.5...v11.1.0\"\u003e11.1.0\u003c/a\u003e (2025-02-19)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/7c1ea087a8149b57380fc8bb7f68c3a215cb6e4b\"\u003e\u003ccode\u003e7c1ea08\u003c/code\u003e\u003c/a\u003e chore(main): release 14.0.0 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/926\"\u003e#926\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/3d2c5b0342f0fcb52a5ac681c3d47c13e7444b34\"\u003e\u003ccode\u003e3d2c5b0\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/f2c235f93059325fa43e1106e624b5291bb523c4\"\u003e\u003ccode\u003ef2c235f\u003c/code\u003e\u003c/a\u003e fix!: expect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/529ef0899f5dd503d2ee90d690585d63d78bc212\"\u003e\u003ccode\u003e529ef08\u003c/code\u003e\u003c/a\u003e chore: upgrade TypeScript and fixup types (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/927\"\u003e#927\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/086fd7976f11433edf9ac80be876b3ad243fe087\"\u003e\u003ccode\u003e086fd79\u003c/code\u003e\u003c/a\u003e chore: update dependencies (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/933\"\u003e#933\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/dc4ddb87272ed2843faccd130bcc41d492688bd3\"\u003e\u003ccode\u003edc4ddb8\u003c/code\u003e\u003c/a\u003e feat!: drop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/0f1f9c9c9cedbae5a1d363d5406c5dfbabe81404\"\u003e\u003ccode\u003e0f1f9c9\u003c/code\u003e\u003c/a\u003e chore: switch to Biome for parsing and linting (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/932\"\u003e#932\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/e2879e64bf125add903c1eff6e0860542c605013\"\u003e\u003ccode\u003ee2879e6\u003c/code\u003e\u003c/a\u003e chore: use maintained version of npm-run-all (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/930\"\u003e#930\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/ffa31383e8e4e1f0b4e22e504561272041b8738c\"\u003e\u003ccode\u003effa3138\u003c/code\u003e\u003c/a\u003e fix: Use GITHUB_TOKEN for release-please and enable npm provenance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/925\"\u003e#925\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/0423d49df2dc8efc300c804731d25f4d7e0fccc4\"\u003e\u003ccode\u003e0423d49\u003c/code\u003e\u003c/a\u003e docs: remove obsolete v1 option notes (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/915\"\u003e#915\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/uuidjs/uuid/compare/v8.3.2...v14.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for uuid since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ws` from 8.2.3 to 8.20.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/websockets/ws/releases\"\u003ews's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.20.1\u003c/h2\u003e\n\u003ch1\u003eBug fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an uninitialized memory disclosure issue in \u003ccode\u003ewebsocket.close()\u003c/code\u003e\n(c0327ec1).\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eProviding a \u003ccode\u003eTypedArray\u003c/code\u003e (e.g. \u003ccode\u003eFloat32Array\u003c/code\u003e) as the \u003ccode\u003ereason\u003c/code\u003e argument for\n\u003ccode\u003ewebsocket.close()\u003c/code\u003e, rather than the supported string or \u003ccode\u003eBuffer\u003c/code\u003e types, caused\nuninitialized memory to be disclosed to the remote peer.\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003eimport { deepStrictEqual } from 'node:assert';\r\nimport { WebSocket, WebSocketServer } from 'ws';\r\n\u003cp\u003econst wss = new WebSocketServer(\n{ port: 0, skipUTF8Validation: true },\nfunction () {\nconst { port } = wss.address();\nconst ws = new WebSocket(\u003ccode\u003ews://localhost:${port}\u003c/code\u003e, {\nskipUTF8Validation: true\n});\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003ews.on('close', function (code, reason) {\r\n  deepStrictEqual(reason, Buffer.alloc(80));\r\n});\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003e}\n);\u003c/p\u003e\n\u003cp\u003ewss.on('connection', function (ws) {\nws.close(1000, new Float32Array(20));\n});\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cp\u003eThe issue was privately reported by \u003ca href=\"https://github.com/ChALkeR\"\u003eNikita Skovoroda\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003e8.20.0\u003c/h2\u003e\n\u003ch1\u003eFeatures\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdded exports for the \u003ccode\u003ePerMessageDeflate\u003c/code\u003e class and utilities for the\n\u003ccode\u003eSec-WebSocket-Extensions\u003c/code\u003e and \u003ccode\u003eSec-WebSocket-Protocol\u003c/code\u003e headers (d3503c1f).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.19.0\u003c/h2\u003e\n\u003ch1\u003eFeatures\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdded the \u003ccode\u003ecloseTimeout\u003c/code\u003e option (\u003ca href=\"https://redirect.github.com/websockets/ws/issues/2308\"\u003e#2308\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBug fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eHandled a forthcoming breaking change in Node.js core (19984854).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/5d9b316230ea931532a6671cc450f18c11edd02f\"\u003e\u003ccode\u003e5d9b316\u003c/code\u003e\u003c/a\u003e [dist] 8.20.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/c0327ec15a54d701eb6ccefaa8bef328cfc03086\"\u003e\u003ccode\u003ec0327ec\u003c/code\u003e\u003c/a\u003e [security] Fix uninitialized memory disclosure in \u003ccode\u003ewebsocket.close()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/ce2a3d62437995a47e6056d485a33d21b6a8f867\"\u003e\u003ccode\u003ece2a3d6\u003c/code\u003e\u003c/a\u003e [ci] Test on node 26\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/58e45b872bb0f35a3edd553c27e105300a4f5bd0\"\u003e\u003ccode\u003e58e45b8\u003c/code\u003e\u003c/a\u003e [ci] Do not test on node 25\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/5f26c245231a4b018479a9269e8c3da4773fe42f\"\u003e\u003ccode\u003e5f26c24\u003c/code\u003e\u003c/a\u003e [ci] Run the lint step on node 24\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/843925544e2f4cffe445e0179947f56d6c5b608f\"\u003e\u003ccode\u003e8439255\u003c/code\u003e\u003c/a\u003e [dist] 8.20.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/d3503c1fd36a310985108f62b343bae18346ab67\"\u003e\u003ccode\u003ed3503c1\u003c/code\u003e\u003c/a\u003e [minor] Export the \u003ccode\u003ePerMessageDeflate\u003c/code\u003e class and header utils\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/3ee5349a0b1580f6e1f347b59ec3371011bd8481\"\u003e\u003ccode\u003e3ee5349\u003c/code\u003e\u003c/a\u003e [api] Convert the \u003ccode\u003eisServer\u003c/code\u003e and \u003ccode\u003emaxPayload\u003c/code\u003e parameters to options\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/91707b470ebd803aaa3fd1e896217740f39267d4\"\u003e\u003ccode\u003e91707b4\u003c/code\u003e\u003c/a\u003e [doc] Add missing space\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/8b553192268810a83253e2a4a39ac16768e75bb3\"\u003e\u003ccode\u003e8b55319\u003c/code\u003e\u003c/a\u003e [pkg] Update eslint to version 10.0.1\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/websockets/ws/compare/8.2.3...8.20.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@babel/plugin-transform-modules-systemjs` from 7.12.1 to 7.29.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/babel/babel/releases\"\u003e@​babel/plugin-transform-modules-systemjs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.29.4 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-plugin-transform-modules-systemjs\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17974\"\u003e#17974\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 1\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.3 (2026-04-30)\u003c/h2\u003e\n\u003ch4\u003e:eyeglasses: Spec Compliance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17923\"\u003e#17923\u003c/a\u003e Support flow extends bound (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helper-create-class-features-plugin\u003c/code\u003e, \u003ccode\u003ebabel-plugin-proposal-decorators\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17931\"\u003e#17931\u003c/a\u003e fix(decorators): replace super within all removed static elements (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-register\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17915\"\u003e#17915\u003c/a\u003e Fix thread synchronization issues in \u003ccode\u003e@babel/register\u003c/code\u003e (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-compat-data\u003c/code\u003e, \u003ccode\u003ebabel-plugin-bugfix-safari-rest-destructuring-rhs-array\u003c/code\u003e, \u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17788\"\u003e#17788\u003c/a\u003e Add bugfix plugin for Safari array rest destructuring bug (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:nail_care: Polish\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17782\"\u003e#17782\u003c/a\u003e Improve trailing comma comment handling (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:memo: Documentation\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17847\"\u003e#17847\u003c/a\u003e Replace npmjs.com links with npmx.dev (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:running_woman: Performance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helper-import-to-platform-api\u003c/code\u003e, \u003ccode\u003ebabel-plugin-proposal-import-wasm-source\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-json-modules\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17818\"\u003e#17818\u003c/a\u003e Load async Wasm and JSON imports in parallel (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 4\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eBabel Bot (\u003ca href=\"https://github.com/babel-bot\"\u003e\u003ccode\u003e@​babel-bot\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNicolò Ribaudo (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.2 (2026-03-16)\u003c/h2\u003e\n\u003ch4\u003e:eyeglasses: Spec Compliance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17840\"\u003e#17840\u003c/a\u003e [7.x backport] async x =\u0026gt; {} must be in leading pos (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helpers\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-async-generator-functions\u003c/code\u003e, \u003ccode\u003ebabel-preset-env\u003c/code\u003e, \u003ccode\u003ebabel-runtime-corejs3\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17805\"\u003e#17805\u003c/a\u003e [7.x backport] fix: Properly handle await in finally (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-preset-env\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/a458f66074b97d54773db8159af673d23b26079b\"\u003e\u003ccode\u003ea458f66\u003c/code\u003e\u003c/a\u003e v7.29.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/32ebd5aaf2526ddd176fd6a3d1e3dc594abdc8d9\"\u003e\u003ccode\u003e32ebd5a\u003c/code\u003e\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17974\"\u003e#17974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/aa8394e454337d118ac3d40bfa3ee1a3cb3f3ed2\"\u003e\u003ccode\u003eaa8394e\u003c/code\u003e\u003c/a\u003e v7.29.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/0053db620c05acf0036f593b5aaf4e372daa79d0\"\u003e\u003ccode\u003e0053db6\u003c/code\u003e\u003c/a\u003e Update polyfill packages (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17727\"\u003e#17727\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/61647ae2397c82c3c71f077b5ab109106a5cac0f\"\u003e\u003ccode\u003e61647ae\u003c/code\u003e\u003c/a\u003e v7.28.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/a177d551adba99773f4ff00ea9bf46550def6132\"\u003e\u003ccode\u003ea177d55\u003c/code\u003e\u003c/a\u003e [Babel 8] Use \u003ccode\u003et.traverseFast\u003c/code\u003e to replace some \u003ccode\u003epath.traverse\u003c/code\u003e (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17518\"\u003e#17518\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/eebd3a06021c13d335b5b0bd79734df3abbea678\"\u003e\u003ccode\u003eeebd3a0\u003c/code\u003e\u003c/a\u003e v7.27.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/317e332e650bc04907bc787ab79f930288a3e71e\"\u003e\u003ccode\u003e317e332\u003c/code\u003e\u003c/a\u003e Enforce node protocol import (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17207\"\u003e#17207\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/fdc0fb59e119ee0b38bced63867a344a5b4bc2f3\"\u003e\u003ccode\u003efdc0fb5\u003c/code\u003e\u003c/a\u003e [Babel 8] Bump nodejs requirements to \u003ccode\u003e^20.19.0 || \u0026gt;= 22.12.0\u003c/code\u003e (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17204\"\u003e#17204\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/cd24cc07ef6558b7f6510f9177f6393c91b0549f\"\u003e\u003ccode\u003ecd24cc0\u003c/code\u003e\u003c/a\u003e chore: Update TS 5.7 (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17053\"\u003e#17053\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/babel/babel/commits/v7.29.4/packages/babel-plugin-transform-modules-systemjs\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for \u003ccode\u003e@​babel/plugin-transform-modules-systemjs\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `bn.js` from 4.11.9 to 4.12.3\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/39fe4389c773327ed15f29f77f8b7dbbff4beb4c\"\u003e\u003ccode\u003e39fe438\u003c/code\u003e\u003c/a\u003e 4.12.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/67ecb35dabaf252001b649c12d69c4b57deac6f6\"\u003e\u003ccode\u003e67ecb35\u003c/code\u003e\u003c/a\u003e backport(4.x): fix imaskn state (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/317\"\u003e#317\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/c4098bac2470418f8e0f6bf11fe0cb676a2b9047\"\u003e\u003ccode\u003ec4098ba\u003c/code\u003e\u003c/a\u003e 4.12.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/6277fd705e51edae1c404c65f03ba2e512706945\"\u003e\u003ccode\u003e6277fd7\u003c/code\u003e\u003c/a\u003e backport(4.x): Fix imuln/muln with zero (backport of \u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/313\"\u003e#313\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/314\"\u003e#314\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/ac0d4afaae91701815b9edc19789e44e7690d688\"\u003e\u003ccode\u003eac0d4af\u003c/code\u003e\u003c/a\u003e 4.12.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/a5f14b43ec61bc7cafc6de2e7444913b9f581b00\"\u003e\u003ccode\u003ea5f14b4\u003c/code\u003e\u003c/a\u003e Fix serious issue in \u003ccode\u003e.toString(16)\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/309\"\u003e#309\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/0cd2661b9d08512263c940662586042ef8aaccc6\"\u003e\u003ccode\u003e0cd2661\u003c/code\u003e\u003c/a\u003e Remove package-lock.json added by npm\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/84ae31344a557abb78ddabe3bac923b7503e4fb5\"\u003e\u003ccode\u003e84ae313\u003c/code\u003e\u003c/a\u003e 4.12.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/967ed0a50a9400bbbd83b450550cf37f7fa178b9\"\u003e\u003ccode\u003e967ed0a\u003c/code\u003e\u003c/a\u003e fix: Buffer not using global in browser (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/260\"\u003e#260\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/61962320d7907a1a4d03a665782cb2733160c907\"\u003e\u003ccode\u003e6196232\u003c/code\u003e\u003c/a\u003e Fix LE constructor for HEX (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/265\"\u003e#265\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/indutny/bn.js/compare/v4.11.9...v4.12.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cipher-base` from 1.0.4 to 1.0.7\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/browserify/cipher-base/blob/master/CHANGELOG.md\"\u003ecipher-base's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/browserify/cipher-base/compare/v1.0.6...v1.0.7\"\u003ev1.0.7\u003c/a\u003e - 2025-09-24\u003c/h2\u003e\n\u003ch3\u003eCommits\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Refactor] use \u003ccode\u003eto-buffer\u003c/code\u003e \u003ca href=\"https://github.com/browserify/cipher-base/commit/fd1e5eeafccbc8eaa827ee6b9b60c14608aa784f\"\u003e\u003ccode\u003efd1e5ee\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e \u003ca href=\"https://github.com/browserify/cipher-base/commit/08ba8034223a53d300b7dccf33d8f14e52379a34\"\u003e\u003ccode\u003e08ba803\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/browserify/cipher-base/compare/v1.0.5...v1.0.6\"\u003ev1.0.6\u003c/a\u003e - 2024-11-26\u003c/h2\u003e\n\u003ch3\u003eCommits\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] io.js 3.0 - Node.js 5.3 typed array support \u003ca href=\"https://github.com/browserify/cipher-base/commit/b7ddd2ac24e65cc47befc1e0eb5026422f8ab037\"\u003e\u003ccode\u003eb7ddd2a\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/browserify/cipher-base/compare/v1.0.4...v1.0.5\"\u003ev1.0.5\u003c/a\u003e - 2024-11-17\u003c/h2\u003e\n\u003ch3\u003eCommits\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Tests] standard -\u0026gt; eslint, make test dir, etc \u003ca href=\"https://github.com/browserify/cipher-base/commit/ae02fd6624c41ac4ac18077be797111d1955bc76\"\u003e\u003ccode\u003eae02fd6\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] migrate from travis to GHA \u003ca href=\"https://github.com/browserify/cipher-base/commit/66387d71461287ad9067bb1bcbfdc47403a33ee7\"\u003e\u003ccode\u003e66387d7\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] fix package.json indentation \u003ca href=\"https://github.com/browserify/cipher-base/commit/5c02918ac58c875ed36913c2dc3e1043f4d1c99c\"\u003e\u003ccode\u003e5c02918\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] return valid values on multi-byte-wide TypedArray input \u003ca href=\"https://github.com/browserify/cipher-base/commit/8fd136432ca298a664f5637629cf2b42a6c7f294\"\u003e\u003ccode\u003e8fd1364\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] add \u003ccode\u003eauto-changelog\u003c/code\u003e \u003ca href=\"https://github.com/browserify/cipher-base/commit/88dc806806d3dc41444dbf639c87c00f82c949b3\"\u003e\u003ccode\u003e88dc806\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] add \u003ccode\u003enpmignore\u003c/code\u003e and \u003ccode\u003esafe-publish-latest\u003c/code\u003e \u003ca href=\"https://github.com/browserify/cipher-base/commit/7a137d749ce7ea7ea56b9c096844b1b8ab723f61\"\u003e\u003ccode\u003e7a137d7\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eOnly apps should have lockfiles \u003ca href=\"https://github.com/browserify/cipher-base/commit/42528f291db16bf2e7d5f831ebe2ad87fd0b1f42\"\u003e\u003ccode\u003e42528f2\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003einherits\u003c/code\u003e, \u003ccode\u003esafe-buffer\u003c/code\u003e \u003ca href=\"https://github.com/browserify/cipher-base/commit/0e7a2d9a33a391e82fa9cf512d6e25cc91ab8613\"\u003e\u003ccode\u003e0e7a2d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] add missing \u003ccode\u003eengines.node\u003c/code\u003e \u003ca href=\"https://github.com/browserify/cipher-base/commit/f2dc13e47bbcf3c873db9a9e0f83e5f29d0783fe\"\u003e\u003ccode\u003ef2dc13e\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/00567180c846dd3db3848c9223991c58a0d5490c\"\u003e\u003ccode\u003e0056718\u003c/code\u003e\u003c/a\u003e v1.0.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/fd1e5eeafccbc8eaa827ee6b9b60c14608aa784f\"\u003e\u003ccode\u003efd1e5ee\u003c/code\u003e\u003c/a\u003e [Refactor] use \u003ccode\u003eto-buffer\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/08ba8034223a53d300b7dccf33d8f14e52379a34\"\u003e\u003ccode\u003e08ba803\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/f5249f94611506ef35a8be4d48a3fc5ecf1fac63\"\u003e\u003ccode\u003ef5249f9\u003c/code\u003e\u003c/a\u003e v1.0.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/b7ddd2ac24e65cc47befc1e0eb5026422f8ab037\"\u003e\u003ccode\u003eb7ddd2a\u003c/code\u003e\u003c/a\u003e [Fix] io.js 3.0 - Node.js 5.3 typed array support\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/f03cebfdad1cba1d56614c58affa303b0fa2a43e\"\u003e\u003ccode\u003ef03cebf\u003c/code\u003e\u003c/a\u003e v1.0.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/88dc806806d3dc41444dbf639c87c00f82c949b3\"\u003e\u003ccode\u003e88dc806\u003c/code\u003e\u003c/a\u003e [meta] add \u003ccode\u003eauto-changelog\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/7a137d749ce7ea7ea56b9c096844b1b8ab723f61\"\u003e\u003ccode\u003e7a137d7\u003c/code\u003e\u003c/a\u003e [meta] add \u003ccode\u003enpmignore\u003c/code\u003e and \u003ccode\u003esafe-publish-latest\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/5c02918ac58c875ed36913c2dc3e1043f4d1c99c\"\u003e\u003ccode\u003e5c02918\u003c/code\u003e\u003c/a\u003e [meta] fix package.json indentation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/8fd136432ca298a664f5637629cf2b42a6c7f294\"\u003e\u003ccode\u003e8fd1364\u003c/code\u003e\u003c/a\u003e [Fix] return valid values on multi-byte-wide TypedArray input\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/crypto-browserify/cipher-base/compare/v1.0.4...v1.0.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~ljharb\"\u003eljharb\u003c/a\u003e, a new releaser for cipher-base since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepublish\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `flatted` from 3.1.1 to 3.4.2\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/3bf09091c3562e17a0647bc06710dd6097079cf7\"\u003e\u003ccode\u003e3bf0909\u003c/code\u003e\u003c/a\u003e 3.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/885ddcc33cf9657caf38c57c7be45ae1c5272802\"\u003e\u003ccode\u003e885ddcc\u003c/code\u003e\u003c/a\u003e fix CWE-1321\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/0bdba705d130f00892b1b8fcc80cf4cdea0631e3\"\u003e\u003ccode\u003e0bdba70\u003c/code\u003e\u003c/a\u003e added flatted-view to the benchmark\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/2a02dce7c641dec31194c67663f9b0b12e62da20\"\u003e\u003ccode\u003e2a02dce\u003c/code\u003e\u003c/a\u003e 3.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/fba4e8f2e113665da275b19cd0f695f3d98e9416\"\u003e\u003ccode\u003efba4e8f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/WebReflection/flatted/issues/89\"\u003e#89\u003c/a\u003e from WebReflection/python-fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/5fe86485e6df7f7f34a07a2a85498bd3e17384e7\"\u003e\u003ccode\u003e5fe8648\u003c/code\u003e\u003c/a\u003e added \u0026quot;when in Rome\u0026quot; also a test for PHP\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/53517adbefe724fe472b2f9ebcdb01910d0ae3f0\"\u003e\u003ccode\u003e53517ad\u003c/code\u003e\u003c/a\u003e some minor improvement\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/b3e2a0c387bf446435fec45ad7f05299f012346f\"\u003e\u003ccode\u003eb3e2a0c\u003c/code\u003e\u003c/a\u003e Fixing recursion issue in Python too\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/c4b46dbcbf782326e54ea1b65d3ebb1dc7a23fad\"\u003e\u003ccode\u003ec4b46db\u003c/code\u003e\u003c/a\u003e Add SECURITY.md for security policy and reporting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/f86d071e0f70de5a7d8200198824a3f07fc9c988\"\u003e\u003ccode\u003ef86d071\u003c/code\u003e\u003c/a\u003e Create dependabot.yml for version updates\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/WebReflection/flatted/compare/v3.1.1...v3.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `follow-redirects` from 1.9.0 to 1.16.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/0c23a223067201c368035e82954c11eb2578a33b\"\u003e\u003ccode\u003e0c23a22\u003c/code\u003e\u003c/a\u003e Release version 1.16.0 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/844c4d302ac963d29bdb5dc1754ec7df3d70d7f9\"\u003e\u003ccode\u003e844c4d3\u003c/code\u003e\u003c/a\u003e Add sensitiveHeaders option.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5e8b8d024e2c76f804a284258e585ecb49a575be\"\u003e\u003ccode\u003e5e8b8d0\u003c/code\u003e\u003c/a\u003e ci: add Node.js 24.x to the CI matrix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7953e2255aa0b93602eed3804f3bc5e6923a03af\"\u003e\u003ccode\u003e7953e22\u003c/code\u003e\u003c/a\u003e ci: upgrade GitHub Actions to use setup-node@v6 and checkout@v6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/86dc1f86e4b56bcd642c78384d51f10f123aea75\"\u003e\u003ccode\u003e86dc1f8\u003c/code\u003e\u003c/a\u003e Sanitizing input.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/21ef28a544c5e57f4c34b8476d75f2144609a1eb\"\u003e\u003ccode\u003e21ef28a\u003c/code\u003e\u003c/a\u003e Release version 1.15.11 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7c88135da3bd0681a7e156ee66b16b2f6f98b480\"\u003e\u003ccode\u003e7c88135\u003c/code\u003e\u003c/a\u003e Roll back tree shaking.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/6e389ba094beec211a8847788a146917a16c1bdb\"\u003e\u003ccode\u003e6e389ba\u003c/code\u003e\u003c/a\u003e Release version 1.15.10 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5bc496e0229abda823221e0c6267926a3f93f262\"\u003e\u003ccode\u003e5bc496e\u003c/code\u003e\u003c/a\u003e Shake me up before you go-go.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/694d6b47a42bc8377e5ef1480394de451e16bd5b\"\u003e\u003ccode\u003e694d6b4\u003c/code\u003e\u003c/a\u003e Bump minimist from 1.2.5 to 1.2.8\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/follow-redirects/follow-redirects/compare/v1.9.0...v1.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `handlebars` from 4.7.6 to 4.7.9\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/handlebars-lang/handlebars.js/releases\"\u003ehandlebars's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.7.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: enable shell mode for spawn to resolve Windows EINVAL issue - e0137c2\u003c/li\u003e\n\u003cli\u003efix type \u0026quot;RuntimeOptions\u0026quot; also accepting string partials - eab1d14\u003c/li\u003e\n\u003cli\u003efeat(types): set \u003ccode\u003ehash\u003c/code\u003e to be a \u003ccode\u003eRecord\u0026lt;string, any\u0026gt;\u003c/code\u003e - de4414d\u003c/li\u003e\n\u003cli\u003efix non-contiguous program indices - 4512766\u003c/li\u003e\n\u003cli\u003erefactor: rename i to startPartIndex - e497a35\u003c/li\u003e\n\u003cli\u003esecurity: fix security issues - 68d8df5\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2w6w-674q-4c4q\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2w6w-674q-4c4q\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-3mfm-83xf-c92r\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-3mfm-83xf-c92r\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xhpv-hc6g-r9c6\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xhpv-hc6g-r9c6\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xjpj-3mr7-gcpf\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xjpj-3mr7-gcpf\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-9cx6-37pm-9jff\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-9cx6-37pm-9jff\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2qvq-rjwj-gvw9\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2qvq-rjwj-gvw9\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-7rx3-28cr-v5wh\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-7rx3-28cr-v5wh\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-442j-39wm-28r2\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-442j-39wm-28r2\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.8...v4.7.9\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.7.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMake library compatible with workers (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1894\"\u003e#1894\u003c/a\u003e) - 3d3796c\u003c/li\u003e\n\u003cli\u003eDon't rely on Node.js global object (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1776\"\u003e#1776\u003c/a\u003e) - 2954e7e\u003c/li\u003e\n\u003cli\u003eFix compiling of each block params in strict mode (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1855\"\u003e#1855\u003c/a\u003e) - 30dbf04\u003c/li\u003e\n\u003cli\u003eFix rollup warning when importing Handlebars as ESM - 03d387b\u003c/li\u003e\n\u003cli\u003eFix bundler issue with webpack 5 (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1862\"\u003e#1862\u003c/a\u003e) - c6c6bbb\u003c/li\u003e\n\u003cli\u003eUse https instead of git for mustache submodule - 88ac068\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.7...v4.7.8\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/handlebars-lang/handlebars.js/blob/v4.7.9/release-notes.md\"\u003ehandlebars's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.7.9 - March 26th, 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: enable shell mode for spawn to resolve Windows EINVAL issue - e0137c2\u003c/li\u003e\n\u003cli\u003efix type \u0026quot;RuntimeOptions\u0026quot; also accepting string partials - eab1d14\u003c/li\u003e\n\u003cli\u003efeat(types): set \u003ccode\u003ehash\u003c/code\u003e to be a \u003ccode\u003eRecord\u0026lt;string, any\u0026gt;\u003c/code\u003e - de4414d\u003c/li\u003e\n\u003cli\u003efix non-contiguous program indices - 4512766\u003c/li\u003e\n\u003cli\u003erefactor: rename i to startPartIndex - e497a35\u003c/li\u003e\n\u003cli\u003esecurity: fix security issues - 68d8df5\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.8...v4.7.9\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.7.8 - July 27th, 2023\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMake library compatible with workers (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1894\"\u003e#1894\u003c/a\u003e) - 3d3796c\u003c/li\u003e\n\u003cli\u003eDon't rely on Node.js global object (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1776\"\u003e#1776\u003c/a\u003e) - 2954e7e\u003c/li\u003e\n\u003cli\u003eFix compiling of each block params in strict mode (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1855\"\u003e#1855\u003c/a\u003e) - 30dbf04\u003c/li\u003e\n\u003cli\u003eFix rollup warning when importing Handlebars as ESM - 03d387b\u003c/li\u003e\n\u003cli\u003eFix bundler issue with webpack 5 (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1862\"\u003e#1862\u003c/a\u003e) - c6c6bbb\u003c/li\u003e\n...\n\n_Description has been truncated_","html_url":"https://github.com/jcstein/next.js/pull/19","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/jcstein%2Fnext.js/issues/19","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/19/packages"}},{"old_version":"4.0.0","new_version":"4.0.1","update_type":"patch","path":null,"pr_created_at":"2026-05-23T09:51:47.000Z","version_change":"4.0.0 → 4.0.1","issue":{"uuid":"4507692225","node_id":"PR_kwDOPFeS3s7emKqp","number":25,"state":"open","title":"build(deps): bump the npm_and_yarn group across 3 directories with 21 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-23T09:51:47.000Z","updated_at":"2026-05-23T09:52:16.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"npm_and_yarn","update_count":21,"packages":[{"name":"glob","old_version":"10.4.5","new_version":"10.5.0","repository_url":"https://github.com/isaacs/node-glob"},{"name":"lodash","old_version":"4.17.21","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"diff","old_version":"7.0.0","new_version":"9.0.0","repository_url":"https://github.com/kpdecker/jsdiff"},{"name":"@modelcontextprotocol/sdk","old_version":"1.15.1","new_version":"1.29.0","repository_url":"https://github.com/modelcontextprotocol/typescript-sdk"},{"name":"@opentelemetry/sdk-node","old_version":"0.52.1","new_version":"0.218.0","repository_url":"https://github.com/open-telemetry/opentelemetry-js"},{"name":"ajv","old_version":"8.17.1","new_version":"8.18.0","repository_url":"https://github.com/ajv-validator/ajv"},{"name":"simple-git","old_version":"3.28.0","new_version":"3.36.0","repository_url":"https://github.com/steveukx/git-js"},{"name":"undici","old_version":"7.10.0","new_version":"7.25.0","repository_url":"https://github.com/nodejs/undici"},{"name":"brace-expansion","old_version":"1.1.12","new_version":"1.1.14","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"minimatch","old_version":"3.1.2","new_version":"3.1.5","repository_url":"https://github.com/isaacs/minimatch"},{"name":"fast-uri","old_version":"3.0.6","new_version":"3.1.2","repository_url":"https://github.com/fastify/fast-uri"},{"name":"flatted","old_version":"3.3.3","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"js-yaml","old_version":"4.1.0","new_version":"4.1.1","repository_url":"https://github.com/nodeca/js-yaml"},{"name":"jws","old_version":"4.0.0","new_version":"4.0.1","repository_url":"https://github.com/brianloveswords/node-jws"},{"name":"path-to-regexp","old_version":"8.2.0","new_version":"8.4.2","repository_url":"https://github.com/pillarjs/path-to-regexp"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"picomatch","old_version":"4.0.2","new_version":"4.0.4","repository_url":"https://github.com/micromatch/picomatch"},{"name":"rollup","old_version":"4.44.0","new_version":"4.60.4","repository_url":"https://github.com/rollup/rollup"},{"name":"vite","old_version":"7.0.0","new_version":"7.3.3","repository_url":"https://github.com/vitejs/vite"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 18 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [glob](https://github.com/isaacs/node-glob) | `10.4.5` | `10.5.0` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [diff](https://github.com/kpdecker/jsdiff) | `7.0.0` | `9.0.0` |\n| [@modelcontextprotocol/sdk](https://github.com/modelcontextprotocol/typescript-sdk) | `1.15.1` | `1.29.0` |\n| [@opentelemetry/sdk-node](https://github.com/open-telemetry/opentelemetry-js) | `0.52.1` | `0.218.0` |\n| [ajv](https://github.com/ajv-validator/ajv) | `8.17.1` | `8.18.0` |\n| [simple-git](https://github.com/steveukx/git-js/tree/HEAD/simple-git) | `3.28.0` | `3.36.0` |\n| [undici](https://github.com/nodejs/undici) | `7.10.0` | `7.25.0` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.12` | `1.1.14` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [fast-uri](https://github.com/fastify/fast-uri) | `3.0.6` | `3.1.2` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `4.1.0` | `4.1.1` |\n| [jws](https://github.com/brianloveswords/node-jws) | `4.0.0` | `4.0.1` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `8.2.0` | `8.4.2` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [picomatch](https://github.com/micromatch/picomatch) | `4.0.2` | `4.0.4` |\n| [rollup](https://github.com/rollup/rollup) | `4.44.0` | `4.60.4` |\n| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `7.0.0` | `7.3.3` |\n\nBumps the npm_and_yarn group with 10 updates in the /packages/core directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [glob](https://github.com/isaacs/node-glob) | `10.4.5` | `12.0.0` |\n| [diff](https://github.com/kpdecker/jsdiff) | `7.0.0` | `8.0.3` |\n| [@modelcontextprotocol/sdk](https://github.com/modelcontextprotocol/typescript-sdk) | `1.12.3` | `1.29.0` |\n| [@opentelemetry/sdk-node](https://github.com/open-telemetry/opentelemetry-js) | `0.52.1` | `0.217.0` |\n| [simple-git](https://github.com/steveukx/git-js/tree/HEAD/simple-git) | `3.28.0` | `3.36.0` |\n| [undici](https://github.com/nodejs/undici) | `7.10.0` | `7.24.0` |\n| [jws](https://github.com/brianloveswords/node-jws) | `4.0.0` | `4.0.1` |\n| [protobufjs](https://github.com/protobufjs/protobuf.js) | `7.5.3` | `7.6.1` |\n| [rollup](https://github.com/rollup/rollup) | `4.43.0` | `4.60.4` |\n| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `6.3.5` | `7.3.3` |\n\nBumps the npm_and_yarn group with 8 updates in the /packages/vscode-ide-companion directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [@modelcontextprotocol/sdk](https://github.com/modelcontextprotocol/typescript-sdk) | `1.15.1` | `1.26.0` |\n| [ajv](https://github.com/ajv-validator/ajv) | `6.12.6` | `6.15.0` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.12` | `1.1.14` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `2.0.2` | `2.1.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [minimatch](https://github.com/isaacs/minimatch) | `9.0.5` | `9.0.9` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `4.1.0` | `4.1.1` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `8.2.0` | `8.4.2` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n\n\nUpdates `glob` from 10.4.5 to 10.5.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-glob/commit/56774ef73b495eb0b17cdd0f42921f5ef62297c1\"\u003e\u003ccode\u003e56774ef\u003c/code\u003e\u003c/a\u003e 10.5.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-glob/commit/1e4e297342a09f2aa0ced87fcd4a70ddc325d75f\"\u003e\u003ccode\u003e1e4e297\u003c/code\u003e\u003c/a\u003e bin: Do not expose filenames to shell expansion\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/isaacs/node-glob/compare/v10.4.5...v10.5.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lodash` from 4.17.21 to 4.18.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lodash/lodash/releases\"\u003elodash's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.18.1\u003c/h2\u003e\n\u003ch2\u003eBugs\u003c/h2\u003e\n\u003cp\u003eFixes a \u003ccode\u003eReferenceError\u003c/code\u003e issue in \u003ccode\u003elodash\u003c/code\u003e \u003ccode\u003elodash-es\u003c/code\u003e \u003ccode\u003elodash-amd\u003c/code\u003e and \u003ccode\u003elodash.template\u003c/code\u003e when using the \u003ccode\u003etemplate\u003c/code\u003e and \u003ccode\u003efromPairs\u003c/code\u003e functions from the modular builds. See \u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6167#issuecomment-4165269769\"\u003elodash/lodash#6167\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThese defects were related to how lodash distributions are built from the main branch using \u003ca href=\"https://github.com/lodash-archive/lodash-cli\"\u003ehttps://github.com/lodash-archive/lodash-cli\u003c/a\u003e. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.\u003c/p\u003e\n\u003cp\u003eThere is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003elodash\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-es\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-amd\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash.template\u003c/code\u003e\u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.18.0\u003c/h2\u003e\n\u003ch2\u003ev4.18.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.23...4.18.0\"\u003ehttps://github.com/lodash/lodash/compare/4.17.23...4.18.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.unset\u003c/code\u003e / \u003ccode\u003e_.omit\u003c/code\u003e\u003c/strong\u003e: Fixed prototype pollution via \u003ccode\u003econstructor\u003c/code\u003e/\u003ccode\u003eprototype\u003c/code\u003e path traversal (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-f23m-r3pf-42rh\"\u003eGHSA-f23m-r3pf-42rh\u003c/a\u003e, \u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003efe8d32e\u003c/a\u003e). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now \u003ccode\u003econstructor\u003c/code\u003e and \u003ccode\u003eprototype\u003c/code\u003e are blocked unconditionally as non-terminal path keys, matching \u003ccode\u003ebaseSet\u003c/code\u003e. Calls that previously returned \u003ccode\u003etrue\u003c/code\u003e and deleted the property now return \u003ccode\u003efalse\u003c/code\u003e and leave the target untouched.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.template\u003c/code\u003e\u003c/strong\u003e: Fixed code injection via \u003ccode\u003eimports\u003c/code\u003e keys (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-r5fr-rjxr-66jc\"\u003eGHSA-r5fr-rjxr-66jc\u003c/a\u003e, CVE-2026-4800, \u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e879aaa9\u003c/a\u003e). Fixes an incomplete patch for CVE-2021-23337. The \u003ccode\u003evariable\u003c/code\u003e option was validated against \u003ccode\u003ereForbiddenIdentifierChars\u003c/code\u003e but \u003ccode\u003eimportsKeys\u003c/code\u003e was left unguarded, allowing code injection via the same \u003ccode\u003eFunction()\u003c/code\u003e constructor sink. \u003ccode\u003eimports\u003c/code\u003e keys containing forbidden identifier characters now throw \u003ccode\u003e\u0026quot;Invalid imports option passed into _.template\u0026quot;\u003c/code\u003e.\u003c/p\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd security notice for \u003ccode\u003e_.template\u003c/code\u003e in threat model and API docs (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6099\"\u003e#6099\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDocument \u003ccode\u003elower \u0026gt; upper\u003c/code\u003e behavior in \u003ccode\u003e_.random\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6115\"\u003e#6115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix quotes in \u003ccode\u003e_.compact\u003c/code\u003e jsdoc (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6090\"\u003e#6090\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ccode\u003elodash.*\u003c/code\u003e modular packages\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6157\"\u003eDiff\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eWe have also regenerated and published a select number of the \u003ccode\u003elodash.*\u003c/code\u003e modular packages.\u003c/p\u003e\n\u003cp\u003eThese modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.orderby\"\u003elodash.orderby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.tonumber\"\u003elodash.tonumber\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trim\"\u003elodash.trim\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trimend\"\u003elodash.trimend\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.sortedindexby\"\u003elodash.sortedindexby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.zipobjectdeep\"\u003elodash.zipobjectdeep\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.unset\"\u003elodash.unset\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.omit\"\u003elodash.omit\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.template\"\u003elodash.template\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/cb0b9b9212521c08e3eafe7c8cb0af1b42b6649e\"\u003e\u003ccode\u003ecb0b9b9\u003c/code\u003e\u003c/a\u003e release(patch): bump main to 4.18.1 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6177\"\u003e#6177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/75535f57883b7225adb96de1cfc1cd4169cfcb51\"\u003e\u003ccode\u003e75535f5\u003c/code\u003e\u003c/a\u003e chore: prune stale advisory refs (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6170\"\u003e#6170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/62e91bc6a39c98d85b9ada8c44d40593deaf82a4\"\u003e\u003ccode\u003e62e91bc\u003c/code\u003e\u003c/a\u003e docs: remove n_ Node.js \u0026lt; 6 REPL note from README (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6165\"\u003e#6165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/59be2de61f8aa9461c7856533b51d31b7d8babc4\"\u003e\u003ccode\u003e59be2de\u003c/code\u003e\u003c/a\u003e release(minor): bump to 4.18.0 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6161\"\u003e#6161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/af634573030f979194871da7c68f79420992f53d\"\u003e\u003ccode\u003eaf63457\u003c/code\u003e\u003c/a\u003e fix: broken tests for _.template 879aaa9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/1073a7693e1727e0cf3641e5f71f75ddcf8de7c0\"\u003e\u003ccode\u003e1073a76\u003c/code\u003e\u003c/a\u003e fix: linting issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e\u003ccode\u003e879aaa9\u003c/code\u003e\u003c/a\u003e fix: validate imports keys in _.template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003e\u003ccode\u003efe8d32e\u003c/code\u003e\u003c/a\u003e fix: block prototype pollution in baseUnset via constructor/prototype traversal\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/18ba0a32f42fd02117f096b032f89c984173462d\"\u003e\u003ccode\u003e18ba0a3\u003c/code\u003e\u003c/a\u003e refactor(fromPairs): use baseAssignValue for consistent assignment (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6153\"\u003e#6153\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/b8190803d48d60b8c80ad45d39125f32fa618cb2\"\u003e\u003ccode\u003eb819080\u003c/code\u003e\u003c/a\u003e ci: add dist sync validation workflow (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6137\"\u003e#6137\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.21...4.18.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `diff` from 7.0.0 to 9.0.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kpdecker/jsdiff/blob/master/release-notes.md\"\u003ediff's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e9.0.0\u003c/h2\u003e\n\u003cp\u003e(All changes part of PR \u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/672\"\u003e#672\u003c/a\u003e.)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eES5 support is dropped\u003c/strong\u003e. \u003ccode\u003eparsePatch\u003c/code\u003e now uses \u003ccode\u003eTextDecoder\u003c/code\u003e and \u003ccode\u003eUint8Array\u003c/code\u003e, which are not available in ES5, and TypeScript is now compiled with the \u0026quot;es6\u0026quot; \u003ccode\u003etarget\u003c/code\u003e. From now on, I intend to freely use any features that are deemed \u0026quot;Widely available\u0026quot; by \u003ca href=\"https://web.dev/baseline\"\u003eBaseline\u003c/a\u003e. Users who need ES5 support should stick to version 8.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eC-style quoted strings in filename headers are now properly supported\u003c/strong\u003e.\u003c/p\u003e\n\u003cp\u003eWhen the name of either the old or new file in a patch contains \u0026quot;special characters\u0026quot;, both GNU \u003ccode\u003ediff\u003c/code\u003e and Git quote the filename in the patch's headers and escape special characters using the same escape sequences that are used in string literals in C, including octal escapes for all non-ASCII characters. Previously, jsdiff had very little support for this; \u003ccode\u003eparsePatch\u003c/code\u003e would remove the quotes, and unescape any escaped backslashes, but would not unescape other escape sequences. \u003ccode\u003eformatPatch\u003c/code\u003e, meanwhile, did not quote or escape special characters at all.\u003c/p\u003e\n\u003cp\u003eNow, \u003ccode\u003eparsePatch\u003c/code\u003e parses all the possible escape sequences that GNU diff (or Git) ever output, and \u003ccode\u003eformatPatch\u003c/code\u003e quotes and escapes filenames containing special characters in the same way GNU diff does.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003eformatPatch\u003c/code\u003e now omits file headers when \u003ccode\u003eoldFileName\u003c/code\u003e or \u003ccode\u003enewFileName\u003c/code\u003e in the provided patch object are \u003ccode\u003eundefined\u003c/code\u003e\u003c/strong\u003e, regardless of the \u003ccode\u003eheaderOptions\u003c/code\u003e parameter. (Previously, it would treat the absence of \u003ccode\u003eoldFileName\u003c/code\u003e or \u003ccode\u003enewFileName\u003c/code\u003e as indicating the filename was the word \u0026quot;undefined\u0026quot; and emit headers \u003ccode\u003e--- undefined\u003c/code\u003e / \u003ccode\u003e+++ undefined\u003c/code\u003e.)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003eformatPatch\u003c/code\u003e no longer outputs trailing tab characters at the end of \u003ccode\u003e---\u003c/code\u003e/\u003ccode\u003e+++\u003c/code\u003e headers.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003ePreviously, if \u003ccode\u003eformatPatch\u003c/code\u003e was passed a patch object to serialize that had empty strings for the \u003ccode\u003eoldHeader\u003c/code\u003e or \u003ccode\u003enewHeader\u003c/code\u003e property, it would include a trailing tab character after the filename in the \u003ccode\u003e---\u003c/code\u003e and/or \u003ccode\u003e+++\u003c/code\u003e file header. Now, this scenario is treated the same as when \u003ccode\u003eoldHeader\u003c/code\u003e/\u003ccode\u003enewHeader\u003c/code\u003e is \u003ccode\u003eundefined\u003c/code\u003e - i.e. the trailing tab is omitted.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003eformatPatch\u003c/code\u003e no longer mutates its input\u003c/strong\u003e when serializing a patch containing a hunk where either the old or new content contained zero lines. (Such a hunk occurs only when the hunk has no context lines and represents a pure insertion or pure deletion, which for instance will occur whenever one of the two files being diffed is completely empty.) Previously \u003ccode\u003eformatPatch\u003c/code\u003e would provide the correct output but also mutate the \u003ccode\u003eoldLines\u003c/code\u003e or \u003ccode\u003enewLines\u003c/code\u003e property on the hunk, changing the meaning of the underlying patch.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eGit-style patches are now supported by \u003ccode\u003eparsePatch\u003c/code\u003e, \u003ccode\u003eformatPatch\u003c/code\u003e, and \u003ccode\u003ereversePatch\u003c/code\u003e\u003c/strong\u003e.\u003c/p\u003e\n\u003cp\u003ePatches output by \u003ccode\u003egit diff\u003c/code\u003e can include some features that are unlike those output by GNU \u003ccode\u003ediff\u003c/code\u003e, and therefore not handled by an ordinary unified diff format parser. An ordinary diff simply describes the differences between the \u003cem\u003econtent\u003c/em\u003e of two files, but Git diffs can also indicate, via \u0026quot;extended headers\u0026quot;, the creation or deletion of (potentially empty) files, indicate that a file was renamed, and contain information about file mode changes. Furthermore, when these changes appear in a diff in the absence of a content change (e.g. when an empty file is created, or a file is renamed without content changes), the patch will contain no associated \u003ccode\u003e---\u003c/code\u003e/\u003ccode\u003e+++\u003c/code\u003e file headers nor any hunks.\u003c/p\u003e\n\u003cp\u003ejsdiff previously did not support parsing Git's extended headers, nor hunkless patches. Now \u003ccode\u003eparsePatch\u003c/code\u003e parses some of the extended headers, parses hunkless Git patches, and can determine filenames (e.g. from the extended headers) when parsing a patch that includes no \u003ccode\u003e---\u003c/code\u003e or \u003ccode\u003e+++\u003c/code\u003e file headers. The additional information conveyed by the extended headers we support is recorded on new fields on the result object returned by \u003ccode\u003eparsePatch\u003c/code\u003e. See \u003ccode\u003eisGit\u003c/code\u003e and subsequent properties in the docs in the README.md file.\u003c/p\u003e\n\u003cp\u003e\u003ccode\u003eformatPatch\u003c/code\u003e now outputs extended headers based on these new Git-specific properties, and \u003ccode\u003ereversePatch\u003c/code\u003e respects them as far as possible (with one unavoidable caveat noted in the README.md file).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eUnpaired file headers now cause \u003ccode\u003eparsePatch\u003c/code\u003e to throw\u003c/strong\u003e.\u003c/p\u003e\n\u003cp\u003eIt remains acceptable to have a patch with no file headers whatsoever (e.g. one that begins with a \u003ccode\u003e@@\u003c/code\u003e hunk header on the very first line), but a patch with \u003cem\u003eonly\u003c/em\u003e a \u003ccode\u003e---\u003c/code\u003e header or only a \u003ccode\u003e+++\u003c/code\u003e header is now considered an error.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003eparsePatch\u003c/code\u003e is now more tolerant of \u0026quot;trailing garbage\u0026quot;\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eThat is: after a patch, or between files/indexes in a patch, it is now acceptable to have arbitrary lines of \u0026quot;garbage\u0026quot; (so long as they unambiguously have no syntactic meaning - e.g. trailing garbage that leads with a \u003ccode\u003e+\u003c/code\u003e, \u003ccode\u003e-\u003c/code\u003e, or \u003ccode\u003e \u003c/code\u003e and thus is interpretable as part of a hunk still triggers a throw).\u003c/p\u003e\n\u003cp\u003eThis means we no longer reject patches output by tools that include extra data in \u0026quot;garbage\u0026quot; lines not understood by generic unified diff parsers. (For example, SVN patches can include \u0026quot;Property changes on:\u0026quot; lines that generic unified diff parsers should discard as garbage; jsdiff previously threw errors when encountering them.)\u003c/p\u003e\n\u003cp\u003eThis change brings jsdiff's behaviour more in line with GNU \u003ccode\u003epatch\u003c/code\u003e, which is highly permissive of \u0026quot;garbage\u0026quot;.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eThe \u003ccode\u003eoldFileName\u003c/code\u003e and \u003ccode\u003enewFileName\u003c/code\u003e fields of \u003ccode\u003eStructuredPatch\u003c/code\u003e are now typed as \u003ccode\u003estring | undefined\u003c/code\u003e instead of \u003ccode\u003estring\u003c/code\u003e\u003c/strong\u003e. This type change reflects the (pre-existing) reality that \u003ccode\u003eparsePatch\u003c/code\u003e can produce patches without filenames (e.g. when parsing a patch that simply contains hunks with no file headers).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.0.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/667\"\u003e#667\u003c/a\u003e - \u003cstrong\u003efix another bug in \u003ccode\u003ediffWords\u003c/code\u003e when used with an \u003ccode\u003eIntl.Segmenter\u003c/code\u003e\u003c/strong\u003e. If the text to be diffed included a combining mark after a whitespace character (i.e. roughly speaking, an accented space), \u003ccode\u003ediffWords\u003c/code\u003e would previously crash. Now this case is handled correctly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.0.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/631\"\u003e#631\u003c/a\u003e - \u003cstrong\u003efix support for using an \u003ccode\u003eIntl.Segmenter\u003c/code\u003e with \u003ccode\u003ediffWords\u003c/code\u003e\u003c/strong\u003e. This has been almost completely broken since the feature was added in v6.0.0, since it would outright crash on any text that featured two consecutive newlines between a pair of words (a very common case).\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/635\"\u003e#635\u003c/a\u003e - \u003cstrong\u003esmall tweaks to tokenization behaviour of \u003ccode\u003ediffWords\u003c/code\u003e\u003c/strong\u003e when used \u003cem\u003ewithout\u003c/em\u003e an \u003ccode\u003eIntl.Segmenter\u003c/code\u003e. Specifically, the soft hyphen (U+00AD) is no longer considered to be a word break, and the multiplication and division signs (\u003ccode\u003e×\u003c/code\u003e and \u003ccode\u003e÷\u003c/code\u003e) are now treated as punctuation instead of as letters / word characters.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/ed13aca03aa25735fafc0645d1185e7a1c68fd8c\"\u003e\u003ccode\u003eed13aca\u003c/code\u003e\u003c/a\u003e Update version in package.json and in release notes (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/683\"\u003e#683\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/7a49317b503a932b88fc72ad9c57a481df038e24\"\u003e\u003ccode\u003e7a49317\u003c/code\u003e\u003c/a\u003e Bump dependencies again (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/682\"\u003e#682\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/afe5aecad189c9f5941ad3feb3c94c46b32ecb0a\"\u003e\u003ccode\u003eafe5aec\u003c/code\u003e\u003c/a\u003e Add Git support, and otherwise variously improve \u0026amp; fix parsePatch (and other ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/2e46779d8866ce7da1303a03db33ed038590c6f6\"\u003e\u003ccode\u003e2e46779\u003c/code\u003e\u003c/a\u003e Fix a typo (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/679\"\u003e#679\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/dd2f99497703a1540b2ae406b51c49b74b5fc1a1\"\u003e\u003ccode\u003edd2f994\u003c/code\u003e\u003c/a\u003e 8.0.4 release (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/678\"\u003e#678\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/3cc438434db53c5d1c40412b727ea7650f6f145a\"\u003e\u003ccode\u003e3cc4384\u003c/code\u003e\u003c/a\u003e Update docs on releasing to reflect migration to yarn berry (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/677\"\u003e#677\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/6fc2aa6b7672af08774b50aae00d97b99c5b5715\"\u003e\u003ccode\u003e6fc2aa6\u003c/code\u003e\u003c/a\u003e yarn up '*' \u0026amp;\u0026amp; yarn up -R '**' (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/676\"\u003e#676\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/af7393ac3404565dc8da655c2e7aeeed28c01ff7\"\u003e\u003ccode\u003eaf7393a\u003c/code\u003e\u003c/a\u003e yarn up '*' \u0026amp;\u0026amp; yarn up -R '**' (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/670\"\u003e#670\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/4b5d1800370bf29b61a3378fb8086aeb231d3ef7\"\u003e\u003ccode\u003e4b5d180\u003c/code\u003e\u003c/a\u003e Fix another bug in diffWords's \u0026quot;intlSegmenter\u0026quot; mode (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/667\"\u003e#667\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/10da50c466709e7bd4b192dac96af0af46f8b7bd\"\u003e\u003ccode\u003e10da50c\u003c/code\u003e\u003c/a\u003e yarn up '*' \u0026amp;\u0026amp; yarn up -R '**' (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/666\"\u003e#666\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kpdecker/jsdiff/compare/7.0.0...v9.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@modelcontextprotocol/sdk` from 1.15.1 to 1.29.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/releases\"\u003e@​modelcontextprotocol/sdk's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.29.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: treat v1.x as primary branch for npm latest tag (backport \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1577\"\u003e#1577\u003c/a\u003e) by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1749\"\u003emodelcontextprotocol/typescript-sdk#1749\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[v1.x] fix: disallow null (infinite) requested TTL by \u003ca href=\"https://github.com/LucaButBoring\"\u003e\u003ccode\u003e@​LucaButBoring\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1339\"\u003emodelcontextprotocol/typescript-sdk#1339\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[v1.x] fix: add missing size field to ResourceSchema by \u003ca href=\"https://github.com/olaservo\"\u003e\u003ccode\u003e@​olaservo\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1575\"\u003emodelcontextprotocol/typescript-sdk#1575\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd typings exports by \u003ca href=\"https://github.com/tdraier\"\u003e\u003ccode\u003e@​tdraier\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1623\"\u003emodelcontextprotocol/typescript-sdk#1623\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev1.x npm audit fix by \u003ca href=\"https://github.com/KKonstantinov\"\u003e\u003ccode\u003e@​KKonstantinov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1780\"\u003emodelcontextprotocol/typescript-sdk#1780\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev1.x \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1623\"\u003e#1623\u003c/a\u003e follow up -add missing types to package.json by \u003ca href=\"https://github.com/KKonstantinov\"\u003e\u003ccode\u003e@​KKonstantinov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1773\"\u003emodelcontextprotocol/typescript-sdk#1773\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[v1.x backport] Allow servers / clients to advertise extensions in the capability object by \u003ca href=\"https://github.com/localden\"\u003e\u003ccode\u003e@​localden\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1811\"\u003emodelcontextprotocol/typescript-sdk#1811\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(stdio): always set windowsHide on Windows, not just in Electron by \u003ca href=\"https://github.com/jnMetaCode\"\u003e\u003ccode\u003e@​jnMetaCode\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1640\"\u003emodelcontextprotocol/typescript-sdk#1640\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: bump version to 1.29.0 by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1820\"\u003emodelcontextprotocol/typescript-sdk#1820\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tdraier\"\u003e\u003ccode\u003e@​tdraier\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1623\"\u003emodelcontextprotocol/typescript-sdk#1623\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jnMetaCode\"\u003e\u003ccode\u003e@​jnMetaCode\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1640\"\u003emodelcontextprotocol/typescript-sdk#1640\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/v1.28.0...v1.29.0\"\u003ehttps://github.com/modelcontextprotocol/typescript-sdk/compare/v1.28.0...v1.29.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.28.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: use scopes_supported from resource metadata by default (fixes \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/580\"\u003e#580\u003c/a\u003e) by \u003ca href=\"https://github.com/antogyn\"\u003e\u003ccode\u003e@​antogyn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/757\"\u003emodelcontextprotocol/typescript-sdk#757\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[v1.x backport] Default to client_secret_basic when server omits token_endpoint_auth_methods_supported by \u003ca href=\"https://github.com/pcarleton\"\u003e\u003ccode\u003e@​pcarleton\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1611\"\u003emodelcontextprotocol/typescript-sdk#1611\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: reject plain JSON Schema objects passed as inputSchema by \u003ca href=\"https://github.com/tiluckdave\"\u003e\u003ccode\u003e@​tiluckdave\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1596\"\u003emodelcontextprotocol/typescript-sdk#1596\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: clear _timeoutInfo in _onclose() and scope .finally() abort controller cleanup by \u003ca href=\"https://github.com/pcarleton\"\u003e\u003ccode\u003e@​pcarleton\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1462\"\u003emodelcontextprotocol/typescript-sdk#1462\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(server/auth): RFC 8252 loopback port relaxation by \u003ca href=\"https://github.com/poteat\"\u003e\u003ccode\u003e@​poteat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1738\"\u003emodelcontextprotocol/typescript-sdk#1738\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: bump version to 1.28.0 by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1746\"\u003emodelcontextprotocol/typescript-sdk#1746\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/antogyn\"\u003e\u003ccode\u003e@​antogyn\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/757\"\u003emodelcontextprotocol/typescript-sdk#757\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tiluckdave\"\u003e\u003ccode\u003e@​tiluckdave\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1596\"\u003emodelcontextprotocol/typescript-sdk#1596\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/poteat\"\u003e\u003ccode\u003e@​poteat\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1738\"\u003emodelcontextprotocol/typescript-sdk#1738\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/v1.27.1...v1.28.0\"\u003ehttps://github.com/modelcontextprotocol/typescript-sdk/compare/v1.27.1...v1.28.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.27.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: implement auth/pre-registration conformance scenario by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1545\"\u003emodelcontextprotocol/typescript-sdk#1545\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: add governance documentation for SEP-1730 by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1547\"\u003emodelcontextprotocol/typescript-sdk#1547\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: comprehensive feature documentation for SEP-1730 Tier 1 by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1548\"\u003emodelcontextprotocol/typescript-sdk#1548\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: prevent command injection in example URL opening (v1.x backport) by \u003ca href=\"https://github.com/maxisbey\"\u003e\u003ccode\u003e@​maxisbey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1579\"\u003emodelcontextprotocol/typescript-sdk#1579\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: call onerror for silently swallowed transport errors by \u003ca href=\"https://github.com/qing-ant\"\u003e\u003ccode\u003e@​qing-ant\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1580\"\u003emodelcontextprotocol/typescript-sdk#1580\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: bump version to 1.27.1 by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1581\"\u003emodelcontextprotocol/typescript-sdk#1581\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qing-ant\"\u003e\u003ccode\u003e@​qing-ant\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1580\"\u003emodelcontextprotocol/typescript-sdk#1580\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/v1.27.0...v1.27.1\"\u003ehttps://github.com/modelcontextprotocol/typescript-sdk/compare/v1.27.0...v1.27.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.27.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/e12cbd7078db388152f6e839abdbe09ba01f3f32\"\u003e\u003ccode\u003ee12cbd7\u003c/code\u003e\u003c/a\u003e chore: bump version to 1.29.0 (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1820\"\u003e#1820\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/3913fd4443a86536155e3ebef9edd2045c372c1e\"\u003e\u003ccode\u003e3913fd4\u003c/code\u003e\u003c/a\u003e fix(stdio): always set windowsHide on Windows, not just in Electron (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1640\"\u003e#1640\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/5608e78dd0d4ca6cd7dd03278419578f1780365a\"\u003e\u003ccode\u003e5608e78\u003c/code\u003e\u003c/a\u003e [v1.x backport] Allow servers / clients to advertise extensions in the capabi...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/7213816788e634ffb9d09affe50f0295093bfb73\"\u003e\u003ccode\u003e7213816\u003c/code\u003e\u003c/a\u003e v1.x \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1623\"\u003e#1623\u003c/a\u003e follow up -add missing types to package.json (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1773\"\u003e#1773\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/364f38ca2d8895aed7c37b7a0a1031bb7ae4841c\"\u003e\u003ccode\u003e364f38c\u003c/code\u003e\u003c/a\u003e v1.x npm audit fix (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1780\"\u003e#1780\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/c95cc0943b045517e4cc414baf1f168b216c3142\"\u003e\u003ccode\u003ec95cc09\u003c/code\u003e\u003c/a\u003e Add typings exports (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1623\"\u003e#1623\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/ddadaa6cc633fb5db0c094bf031b15b68a357820\"\u003e\u003ccode\u003eddadaa6\u003c/code\u003e\u003c/a\u003e [v1.x] fix: add missing size field to ResourceSchema (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1575\"\u003e#1575\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/2a158513028d9f862c4188b6957e78cd5663f26b\"\u003e\u003ccode\u003e2a15851\u003c/code\u003e\u003c/a\u003e [v1.x] fix: disallow null (infinite) requested TTL (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1339\"\u003e#1339\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/13e30f1d36de8442417fec695983bdb155c00768\"\u003e\u003ccode\u003e13e30f1\u003c/code\u003e\u003c/a\u003e fix: treat v1.x as primary branch for npm latest tag (backport \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1577\"\u003e#1577\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1749\"\u003e#1749\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/a0565695218544fc53e99bf5b544a887d373cefa\"\u003e\u003ccode\u003ea056569\u003c/code\u003e\u003c/a\u003e chore: bump version to 1.28.0 (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1746\"\u003e#1746\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/1.15.1...v1.29.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~pcarleton\"\u003epcarleton\u003c/a\u003e, a new releaser for \u003ccode\u003e@​modelcontextprotocol/sdk\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@opentelemetry/sdk-node` from 0.52.1 to 0.218.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/releases\"\u003e@​opentelemetry/sdk-node's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eexperimental/v0.218.0\u003c/h2\u003e\n\u003ch2\u003e0.218.0\u003c/h2\u003e\n\u003ch3\u003e:rocket: Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat(otlp-transformer): replace protobufjs metrics serialization with custom implementation \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6629\"\u003e#6625\u003c/a\u003e \u003ca href=\"https://github.com/pichlermarc\"\u003e\u003ccode\u003e@​pichlermarc\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(configuration): show all config validation errors, if there are multiple \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6683\"\u003e#6683\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(sdk-node): allow startNodeSDK() without an arg \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6688\"\u003e#6688\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e:house: Internal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003erefactor(sdk-logs): alias \u003ccode\u003eLoggerProviderConfig\u003c/code\u003e to \u003ccode\u003eLoggerProviderOptions\u003c/code\u003e \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6691\"\u003e#6691\u003c/a\u003e \u003ca href=\"https://github.com/david-luna\"\u003e\u003ccode\u003e@​david-luna\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erefactor(sdk-logs): use \u003ccode\u003eLogger.enabled()\u003c/code\u003e within \u003ccode\u003eLogger.emit()\u003c/code\u003e implementation \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6680\"\u003e#6680\u003c/a\u003e \u003ca href=\"https://github.com/david-luna\"\u003e\u003ccode\u003e@​david-luna\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eexperimental/v0.217.0\u003c/h2\u003e\n\u003ch2\u003e0.217.0\u003c/h2\u003e\n\u003ch3\u003e:rocket: Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat(otlp-transformer): replace protobufjs trace serialization with custom implementation \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6625\"\u003e#6625\u003c/a\u003e \u003ca href=\"https://github.com/pichlermarc\"\u003e\u003ccode\u003e@​pichlermarc\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(configuration): auto-generate TypeScript types from OTel declarative config JSON schema (stable v1.0.0) using \u003ccode\u003ejson-schema-to-typescript\u003c/code\u003e and \u003ccode\u003eajv\u003c/code\u003e \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6533\"\u003e#6533\u003c/a\u003e \u003ca href=\"https://github.com/MikeGoldsmith\"\u003e\u003ccode\u003e@​MikeGoldsmith\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(configuration, sdk-node): \u003ccode\u003estartNodeSDK()\u003c/code\u003e code path now uses \u003ccode\u003elog_level\u003c/code\u003e configuration to setup a DiagConsoleLogger \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6668\"\u003e#6668\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eNote that allowed values for \u003ccode\u003elog_level\u003c/code\u003e in a configuration YAML file are \u003cem\u003enot\u003c/em\u003e the same set as for \u003ccode\u003eOTEL_LOG_LEVEL\u003c/code\u003e. Use \u003ccode\u003elog_level: trace\u003c/code\u003e to see \u003cem\u003eall\u003c/em\u003e logs (equivalent of \u003ccode\u003eOTEL_LOG_LEVEL=ALL\u003c/code\u003e). Use \u003ccode\u003elog_level: fatal\u003c/code\u003e to effectively disable the SDK's internal diagnostic logger (equivalent of \u003ccode\u003eOTEL_LOG_LEVEL=NONE\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eIf \u003ccode\u003elog_level\u003c/code\u003e is not specified, a diagnostic console logger at \u0026quot;info\u0026quot; level will be setup.\u003c/li\u003e\n\u003cli\u003eAn invalid YAML config file will now result in a noop OTel SDK.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e:bug: Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix(configuration): do not validate \u003ccode\u003eOTEL_CONFIG_FILE\u003c/code\u003e value before using it for file config \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6643\"\u003e#6643\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(configuration): improve how 'additionalProperties' in JSON schema is translated to TS types \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6650\"\u003e#6650\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(configuration): remove stripMinItems and preprocessNullArrays from validation/parsing \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6657\"\u003e#6657\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(configuration): improve handling of enums in generated types \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6659\"\u003e#6659\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(configuration): improve the technique for removing '| null' on types the JSON Schema \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6662\"\u003e#6662\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(sampler-jaeger-remote): add missing axios dep \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6656\"\u003e#6656\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(exporter-prometheus): handle malformed URLs in Prometheus exporter request handler \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6674\"\u003e#6674\u003c/a\u003e \u003ca href=\"https://github.com/homanp\"\u003e\u003ccode\u003e@​homanp\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eexperimental/v0.216.0\u003c/h2\u003e\n\u003ch2\u003e0.216.0\u003c/h2\u003e\n\u003ch3\u003e:rocket: Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat(sdk-node): wire attribute_keys from declarative configuration to ViewOptions.attributesProcessors \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6427\"\u003e#6427\u003c/a\u003e \u003ca href=\"https://github.com/ravitheja4531-cell\"\u003e\u003ccode\u003e@​ravitheja4531-cell\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(sdk-node): set TracerProvider in startNodeSDK() \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6607\"\u003e#6607\u003c/a\u003e \u003ca href=\"https://github.com/maryliag\"\u003e\u003ccode\u003e@​maryliag\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e:bug: Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix(instrumentation-xml-http-request): avoid unwrapping \u003ccode\u003eXMLHttpRequest\u003c/code\u003e API when disabling \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6611\"\u003e#6611\u003c/a\u003e \u003ca href=\"https://github.com/david-luna\"\u003e\u003ccode\u003e@​david-luna\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(instrumentation-fetch): tolerate non-writable \u003ccode\u003eglobalThis.fetch\u003c/code\u003e and fix premature \u003ccode\u003e_isEnabled\u003c/code\u003e / \u003ccode\u003e_isFetchPatched\u003c/code\u003e flips in \u003ccode\u003eenable()\u003c/code\u003e \u003ca href=\"https://github.com/brunorodmoreira\"\u003e\u003ccode\u003e@​brunorodmoreira\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/06ad0eaaecbd49f5ead871325f852cc2a3454079\"\u003e\u003ccode\u003e06ad0ea\u003c/code\u003e\u003c/a\u003e chore: prepare next release (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6703\"\u003e#6703\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/38ca257e64ebd13f5603d5539f8a48d6d9232037\"\u003e\u003ccode\u003e38ca257\u003c/code\u003e\u003c/a\u003e feat(otlp-transformer): replace protobufjs metrics serialization with custom ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/013c60085b84351a4c1e4e4f79e3dd67c56661cd\"\u003e\u003ccode\u003e013c600\u003c/code\u003e\u003c/a\u003e chore: prepare next release (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6699\"\u003e#6699\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/b7a0c63bde39d7916fdb73cbb3d64cf1c93282c5\"\u003e\u003ccode\u003eb7a0c63\u003c/code\u003e\u003c/a\u003e feat(semantic-conventions): update semantic conventions to v1.41.1 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6695\"\u003e#6695\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/774143b2c6667c6537c000ab48ea5ce998278ca0\"\u003e\u003ccode\u003e774143b\u003c/code\u003e\u003c/a\u003e chore(renovate): add minimumReleaseAge to config (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6697\"\u003e#6697\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/e0dafe0d9fadaccf7dd8d7b02dd85531356e2ac1\"\u003e\u003ccode\u003ee0dafe0\u003c/code\u003e\u003c/a\u003e fix(otlp-exporter-base): remove brackets from IPv6 hostname in HTTP transport...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/f804c93d1d6d903036b8bf38f8c3713dbbaf0360\"\u003e\u003ccode\u003ef804c93\u003c/code\u003e\u003c/a\u003e chore(deps): update github/codeql-action digest to 68bde55 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6682\"\u003e#6682\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/95e48e7afcc475ded350b95b43070c54591ecbbb\"\u003e\u003ccode\u003e95e48e7\u003c/code\u003e\u003c/a\u003e refactor(sdk-logs): alias \u003ccode\u003eLoggerProviderConfig\u003c/code\u003e to \u003ccode\u003eLoggerProviderOptions\u003c/code\u003e (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/907b627d9ada25844b0f06551ecd9bbda5c0ea4f\"\u003e\u003ccode\u003e907b627\u003c/code\u003e\u003c/a\u003e feat(sdk-node): allow startNodeSDK() without an arg (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6688\"\u003e#6688\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/0d1526198fafe7f90078ff353103d0427e6c64d4\"\u003e\u003ccode\u003e0d15261\u003c/code\u003e\u003c/a\u003e docs: Add SIG meeting info and welcoming language (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6689\"\u003e#6689\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/compare/experimental/v0.52.1...experimental/v0.218.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for \u003ccode\u003e@​opentelemetry/sdk-node\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ajv` from 8.17.1 to 8.18.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ajv-validator/ajv/releases\"\u003eajv's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.18.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: allow tree-shaking by adding \u003ccode\u003e\u0026quot;sideEffects\u0026quot;: false\u003c/code\u003e to \u003ccode\u003epackage.json\u003c/code\u003e by \u003ca href=\"https://github.com/josdejong\"\u003e\u003ccode\u003e@​josdejong\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2480\"\u003eajv-validator/ajv#2480\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2482\"\u003e#2482\u003c/a\u003e Infinity and NaN serialise to null by \u003ca href=\"https://github.com/jasoniangreen\"\u003e\u003ccode\u003e@​jasoniangreen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2487\"\u003eajv-validator/ajv#2487\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: small grammatical error in managing-schemas.md by \u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2508\"\u003eajv-validator/ajv#2508\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: typos in schema-language.md by \u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2507\"\u003eajv-validator/ajv#2507\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(pattern): use configured RegExp engine with $data keyword to mitigate ReDoS attacks (CVE-2025-69873) by \u003ca href=\"https://github.com/epoberezkin\"\u003e\u003ccode\u003e@​epoberezkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2586\"\u003eajv-validator/ajv#2586\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/josdejong\"\u003e\u003ccode\u003e@​josdejong\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2480\"\u003eajv-validator/ajv#2480\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2508\"\u003eajv-validator/ajv#2508\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0\"\u003ehttps://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/142ce84b807c4fe66e619c22480a28d0e4bd50fa\"\u003e\u003ccode\u003e142ce84\u003c/code\u003e\u003c/a\u003e 8.18.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/720a23fa453ffae8340e92c9b0fe886c54cfe0d5\"\u003e\u003ccode\u003e720a23f\u003c/code\u003e\u003c/a\u003e fix(pattern): use configured RegExp engine with $data keyword to mitigate ReD...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/82735a15826a30cc51e97a1bbfb59b3d388e4b98\"\u003e\u003ccode\u003e82735a1\u003c/code\u003e\u003c/a\u003e fix: typos in schema-language.md (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2507\"\u003e#2507\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/b17ec32cd97542e90ae27231d8a8bce88b9e53b6\"\u003e\u003ccode\u003eb17ec32\u003c/code\u003e\u003c/a\u003e fix: small grammatical error in managing-schemas.md (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2508\"\u003e#2508\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/69568d08564303e2c32a2de61feb833b41075f96\"\u003e\u003ccode\u003e69568d0\u003c/code\u003e\u003c/a\u003e fix: \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2482\"\u003e#2482\u003c/a\u003e Infinity and NaN serialise to null (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2487\"\u003e#2487\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/f06766f33ed7291f84c19f22a1286a34475fbdaf\"\u003e\u003ccode\u003ef06766f\u003c/code\u003e\u003c/a\u003e feat: allow tree-shaking by adding ``\u0026quot;sideEffects\u0026quot;: false\u003ccode\u003eto\u003c/code\u003epackage.json` ...\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `simple-git` from 3.28.0 to 3.36.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/steveukx/git-js/releases\"\u003esimple-git's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003esimple-git@3.36.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e89a2294: Extend known exploitable configuration keys and per-task environment variables.\u003c/p\u003e\n\u003cp\u003eNote - \u003ccode\u003eParsedVulnerabilities\u003c/code\u003e from \u003ccode\u003eargv-parser\u003c/code\u003e is removed in favour of a readonly array of \u003ccode\u003eVulnerability\u003c/code\u003e to match usage in \u003ccode\u003esimple-git\u003c/code\u003e, rolled into the new \u003ccode\u003evulnerabilityCheck\u003c/code\u003e for simpler access to the identified issues.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/zebbern\"\u003e\u003ccode\u003e@​zebbern\u003c/code\u003e\u003c/a\u003e for identifying the need to block \u003ccode\u003ecore.fsmonitor\u003c/code\u003e.\nThanks to \u003ca href=\"https://github.com/kodareef5\"\u003e\u003ccode\u003e@​kodareef5\u003c/code\u003e\u003c/a\u003e for identifying the need to block \u003ccode\u003eGIT_CONFIG_COUNT\u003c/code\u003e environment variables and \u003ccode\u003e--template\u003c/code\u003e / \u003ccode\u003emerge\u003c/code\u003e related config.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e1ad57e8: Remove conflicting node:buffer import\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [89a2294]\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [675570a]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/argv-parser\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.1.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/args-pathspec\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esimple-git@3.35.2\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e0cf9d8c: Improvements for mono-repo publishing pipeline\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [0cf9d8c]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/args-pathspec\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.2\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/argv-parser\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esimple-git@3.35.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e0de400e: Update monorepo version handling during publish\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [0de400e]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/argv-parser\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.2\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esimple-git@3.33.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ea263635: Use \u003ccode\u003epathspec\u003c/code\u003e wrappers for remote and local paths when running either \u003ccode\u003egit.clone\u003c/code\u003e or \u003ccode\u003egit.mirror\u003c/code\u003e to\navoid leaving them less open for unexpected outcomes when passing unsanitised data into these tasks.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003ee253a0d: Enhanced \u003ccode\u003egit -c\u003c/code\u003e checks in \u003ccode\u003eunsafe\u003c/code\u003e plugin.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/JohannesLks\"\u003e\u003ccode\u003e@​JohannesLks\u003c/code\u003e\u003c/a\u003e for identifying the issue\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esimple-git@3.32.3\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ef704208: Enhanced \u003ccode\u003eprotocol.allow\u003c/code\u003e checks in \u003ccode\u003eallowUnsafeExtProtocol\u003c/code\u003e handling.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/steveukx/git-js/blob/main/simple-git/CHANGELOG.md\"\u003esimple-git's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.36.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e89a2294: Extend known exploitable configuration keys and per-task environment variables.\u003c/p\u003e\n\u003cp\u003eNote - \u003ccode\u003eParsedVulnerabilities\u003c/code\u003e from \u003ccode\u003eargv-parser\u003c/code\u003e is removed in favour of a readonly array of \u003ccode\u003eVulnerability\u003c/code\u003e to match usage in \u003ccode\u003esimple-git\u003c/code\u003e, rolled into the new \u003ccode\u003evulnerabilityCheck\u003c/code\u003e for simpler access to the identified issues.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/zebbern\"\u003e\u003ccode\u003e@​zebbern\u003c/code\u003e\u003c/a\u003e for identifying the need to block \u003ccode\u003ecore.fsmonitor\u003c/code\u003e.\nThanks to \u003ca href=\"https://github.com/kodareef5\"\u003e\u003ccode\u003e@​kodareef5\u003c/code\u003e\u003c/a\u003e for identifying the need to block \u003ccode\u003eGIT_CONFIG_COUNT\u003c/code\u003e environment variables and \u003ccode\u003e--template\u003c/code\u003e / \u003ccode\u003emerge\u003c/code\u003e related config.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e1ad57e8: Remove conflicting node:buffer import\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [89a2294]\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [675570a]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/argv-parser\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.1.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/args-pathspec\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.35.2\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e0cf9d8c: Improvements for mono-repo publishing pipeline\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [0cf9d8c]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/args-pathspec\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.2\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/argv-parser\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.35.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e0de400e: Update monorepo version handling during publish\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [0de400e]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/argv-parser\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.2\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.35.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e3d8708b: Updating publish config\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated dependencies [3d8708b]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/args-pathspec\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.1\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/argv-parser\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.34.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/7dc1a532a9ec92fb08c93202954be73175b07d83\"\u003e\u003ccode\u003e7dc1a53\u003c/code\u003e\u003c/a\u003e Version Packages\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/76f5376bd418cb8baf5ec32757af442d47128e22\"\u003e\u003ccode\u003e76f5376\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://github.com/steveukx/git-js/tree/HEAD/simple-git/issues/1061\"\u003e#1061\u003c/a\u003e from Vinzent03/fix/buffer-import\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/89a2294febed5dfe737c4c735d936bb6018746a8\"\u003e\u003ccode\u003e89a2294\u003c/code\u003e\u003c/a\u003e Environment Parsing (\u003ca href=\"https://github.com/steveukx/git-js/tree/HEAD/simple-git/issues/1156\"\u003e#1156\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/1b91b762f047777ca6686f34ac3f7b8a543a4780\"\u003e\u003ccode\u003e1b91b76\u003c/code\u003e\u003c/a\u003e fix: remove explicit node:buffer import\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/e390685960a3461875dce89d87ab80e3143d79fe\"\u003e\u003ccode\u003ee390685\u003c/code\u003e\u003c/a\u003e Version Packages\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/3c9e4b8309667d0cb4102cda770f92075fc781dd\"\u003e\u003ccode\u003e3c9e4b8\u003c/code\u003e\u003c/a\u003e Pin version of \u003ccode\u003e@​simple-git/args-pathspec\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/94ee21fd5a2a6182fbf0f218a5efca2057b567cd\"\u003e\u003ccode\u003e94ee21f\u003c/code\u003e\u003c/a\u003e Export \u003ccode\u003epathspec\u003c/code\u003e types through \u003ccode\u003esimple-git\u003c/code\u003e for backward compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/6d7cb5174273aa33d131172d3770cb386e795171\"\u003e\u003ccode\u003e6d7cb51\u003c/code\u003e\u003c/a\u003e Version Packages\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/0de400e7b014a48113acf673b3409a95b9c87a15\"\u003e\u003ccode\u003e0de400e\u003c/code\u003e\u003c/a\u003e Switch to semver from workspace revisions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/2264722abcb637042dd4cc50d903d69e4ee14b38\"\u003e\u003ccode\u003e2264722\u003c/code\u003e\u003c/a\u003e Version Packages\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/steveukx/git-js/commits/simple-git@3.36.0/simple-git\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for simple-git since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `undici` from 7.10.0 to 7.25.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodejs/undici/releases\"\u003eundici's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.25.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.24.8...v7.25.0\"\u003ehttps://github.com/nodejs/undici/compare/v7.24.8...v7.25.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.24.8\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: backport 401 stream-backed body fix to v7.x by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/5006\"\u003enodejs/undici#5006\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.24.7...v7.24.8\"\u003ehttps://github.com/nodejs/undici/compare/v7.24.7...v7.24.8\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.24.7\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: update broken links in file \u0026quot;Dispatcher.md\u0026quot; by \u003ca href=\"https://github.com/samuel871211\"\u003e\u003ccode\u003e@​samuel871211\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4924\"\u003enodejs/undici#4924\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edoc: remove unused parameter \u003ccode\u003eredirectionLimitReached\u003c/code\u003e by \u003ca href=\"https://github.com/samuel871211\"\u003e\u003ccode\u003e@​samuel871211\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4933\"\u003enodejs/undici#4933\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: skip flaky macOS Node 20 cookie fetch cases by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4932\"\u003enodejs/undici#4932\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(types): align Response with DOM fetch types by \u003ca href=\"https://github.com/theamodhshetty\"\u003e\u003ccode\u003e@​theamodhshetty\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4867\"\u003enodejs/undici#4867\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(types): Fix clone method type declaration to be an instance method rather than instance property by \u003ca href=\"https://github.com/mistval\"\u003e\u003ccode\u003e@​mistval\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4925\"\u003enodejs/undici#4925\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: skip IPv6 tests when IPv6 is not available by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4939\"\u003enodejs/undici#4939\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: correctly handle multi-value rawHeaders in fetch by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4938\"\u003enodejs/undici#4938\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eignore AGENTS.md by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4942\"\u003enodejs/undici#4942\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/samuel871211\"\u003e\u003ccode\u003e@​samuel871211\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4924\"\u003enodejs/undici#4924\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mistval\"\u003e\u003ccode\u003e@​mistval\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4925\"\u003enodejs/undici#4925\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.24.6...v7.24.7\"\u003ehttps://github.com/nodejs/undici/compare/v7.24.6...v7.24.7\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.24.6\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(test): client wasm compatible with clang 22 by \u003ca href=\"https://github.com/rozzilla\"\u003e\u003ccode\u003e@​rozzilla\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4909\"\u003enodejs/undici#4909\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(mock): improve error message when intercepts are exhausted by \u003ca href=\"https://github.com/travisbreaks\"\u003e\u003ccode\u003e@​travisbreaks\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4912\"\u003enodejs/undici#4912\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(websocket): support open diagnostics over h2 by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4921\"\u003enodejs/undici#4921\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: assume http/https scheme for scheme-less proxy env vars by \u003ca href=\"https://github.com/travisbreaks\"\u003e\u003ccode\u003e@​travisbreaks\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4914\"\u003enodejs/undici#4914\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(cache): check Authorization on request headers per RFC 9111 §3.5 by \u003ca href=\"https://github.com/metalix2\"\u003e\u003ccode\u003e@​metalix2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4911\"\u003enodejs/undici#4911\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: wrap kConnector call in try/catch to prevent client hang by \u003ca href=\"https://github.com/veeceey\"\u003e\u003ccode\u003e@​veeceey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4834\"\u003enodejs/undici#4834\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: clarify fetch and FormData pairing by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4922\"\u003enodejs/undici#4922\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: support Connection header with connection-specific header names per RFC 7230 by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4775\"\u003enodejs/undici#4775\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: avoid prototype collisions in parseHeaders by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4923\"\u003enodejs/undici#4923\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump typescript from 5.9.3 to 6.0.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4926\"\u003enodejs/undici#4926\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: auto-init WPT submodule by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4930\"\u003enodejs/undici#4930\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rozzilla\"\u003e\u003ccode\u003e@​rozzilla\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4909\"\u003enodejs/undici#4909\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/veeceey\"\u003e\u003ccode\u003e@​veeceey\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4834\"\u003enodejs/undici#4834\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.24.5...v7.24.6\"\u003ehttps://github.com/nodejs/undici/compare/v7.24.5...v7.24.6\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/12d9045923b7caebb1ae6975ef34c29dbcfd95d0\"\u003e\u003ccode\u003e12d9045\u003c/code\u003e\u003c/a\u003e Bumped v7.25.0 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/5025\"\u003e#5025\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/7a6f7febb30a30748a04f38c21e3641c77d21b0e\"\u003e\u003ccode\u003e7a6f7fe\u003c/code\u003e\u003c/a\u003e Bumped v7.24.8 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/5020\"\u003e#5020\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/1f85ae4b27ed6401e7ccc35eb546ad2e5976121f\"\u003e\u003ccode\u003e1f85ae4\u003c/code\u003e\u003c/a\u003e fix: avoid 401 failures for stream-backed request bodies (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4941\"\u003e#4941\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/5006\"\u003e#5006\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/c6610674dfad7c205ddf0f27831133973ad7894e\"\u003e\u003ccode\u003ec661067\u003c/code\u003e\u003c/a\u003e chore: update v7.x maintenance release flow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/84f23e2a19cd0f585579c4257d801e4ec2d65dbd\"\u003e\u003ccode\u003e84f23e2\u003c/code\u003e\u003c/a\u003e Bumped v7.24.7 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4947\"\u003e#4947\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/a770b1033201984b9e8082a9bf955414bff5dc2e\"\u003e\u003ccode\u003ea770b10\u003c/code\u003e\u003c/a\u003e ignore AGENTS.md (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4942\"\u003e#4942\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/6acd19beaf67c1a2d07bcd38f40d0b751a81e7cc\"\u003e\u003ccode\u003e6acd19b\u003c/code\u003e\u003c/a\u003e fix: correctly handle multi-value rawHeaders in fetch (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4938\"\u003e#4938\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/1da1c747c7d6e01b93ab295e0efb86623f3c8e06\"\u003e\u003ccode\u003e1da1c74\u003c/code\u003e\u003c/a\u003e test: skip IPv6 tests when IPv6 is not available (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4939\"\u003e#4939\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/04cb77327f7ada95c2e5b67424cddcb22d7bf882\"\u003e\u003ccode\u003e04cb773\u003c/code\u003e\u003c/a\u003e fix(types): Fix clone method type declaration to be an instance method rather...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/5145a7c47080d1715b2723591def3a75b0c3ba63\"\u003e\u003ccode\u003e5145a7c\u003c/code\u003e\u003c/a\u003e fix(types): align Response with DOM fetch types (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4867\"\u003e#4867\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nodejs/undici/compare/v7.10.0...v7.25.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for undici since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `brace-expansion` from 1.1.12 to 1.1.14\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/10c05fcf3699b1a29ef5e611c011af3d3c97e6e3\"\u003e\u003ccode\u003e10c05fc\u003c/code\u003e\u003c/a\u003e 1.1.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/1afa1b22ead12f6a7a02f25bf0f7d64c2439b007\"\u003e\u003ccode\u003e1afa1b2\u003c/code\u003e\u003c/a\u003e Add opt-in { max } mitigation to v1 l...\n\n_Description has been truncated_","html_url":"https://github.com/ahump20/gemini-cli/pull/25","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/ahump20%2Fgemini-cli/issues/25","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/25/packages"}},{"old_version":"4.0.0","new_version":"4.0.1","update_type":"patch","path":null,"pr_created_at":"2026-05-23T06:52:51.000Z","version_change":"4.0.0 → 4.0.1","issue":{"uuid":"4507198611","node_id":"PR_kwDOQ5tu8c7eko6i","number":13,"state":"closed","title":"chore(deps): bump the npm_and_yarn group across 2 directories with 21 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-23T07:45:38.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-23T06:52:51.000Z","updated_at":"2026-05-23T07:45:40.000Z","time_to_close":3167,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"npm_and_yarn","update_count":21,"packages":[{"name":"simple-git","old_version":"3.28.0","new_version":"3.36.0","repository_url":"https://github.com/steveukx/git-js"},{"name":"tar","old_version":"7.5.2","new_version":"7.5.11","repository_url":"https://github.com/isaacs/node-tar"},{"name":"@modelcontextprotocol/sdk","old_version":"1.23.0","new_version":"1.29.0","repository_url":"https://github.com/modelcontextprotocol/typescript-sdk"},{"name":"diff","old_version":"7.0.0","new_version":"9.0.0","repository_url":"https://github.com/kpdecker/jsdiff"},{"name":"undici","old_version":"7.15.0","new_version":"7.25.0","repository_url":"https://github.com/nodejs/undici"},{"name":"ajv","old_version":"8.17.1","new_version":"8.18.0","repository_url":"https://github.com/ajv-validator/ajv"},{"name":"picomatch","old_version":"4.0.3","new_version":"4.0.4","repository_url":"https://github.com/micromatch/picomatch"},{"name":"vite","old_version":"7.2.2","new_version":"7.3.2","repository_url":"https://github.com/vitejs/vite"},{"name":"@isaacs/brace-expansion","old_version":"5.0.0","new_version":"5.0.1"},{"name":"@tootallnate/once","old_version":"2.0.0","new_version":"2.0.1","repository_url":"https://github.com/TooTallNate/once"},{"name":"brace-expansion","old_version":"1.1.12","new_version":"1.1.14","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"minimatch","old_version":"3.1.2","new_version":"3.1.5","repository_url":"https://github.com/isaacs/minimatch"},{"name":"fast-uri","old_version":"3.0.6","new_version":"3.1.2","repository_url":"https://github.com/fastify/fast-uri"},{"name":"fast-xml-parser","old_version":"4.5.3","new_version":"5.8.0","repository_url":"https://github.com/NaturalIntelligence/fast-xml-parser"},{"name":"flatted","old_version":"3.3.3","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"jws","old_version":"4.0.0","new_version":"4.0.1","repository_url":"https://github.com/brianloveswords/node-jws"},{"name":"jws","old_version":"3.2.2","new_version":"3.2.3","repository_url":"https://github.com/brianloveswords/node-jws"},{"name":"lodash","old_version":"4.17.21","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"path-to-regexp","old_version":"8.2.0","new_version":"8.4.2","repository_url":"https://github.com/pillarjs/path-to-regexp"},{"name":"rollup","old_version":"4.53.2","new_version":"4.60.4","repository_url":"https://github.com/rollup/rollup"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 19 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [simple-git](https://github.com/steveukx/git-js/tree/HEAD/simple-git) | `3.28.0` | `3.36.0` |\n| [tar](https://github.com/isaacs/node-tar) | `7.5.2` | `7.5.11` |\n| [@modelcontextprotocol/sdk](https://github.com/modelcontextprotocol/typescript-sdk) | `1.23.0` | `1.29.0` |\n| [diff](https://github.com/kpdecker/jsdiff) | `7.0.0` | `9.0.0` |\n| [undici](https://github.com/nodejs/undici) | `7.15.0` | `7.25.0` |\n| [ajv](https://github.com/ajv-validator/ajv) | `8.17.1` | `8.18.0` |\n| [picomatch](https://github.com/micromatch/picomatch) | `4.0.3` | `4.0.4` |\n| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `7.2.2` | `7.3.2` |\n| @isaacs/brace-expansion | `5.0.0` | `5.0.1` |\n| [@tootallnate/once](https://github.com/TooTallNate/once) | `2.0.0` | `2.0.1` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.12` | `1.1.14` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [fast-uri](https://github.com/fastify/fast-uri) | `3.0.6` | `3.1.2` |\n| [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) | `4.5.3` | `5.8.0` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` |\n| [jws](https://github.com/brianloveswords/node-jws) | `4.0.0` | `4.0.1` |\n| [jws](https://github.com/brianloveswords/node-jws) | `3.2.2` | `3.2.3` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `8.2.0` | `8.4.2` |\n| [rollup](https://github.com/rollup/rollup) | `4.53.2` | `4.60.4` |\n\nBumps the npm_and_yarn group with 1 update in the /packages/core directory: [diff](https://github.com/kpdecker/jsdiff).\n\nUpdates `simple-git` from 3.28.0 to 3.36.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/steveukx/git-js/releases\"\u003esimple-git's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003esimple-git@3.36.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e89a2294: Extend known exploitable configuration keys and per-task environment variables.\u003c/p\u003e\n\u003cp\u003eNote - \u003ccode\u003eParsedVulnerabilities\u003c/code\u003e from \u003ccode\u003eargv-parser\u003c/code\u003e is removed in favour of a readonly array of \u003ccode\u003eVulnerability\u003c/code\u003e to match usage in \u003ccode\u003esimple-git\u003c/code\u003e, rolled into the new \u003ccode\u003evulnerabilityCheck\u003c/code\u003e for simpler access to the identified issues.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/zebbern\"\u003e\u003ccode\u003e@​zebbern\u003c/code\u003e\u003c/a\u003e for identifying the need to block \u003ccode\u003ecore.fsmonitor\u003c/code\u003e.\nThanks to \u003ca href=\"https://github.com/kodareef5\"\u003e\u003ccode\u003e@​kodareef5\u003c/code\u003e\u003c/a\u003e for identifying the need to block \u003ccode\u003eGIT_CONFIG_COUNT\u003c/code\u003e environment variables and \u003ccode\u003e--template\u003c/code\u003e / \u003ccode\u003emerge\u003c/code\u003e related config.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e1ad57e8: Remove conflicting node:buffer import\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [89a2294]\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [675570a]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/argv-parser\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.1.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/args-pathspec\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esimple-git@3.35.2\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e0cf9d8c: Improvements for mono-repo publishing pipeline\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [0cf9d8c]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/args-pathspec\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.2\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/argv-parser\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esimple-git@3.35.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e0de400e: Update monorepo version handling during publish\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [0de400e]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/argv-parser\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.2\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esimple-git@3.33.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ea263635: Use \u003ccode\u003epathspec\u003c/code\u003e wrappers for remote and local paths when running either \u003ccode\u003egit.clone\u003c/code\u003e or \u003ccode\u003egit.mirror\u003c/code\u003e to\navoid leaving them less open for unexpected outcomes when passing unsanitised data into these tasks.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003ee253a0d: Enhanced \u003ccode\u003egit -c\u003c/code\u003e checks in \u003ccode\u003eunsafe\u003c/code\u003e plugin.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/JohannesLks\"\u003e\u003ccode\u003e@​JohannesLks\u003c/code\u003e\u003c/a\u003e for identifying the issue\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esimple-git@3.32.3\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ef704208: Enhanced \u003ccode\u003eprotocol.allow\u003c/code\u003e checks in \u003ccode\u003eallowUnsafeExtProtocol\u003c/code\u003e handling.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/steveukx/git-js/blob/main/simple-git/CHANGELOG.md\"\u003esimple-git's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.36.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e89a2294: Extend known exploitable configuration keys and per-task environment variables.\u003c/p\u003e\n\u003cp\u003eNote - \u003ccode\u003eParsedVulnerabilities\u003c/code\u003e from \u003ccode\u003eargv-parser\u003c/code\u003e is removed in favour of a readonly array of \u003ccode\u003eVulnerability\u003c/code\u003e to match usage in \u003ccode\u003esimple-git\u003c/code\u003e, rolled into the new \u003ccode\u003evulnerabilityCheck\u003c/code\u003e for simpler access to the identified issues.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/zebbern\"\u003e\u003ccode\u003e@​zebbern\u003c/code\u003e\u003c/a\u003e for identifying the need to block \u003ccode\u003ecore.fsmonitor\u003c/code\u003e.\nThanks to \u003ca href=\"https://github.com/kodareef5\"\u003e\u003ccode\u003e@​kodareef5\u003c/code\u003e\u003c/a\u003e for identifying the need to block \u003ccode\u003eGIT_CONFIG_COUNT\u003c/code\u003e environment variables and \u003ccode\u003e--template\u003c/code\u003e / \u003ccode\u003emerge\u003c/code\u003e related config.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e1ad57e8: Remove conflicting node:buffer import\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [89a2294]\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [675570a]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/argv-parser\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.1.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/args-pathspec\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.35.2\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e0cf9d8c: Improvements for mono-repo publishing pipeline\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [0cf9d8c]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/args-pathspec\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.2\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/argv-parser\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.35.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e0de400e: Update monorepo version handling during publish\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [0de400e]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/argv-parser\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.2\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.35.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e3d8708b: Updating publish config\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated dependencies [3d8708b]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/args-pathspec\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.1\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/argv-parser\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.34.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/7dc1a532a9ec92fb08c93202954be73175b07d83\"\u003e\u003ccode\u003e7dc1a53\u003c/code\u003e\u003c/a\u003e Version Packages\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/76f5376bd418cb8baf5ec32757af442d47128e22\"\u003e\u003ccode\u003e76f5376\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://github.com/steveukx/git-js/tree/HEAD/simple-git/issues/1061\"\u003e#1061\u003c/a\u003e from Vinzent03/fix/buffer-import\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/89a2294febed5dfe737c4c735d936bb6018746a8\"\u003e\u003ccode\u003e89a2294\u003c/code\u003e\u003c/a\u003e Environment Parsing (\u003ca href=\"https://github.com/steveukx/git-js/tree/HEAD/simple-git/issues/1156\"\u003e#1156\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/1b91b762f047777ca6686f34ac3f7b8a543a4780\"\u003e\u003ccode\u003e1b91b76\u003c/code\u003e\u003c/a\u003e fix: remove explicit node:buffer import\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/e390685960a3461875dce89d87ab80e3143d79fe\"\u003e\u003ccode\u003ee390685\u003c/code\u003e\u003c/a\u003e Version Packages\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/3c9e4b8309667d0cb4102cda770f92075fc781dd\"\u003e\u003ccode\u003e3c9e4b8\u003c/code\u003e\u003c/a\u003e Pin version of \u003ccode\u003e@​simple-git/args-pathspec\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/94ee21fd5a2a6182fbf0f218a5efca2057b567cd\"\u003e\u003ccode\u003e94ee21f\u003c/code\u003e\u003c/a\u003e Export \u003ccode\u003epathspec\u003c/code\u003e types through \u003ccode\u003esimple-git\u003c/code\u003e for backward compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/6d7cb5174273aa33d131172d3770cb386e795171\"\u003e\u003ccode\u003e6d7cb51\u003c/code\u003e\u003c/a\u003e Version Packages\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/0de400e7b014a48113acf673b3409a95b9c87a15\"\u003e\u003ccode\u003e0de400e\u003c/code\u003e\u003c/a\u003e Switch to semver from workspace revisions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/2264722abcb637042dd4cc50d903d69e4ee14b38\"\u003e\u003ccode\u003e2264722\u003c/code\u003e\u003c/a\u003e Version Packages\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/steveukx/git-js/commits/simple-git@3.36.0/simple-git\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for simple-git since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `tar` from 7.5.2 to 7.5.11\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/bf776f673164215074b62749e0fe80e5834588f4\"\u003e\u003ccode\u003ebf776f6\u003c/code\u003e\u003c/a\u003e 7.5.11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/f48b5fa3b7985ddab96dc0f2125a4ffc9911b6ad\"\u003e\u003ccode\u003ef48b5fa\u003c/code\u003e\u003c/a\u003e prevent escaping symlinks with drive-relative paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/97cff15d3539a37a4095eb3d287147d9d77c2dc3\"\u003e\u003ccode\u003e97cff15\u003c/code\u003e\u003c/a\u003e docs: more security info\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/2b72abc1d47c3570e1ad95c9ab557fc4c2e6e4b1\"\u003e\u003ccode\u003e2b72abc\u003c/code\u003e\u003c/a\u003e 7.5.10\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/7bc755dd85e623c0279e08eb3784909e6d7e4b9f\"\u003e\u003ccode\u003e7bc755d\u003c/code\u003e\u003c/a\u003e parse root off paths before sanitizing .. parts\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/c8cb84629dee649feedde03f2f4ea48f2e44e778\"\u003e\u003ccode\u003ec8cb846\u003c/code\u003e\u003c/a\u003e update deps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/1f0c2c9006b10199cf2686f8ef43e79a1773e1aa\"\u003e\u003ccode\u003e1f0c2c9\u003c/code\u003e\u003c/a\u003e 7.5.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/fbb08518bf290733b68ca4d4135f75becf73fd75\"\u003e\u003ccode\u003efbb0851\u003c/code\u003e\u003c/a\u003e build minified version as default export\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/6b8eba0ef367ac937e703238daa6df94ae6f823f\"\u003e\u003ccode\u003e6b8eba0\u003c/code\u003e\u003c/a\u003e 7.5.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/2cb1120bcefe28d7ecc719b41441ade59c52e384\"\u003e\u003ccode\u003e2cb1120\u003c/code\u003e\u003c/a\u003e fix(unpack): improve UnpackSync symlink error \u0026quot;into\u0026quot; path accuracy\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/node-tar/compare/v7.5.2...v7.5.11\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~isaacs\"\u003eisaacs\u003c/a\u003e, a new releaser for tar since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@modelcontextprotocol/sdk` from 1.23.0 to 1.29.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/releases\"\u003e@​modelcontextprotocol/sdk's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.29.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: treat v1.x as primary branch for npm latest tag (backport \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1577\"\u003e#1577\u003c/a\u003e) by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1749\"\u003emodelcontextprotocol/typescript-sdk#1749\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[v1.x] fix: disallow null (infinite) requested TTL by \u003ca href=\"https://github.com/LucaButBoring\"\u003e\u003ccode\u003e@​LucaButBoring\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1339\"\u003emodelcontextprotocol/typescript-sdk#1339\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[v1.x] fix: add missing size field to ResourceSchema by \u003ca href=\"https://github.com/olaservo\"\u003e\u003ccode\u003e@​olaservo\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1575\"\u003emodelcontextprotocol/typescript-sdk#1575\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd typings exports by \u003ca href=\"https://github.com/tdraier\"\u003e\u003ccode\u003e@​tdraier\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1623\"\u003emodelcontextprotocol/typescript-sdk#1623\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev1.x npm audit fix by \u003ca href=\"https://github.com/KKonstantinov\"\u003e\u003ccode\u003e@​KKonstantinov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1780\"\u003emodelcontextprotocol/typescript-sdk#1780\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev1.x \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1623\"\u003e#1623\u003c/a\u003e follow up -add missing types to package.json by \u003ca href=\"https://github.com/KKonstantinov\"\u003e\u003ccode\u003e@​KKonstantinov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1773\"\u003emodelcontextprotocol/typescript-sdk#1773\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[v1.x backport] Allow servers / clients to advertise extensions in the capability object by \u003ca href=\"https://github.com/localden\"\u003e\u003ccode\u003e@​localden\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1811\"\u003emodelcontextprotocol/typescript-sdk#1811\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(stdio): always set windowsHide on Windows, not just in Electron by \u003ca href=\"https://github.com/jnMetaCode\"\u003e\u003ccode\u003e@​jnMetaCode\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1640\"\u003emodelcontextprotocol/typescript-sdk#1640\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: bump version to 1.29.0 by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1820\"\u003emodelcontextprotocol/typescript-sdk#1820\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tdraier\"\u003e\u003ccode\u003e@​tdraier\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1623\"\u003emodelcontextprotocol/typescript-sdk#1623\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jnMetaCode\"\u003e\u003ccode\u003e@​jnMetaCode\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1640\"\u003emodelcontextprotocol/typescript-sdk#1640\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/v1.28.0...v1.29.0\"\u003ehttps://github.com/modelcontextprotocol/typescript-sdk/compare/v1.28.0...v1.29.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.28.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: use scopes_supported from resource metadata by default (fixes \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/580\"\u003e#580\u003c/a\u003e) by \u003ca href=\"https://github.com/antogyn\"\u003e\u003ccode\u003e@​antogyn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/757\"\u003emodelcontextprotocol/typescript-sdk#757\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[v1.x backport] Default to client_secret_basic when server omits token_endpoint_auth_methods_supported by \u003ca href=\"https://github.com/pcarleton\"\u003e\u003ccode\u003e@​pcarleton\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1611\"\u003emodelcontextprotocol/typescript-sdk#1611\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: reject plain JSON Schema objects passed as inputSchema by \u003ca href=\"https://github.com/tiluckdave\"\u003e\u003ccode\u003e@​tiluckdave\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1596\"\u003emodelcontextprotocol/typescript-sdk#1596\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: clear _timeoutInfo in _onclose() and scope .finally() abort controller cleanup by \u003ca href=\"https://github.com/pcarleton\"\u003e\u003ccode\u003e@​pcarleton\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1462\"\u003emodelcontextprotocol/typescript-sdk#1462\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(server/auth): RFC 8252 loopback port relaxation by \u003ca href=\"https://github.com/poteat\"\u003e\u003ccode\u003e@​poteat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1738\"\u003emodelcontextprotocol/typescript-sdk#1738\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: bump version to 1.28.0 by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1746\"\u003emodelcontextprotocol/typescript-sdk#1746\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/antogyn\"\u003e\u003ccode\u003e@​antogyn\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/757\"\u003emodelcontextprotocol/typescript-sdk#757\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tiluckdave\"\u003e\u003ccode\u003e@​tiluckdave\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1596\"\u003emodelcontextprotocol/typescript-sdk#1596\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/poteat\"\u003e\u003ccode\u003e@​poteat\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1738\"\u003emodelcontextprotocol/typescript-sdk#1738\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/v1.27.1...v1.28.0\"\u003ehttps://github.com/modelcontextprotocol/typescript-sdk/compare/v1.27.1...v1.28.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.27.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: implement auth/pre-registration conformance scenario by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1545\"\u003emodelcontextprotocol/typescript-sdk#1545\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: add governance documentation for SEP-1730 by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1547\"\u003emodelcontextprotocol/typescript-sdk#1547\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: comprehensive feature documentation for SEP-1730 Tier 1 by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1548\"\u003emodelcontextprotocol/typescript-sdk#1548\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: prevent command injection in example URL opening (v1.x backport) by \u003ca href=\"https://github.com/maxisbey\"\u003e\u003ccode\u003e@​maxisbey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1579\"\u003emodelcontextprotocol/typescript-sdk#1579\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: call onerror for silently swallowed transport errors by \u003ca href=\"https://github.com/qing-ant\"\u003e\u003ccode\u003e@​qing-ant\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1580\"\u003emodelcontextprotocol/typescript-sdk#1580\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: bump version to 1.27.1 by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1581\"\u003emodelcontextprotocol/typescript-sdk#1581\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qing-ant\"\u003e\u003ccode\u003e@​qing-ant\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1580\"\u003emodelcontextprotocol/typescript-sdk#1580\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/v1.27.0...v1.27.1\"\u003ehttps://github.com/modelcontextprotocol/typescript-sdk/compare/v1.27.0...v1.27.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.27.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/e12cbd7078db388152f6e839abdbe09ba01f3f32\"\u003e\u003ccode\u003ee12cbd7\u003c/code\u003e\u003c/a\u003e chore: bump version to 1.29.0 (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1820\"\u003e#1820\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/3913fd4443a86536155e3ebef9edd2045c372c1e\"\u003e\u003ccode\u003e3913fd4\u003c/code\u003e\u003c/a\u003e fix(stdio): always set windowsHide on Windows, not just in Electron (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1640\"\u003e#1640\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/5608e78dd0d4ca6cd7dd03278419578f1780365a\"\u003e\u003ccode\u003e5608e78\u003c/code\u003e\u003c/a\u003e [v1.x backport] Allow servers / clients to advertise extensions in the capabi...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/7213816788e634ffb9d09affe50f0295093bfb73\"\u003e\u003ccode\u003e7213816\u003c/code\u003e\u003c/a\u003e v1.x \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1623\"\u003e#1623\u003c/a\u003e follow up -add missing types to package.json (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1773\"\u003e#1773\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/364f38ca2d8895aed7c37b7a0a1031bb7ae4841c\"\u003e\u003ccode\u003e364f38c\u003c/code\u003e\u003c/a\u003e v1.x npm audit fix (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1780\"\u003e#1780\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/c95cc0943b045517e4cc414baf1f168b216c3142\"\u003e\u003ccode\u003ec95cc09\u003c/code\u003e\u003c/a\u003e Add typings exports (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1623\"\u003e#1623\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/ddadaa6cc633fb5db0c094bf031b15b68a357820\"\u003e\u003ccode\u003eddadaa6\u003c/code\u003e\u003c/a\u003e [v1.x] fix: add missing size field to ResourceSchema (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1575\"\u003e#1575\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/2a158513028d9f862c4188b6957e78cd5663f26b\"\u003e\u003ccode\u003e2a15851\u003c/code\u003e\u003c/a\u003e [v1.x] fix: disallow null (infinite) requested TTL (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1339\"\u003e#1339\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/13e30f1d36de8442417fec695983bdb155c00768\"\u003e\u003ccode\u003e13e30f1\u003c/code\u003e\u003c/a\u003e fix: treat v1.x as primary branch for npm latest tag (backport \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1577\"\u003e#1577\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1749\"\u003e#1749\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/a0565695218544fc53e99bf5b544a887d373cefa\"\u003e\u003ccode\u003ea056569\u003c/code\u003e\u003c/a\u003e chore: bump version to 1.28.0 (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1746\"\u003e#1746\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/1.23.0...v1.29.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `diff` from 7.0.0 to 9.0.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kpdecker/jsdiff/blob/master/release-notes.md\"\u003ediff's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e9.0.0\u003c/h2\u003e\n\u003cp\u003e(All changes part of PR \u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/672\"\u003e#672\u003c/a\u003e.)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eES5 support is dropped\u003c/strong\u003e. \u003ccode\u003eparsePatch\u003c/code\u003e now uses \u003ccode\u003eTextDecoder\u003c/code\u003e and \u003ccode\u003eUint8Array\u003c/code\u003e, which are not available in ES5, and TypeScript is now compiled with the \u0026quot;es6\u0026quot; \u003ccode\u003etarget\u003c/code\u003e. From now on, I intend to freely use any features that are deemed \u0026quot;Widely available\u0026quot; by \u003ca href=\"https://web.dev/baseline\"\u003eBaseline\u003c/a\u003e. Users who need ES5 support should stick to version 8.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eC-style quoted strings in filename headers are now properly supported\u003c/strong\u003e.\u003c/p\u003e\n\u003cp\u003eWhen the name of either the old or new file in a patch contains \u0026quot;special characters\u0026quot;, both GNU \u003ccode\u003ediff\u003c/code\u003e and Git quote the filename in the patch's headers and escape special characters using the same escape sequences that are used in string literals in C, including octal escapes for all non-ASCII characters. Previously, jsdiff had very little support for this; \u003ccode\u003eparsePatch\u003c/code\u003e would remove the quotes, and unescape any escaped backslashes, but would not unescape other escape sequences. \u003ccode\u003eformatPatch\u003c/code\u003e, meanwhile, did not quote or escape special characters at all.\u003c/p\u003e\n\u003cp\u003eNow, \u003ccode\u003eparsePatch\u003c/code\u003e parses all the possible escape sequences that GNU diff (or Git) ever output, and \u003ccode\u003eformatPatch\u003c/code\u003e quotes and escapes filenames containing special characters in the same way GNU diff does.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003eformatPatch\u003c/code\u003e now omits file headers when \u003ccode\u003eoldFileName\u003c/code\u003e or \u003ccode\u003enewFileName\u003c/code\u003e in the provided patch object are \u003ccode\u003eundefined\u003c/code\u003e\u003c/strong\u003e, regardless of the \u003ccode\u003eheaderOptions\u003c/code\u003e parameter. (Previously, it would treat the absence of \u003ccode\u003eoldFileName\u003c/code\u003e or \u003ccode\u003enewFileName\u003c/code\u003e as indicating the filename was the word \u0026quot;undefined\u0026quot; and emit headers \u003ccode\u003e--- undefined\u003c/code\u003e / \u003ccode\u003e+++ undefined\u003c/code\u003e.)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003eformatPatch\u003c/code\u003e no longer outputs trailing tab characters at the end of \u003ccode\u003e---\u003c/code\u003e/\u003ccode\u003e+++\u003c/code\u003e headers.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003ePreviously, if \u003ccode\u003eformatPatch\u003c/code\u003e was passed a patch object to serialize that had empty strings for the \u003ccode\u003eoldHeader\u003c/code\u003e or \u003ccode\u003enewHeader\u003c/code\u003e property, it would include a trailing tab character after the filename in the \u003ccode\u003e---\u003c/code\u003e and/or \u003ccode\u003e+++\u003c/code\u003e file header. Now, this scenario is treated the same as when \u003ccode\u003eoldHeader\u003c/code\u003e/\u003ccode\u003enewHeader\u003c/code\u003e is \u003ccode\u003eundefined\u003c/code\u003e - i.e. the trailing tab is omitted.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003eformatPatch\u003c/code\u003e no longer mutates its input\u003c/strong\u003e when serializing a patch containing a hunk where either the old or new content contained zero lines. (Such a hunk occurs only when the hunk has no context lines and represents a pure insertion or pure deletion, which for instance will occur whenever one of the two files being diffed is completely empty.) Previously \u003ccode\u003eformatPatch\u003c/code\u003e would provide the correct output but also mutate the \u003ccode\u003eoldLines\u003c/code\u003e or \u003ccode\u003enewLines\u003c/code\u003e property on the hunk, changing the meaning of the underlying patch.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eGit-style patches are now supported by \u003ccode\u003eparsePatch\u003c/code\u003e, \u003ccode\u003eformatPatch\u003c/code\u003e, and \u003ccode\u003ereversePatch\u003c/code\u003e\u003c/strong\u003e.\u003c/p\u003e\n\u003cp\u003ePatches output by \u003ccode\u003egit diff\u003c/code\u003e can include some features that are unlike those output by GNU \u003ccode\u003ediff\u003c/code\u003e, and therefore not handled by an ordinary unified diff format parser. An ordinary diff simply describes the differences between the \u003cem\u003econtent\u003c/em\u003e of two files, but Git diffs can also indicate, via \u0026quot;extended headers\u0026quot;, the creation or deletion of (potentially empty) files, indicate that a file was renamed, and contain information about file mode changes. Furthermore, when these changes appear in a diff in the absence of a content change (e.g. when an empty file is created, or a file is renamed without content changes), the patch will contain no associated \u003ccode\u003e---\u003c/code\u003e/\u003ccode\u003e+++\u003c/code\u003e file headers nor any hunks.\u003c/p\u003e\n\u003cp\u003ejsdiff previously did not support parsing Git's extended headers, nor hunkless patches. Now \u003ccode\u003eparsePatch\u003c/code\u003e parses some of the extended headers, parses hunkless Git patches, and can determine filenames (e.g. from the extended headers) when parsing a patch that includes no \u003ccode\u003e---\u003c/code\u003e or \u003ccode\u003e+++\u003c/code\u003e file headers. The additional information conveyed by the extended headers we support is recorded on new fields on the result object returned by \u003ccode\u003eparsePatch\u003c/code\u003e. See \u003ccode\u003eisGit\u003c/code\u003e and subsequent properties in the docs in the README.md file.\u003c/p\u003e\n\u003cp\u003e\u003ccode\u003eformatPatch\u003c/code\u003e now outputs extended headers based on these new Git-specific properties, and \u003ccode\u003ereversePatch\u003c/code\u003e respects them as far as possible (with one unavoidable caveat noted in the README.md file).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eUnpaired file headers now cause \u003ccode\u003eparsePatch\u003c/code\u003e to throw\u003c/strong\u003e.\u003c/p\u003e\n\u003cp\u003eIt remains acceptable to have a patch with no file headers whatsoever (e.g. one that begins with a \u003ccode\u003e@@\u003c/code\u003e hunk header on the very first line), but a patch with \u003cem\u003eonly\u003c/em\u003e a \u003ccode\u003e---\u003c/code\u003e header or only a \u003ccode\u003e+++\u003c/code\u003e header is now considered an error.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003eparsePatch\u003c/code\u003e is now more tolerant of \u0026quot;trailing garbage\u0026quot;\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eThat is: after a patch, or between files/indexes in a patch, it is now acceptable to have arbitrary lines of \u0026quot;garbage\u0026quot; (so long as they unambiguously have no syntactic meaning - e.g. trailing garbage that leads with a \u003ccode\u003e+\u003c/code\u003e, \u003ccode\u003e-\u003c/code\u003e, or \u003ccode\u003e \u003c/code\u003e and thus is interpretable as part of a hunk still triggers a throw).\u003c/p\u003e\n\u003cp\u003eThis means we no longer reject patches output by tools that include extra data in \u0026quot;garbage\u0026quot; lines not understood by generic unified diff parsers. (For example, SVN patches can include \u0026quot;Property changes on:\u0026quot; lines that generic unified diff parsers should discard as garbage; jsdiff previously threw errors when encountering them.)\u003c/p\u003e\n\u003cp\u003eThis change brings jsdiff's behaviour more in line with GNU \u003ccode\u003epatch\u003c/code\u003e, which is highly permissive of \u0026quot;garbage\u0026quot;.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eThe \u003ccode\u003eoldFileName\u003c/code\u003e and \u003ccode\u003enewFileName\u003c/code\u003e fields of \u003ccode\u003eStructuredPatch\u003c/code\u003e are now typed as \u003ccode\u003estring | undefined\u003c/code\u003e instead of \u003ccode\u003estring\u003c/code\u003e\u003c/strong\u003e. This type change reflects the (pre-existing) reality that \u003ccode\u003eparsePatch\u003c/code\u003e can produce patches without filenames (e.g. when parsing a patch that simply contains hunks with no file headers).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.0.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/667\"\u003e#667\u003c/a\u003e - \u003cstrong\u003efix another bug in \u003ccode\u003ediffWords\u003c/code\u003e when used with an \u003ccode\u003eIntl.Segmenter\u003c/code\u003e\u003c/strong\u003e. If the text to be diffed included a combining mark after a whitespace character (i.e. roughly speaking, an accented space), \u003ccode\u003ediffWords\u003c/code\u003e would previously crash. Now this case is handled correctly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.0.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/631\"\u003e#631\u003c/a\u003e - \u003cstrong\u003efix support for using an \u003ccode\u003eIntl.Segmenter\u003c/code\u003e with \u003ccode\u003ediffWords\u003c/code\u003e\u003c/strong\u003e. This has been almost completely broken since the feature was added in v6.0.0, since it would outright crash on any text that featured two consecutive newlines between a pair of words (a very common case).\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/635\"\u003e#635\u003c/a\u003e - \u003cstrong\u003esmall tweaks to tokenization behaviour of \u003ccode\u003ediffWords\u003c/code\u003e\u003c/strong\u003e when used \u003cem\u003ewithout\u003c/em\u003e an \u003ccode\u003eIntl.Segmenter\u003c/code\u003e. Specifically, the soft hyphen (U+00AD) is no longer considered to be a word break, and the multiplication and division signs (\u003ccode\u003e×\u003c/code\u003e and \u003ccode\u003e÷\u003c/code\u003e) are now treated as punctuation instead of as letters / word characters.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/ed13aca03aa25735fafc0645d1185e7a1c68fd8c\"\u003e\u003ccode\u003eed13aca\u003c/code\u003e\u003c/a\u003e Update version in package.json and in release notes (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/683\"\u003e#683\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/7a49317b503a932b88fc72ad9c57a481df038e24\"\u003e\u003ccode\u003e7a49317\u003c/code\u003e\u003c/a\u003e Bump dependencies again (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/682\"\u003e#682\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/afe5aecad189c9f5941ad3feb3c94c46b32ecb0a\"\u003e\u003ccode\u003eafe5aec\u003c/code\u003e\u003c/a\u003e Add Git support, and otherwise variously improve \u0026amp; fix parsePatch (and other ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/2e46779d8866ce7da1303a03db33ed038590c6f6\"\u003e\u003ccode\u003e2e46779\u003c/code\u003e\u003c/a\u003e Fix a typo (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/679\"\u003e#679\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/dd2f99497703a1540b2ae406b51c49b74b5fc1a1\"\u003e\u003ccode\u003edd2f994\u003c/code\u003e\u003c/a\u003e 8.0.4 release (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/678\"\u003e#678\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/3cc438434db53c5d1c40412b727ea7650f6f145a\"\u003e\u003ccode\u003e3cc4384\u003c/code\u003e\u003c/a\u003e Update docs on releasing to reflect migration to yarn berry (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/677\"\u003e#677\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/6fc2aa6b7672af08774b50aae00d97b99c5b5715\"\u003e\u003ccode\u003e6fc2aa6\u003c/code\u003e\u003c/a\u003e yarn up '*' \u0026amp;\u0026amp; yarn up -R '**' (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/676\"\u003e#676\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/af7393ac3404565dc8da655c2e7aeeed28c01ff7\"\u003e\u003ccode\u003eaf7393a\u003c/code\u003e\u003c/a\u003e yarn up '*' \u0026amp;\u0026amp; yarn up -R '**' (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/670\"\u003e#670\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/4b5d1800370bf29b61a3378fb8086aeb231d3ef7\"\u003e\u003ccode\u003e4b5d180\u003c/code\u003e\u003c/a\u003e Fix another bug in diffWords's \u0026quot;intlSegmenter\u0026quot; mode (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/667\"\u003e#667\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/10da50c466709e7bd4b192dac96af0af46f8b7bd\"\u003e\u003ccode\u003e10da50c\u003c/code\u003e\u003c/a\u003e yarn up '*' \u0026amp;\u0026amp; yarn up -R '**' (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/666\"\u003e#666\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kpdecker/jsdiff/compare/7.0.0...v9.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `undici` from 7.15.0 to 7.25.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodejs/undici/releases\"\u003eundici's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.25.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.24.8...v7.25.0\"\u003ehttps://github.com/nodejs/undici/compare/v7.24.8...v7.25.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.24.8\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: backport 401 stream-backed body fix to v7.x by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/5006\"\u003enodejs/undici#5006\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.24.7...v7.24.8\"\u003ehttps://github.com/nodejs/undici/compare/v7.24.7...v7.24.8\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.24.7\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: update broken links in file \u0026quot;Dispatcher.md\u0026quot; by \u003ca href=\"https://github.com/samuel871211\"\u003e\u003ccode\u003e@​samuel871211\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4924\"\u003enodejs/undici#4924\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edoc: remove unused parameter \u003ccode\u003eredirectionLimitReached\u003c/code\u003e by \u003ca href=\"https://github.com/samuel871211\"\u003e\u003ccode\u003e@​samuel871211\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4933\"\u003enodejs/undici#4933\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: skip flaky macOS Node 20 cookie fetch cases by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4932\"\u003enodejs/undici#4932\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(types): align Response with DOM fetch types by \u003ca href=\"https://github.com/theamodhshetty\"\u003e\u003ccode\u003e@​theamodhshetty\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4867\"\u003enodejs/undici#4867\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(types): Fix clone method type declaration to be an instance method rather than instance property by \u003ca href=\"https://github.com/mistval\"\u003e\u003ccode\u003e@​mistval\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4925\"\u003enodejs/undici#4925\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: skip IPv6 tests when IPv6 is not available by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4939\"\u003enodejs/undici#4939\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: correctly handle multi-value rawHeaders in fetch by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4938\"\u003enodejs/undici#4938\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eignore AGENTS.md by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4942\"\u003enodejs/undici#4942\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/samuel871211\"\u003e\u003ccode\u003e@​samuel871211\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4924\"\u003enodejs/undici#4924\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mistval\"\u003e\u003ccode\u003e@​mistval\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4925\"\u003enodejs/undici#4925\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.24.6...v7.24.7\"\u003ehttps://github.com/nodejs/undici/compare/v7.24.6...v7.24.7\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.24.6\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(test): client wasm compatible with clang 22 by \u003ca href=\"https://github.com/rozzilla\"\u003e\u003ccode\u003e@​rozzilla\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4909\"\u003enodejs/undici#4909\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(mock): improve error message when intercepts are exhausted by \u003ca href=\"https://github.com/travisbreaks\"\u003e\u003ccode\u003e@​travisbreaks\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4912\"\u003enodejs/undici#4912\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(websocket): support open diagnostics over h2 by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4921\"\u003enodejs/undici#4921\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: assume http/https scheme for scheme-less proxy env vars by \u003ca href=\"https://github.com/travisbreaks\"\u003e\u003ccode\u003e@​travisbreaks\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4914\"\u003enodejs/undici#4914\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(cache): check Authorization on request headers per RFC 9111 §3.5 by \u003ca href=\"https://github.com/metalix2\"\u003e\u003ccode\u003e@​metalix2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4911\"\u003enodejs/undici#4911\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: wrap kConnector call in try/catch to prevent client hang by \u003ca href=\"https://github.com/veeceey\"\u003e\u003ccode\u003e@​veeceey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4834\"\u003enodejs/undici#4834\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: clarify fetch and FormData pairing by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4922\"\u003enodejs/undici#4922\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: support Connection header with connection-specific header names per RFC 7230 by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4775\"\u003enodejs/undici#4775\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: avoid prototype collisions in parseHeaders by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4923\"\u003enodejs/undici#4923\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump typescript from 5.9.3 to 6.0.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4926\"\u003enodejs/undici#4926\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: auto-init WPT submodule by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4930\"\u003enodejs/undici#4930\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rozzilla\"\u003e\u003ccode\u003e@​rozzilla\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4909\"\u003enodejs/undici#4909\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/veeceey\"\u003e\u003ccode\u003e@​veeceey\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4834\"\u003enodejs/undici#4834\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.24.5...v7.24.6\"\u003ehttps://github.com/nodejs/undici/compare/v7.24.5...v7.24.6\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/12d9045923b7caebb1ae6975ef34c29dbcfd95d0\"\u003e\u003ccode\u003e12d9045\u003c/code\u003e\u003c/a\u003e Bumped v7.25.0 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/5025\"\u003e#5025\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/7a6f7febb30a30748a04f38c21e3641c77d21b0e\"\u003e\u003ccode\u003e7a6f7fe\u003c/code\u003e\u003c/a\u003e Bumped v7.24.8 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/5020\"\u003e#5020\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/1f85ae4b27ed6401e7ccc35eb546ad2e5976121f\"\u003e\u003ccode\u003e1f85ae4\u003c/code\u003e\u003c/a\u003e fix: avoid 401 failures for stream-backed request bodies (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4941\"\u003e#4941\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/5006\"\u003e#5006\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/c6610674dfad7c205ddf0f27831133973ad7894e\"\u003e\u003ccode\u003ec661067\u003c/code\u003e\u003c/a\u003e chore: update v7.x maintenance release flow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/84f23e2a19cd0f585579c4257d801e4ec2d65dbd\"\u003e\u003ccode\u003e84f23e2\u003c/code\u003e\u003c/a\u003e Bumped v7.24.7 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4947\"\u003e#4947\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/a770b1033201984b9e8082a9bf955414bff5dc2e\"\u003e\u003ccode\u003ea770b10\u003c/code\u003e\u003c/a\u003e ignore AGENTS.md (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4942\"\u003e#4942\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/6acd19beaf67c1a2d07bcd38f40d0b751a81e7cc\"\u003e\u003ccode\u003e6acd19b\u003c/code\u003e\u003c/a\u003e fix: correctly handle multi-value rawHeaders in fetch (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4938\"\u003e#4938\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/1da1c747c7d6e01b93ab295e0efb86623f3c8e06\"\u003e\u003ccode\u003e1da1c74\u003c/code\u003e\u003c/a\u003e test: skip IPv6 tests when IPv6 is not available (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4939\"\u003e#4939\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/04cb77327f7ada95c2e5b67424cddcb22d7bf882\"\u003e\u003ccode\u003e04cb773\u003c/code\u003e\u003c/a\u003e fix(types): Fix clone method type declaration to be an instance method rather...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/5145a7c47080d1715b2723591def3a75b0c3ba63\"\u003e\u003ccode\u003e5145a7c\u003c/code\u003e\u003c/a\u003e fix(types): align Response with DOM fetch types (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4867\"\u003e#4867\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nodejs/undici/compare/v7.15.0...v7.25.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for undici since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ajv` from 8.17.1 to 8.18.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ajv-validator/ajv/releases\"\u003eajv's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.18.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: allow tree-shaking by adding \u003ccode\u003e\u0026quot;sideEffects\u0026quot;: false\u003c/code\u003e to \u003ccode\u003epackage.json\u003c/code\u003e by \u003ca href=\"https://github.com/josdejong\"\u003e\u003ccode\u003e@​josdejong\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2480\"\u003eajv-validator/ajv#2480\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2482\"\u003e#2482\u003c/a\u003e Infinity and NaN serialise to null by \u003ca href=\"https://github.com/jasoniangreen\"\u003e\u003ccode\u003e@​jasoniangreen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2487\"\u003eajv-validator/ajv#2487\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: small grammatical error in managing-schemas.md by \u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2508\"\u003eajv-validator/ajv#2508\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: typos in schema-language.md by \u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2507\"\u003eajv-validator/ajv#2507\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(pattern): use configured RegExp engine with $data keyword to mitigate ReDoS attacks (CVE-2025-69873) by \u003ca href=\"https://github.com/epoberezkin\"\u003e\u003ccode\u003e@​epoberezkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2586\"\u003eajv-validator/ajv#2586\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/josdejong\"\u003e\u003ccode\u003e@​josdejong\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2480\"\u003eajv-validator/ajv#2480\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2508\"\u003eajv-validator/ajv#2508\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0\"\u003ehttps://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/142ce84b807c4fe66e619c22480a28d0e4bd50fa\"\u003e\u003ccode\u003e142ce84\u003c/code\u003e\u003c/a\u003e 8.18.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/720a23fa453ffae8340e92c9b0fe886c54cfe0d5\"\u003e\u003ccode\u003e720a23f\u003c/code\u003e\u003c/a\u003e fix(pattern): use configured RegExp engine with $data keyword to mitigate ReD...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/82735a15826a30cc51e97a1bbfb59b3d388e4b98\"\u003e\u003ccode\u003e82735a1\u003c/code\u003e\u003c/a\u003e fix: typos in schema-language.md (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2507\"\u003e#2507\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/b17ec32cd97542e90ae27231d8a8bce88b9e53b6\"\u003e\u003ccode\u003eb17ec32\u003c/code\u003e\u003c/a\u003e fix: small grammatical error in managing-schemas.md (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2508\"\u003e#2508\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/69568d08564303e2c32a2de61feb833b41075f96\"\u003e\u003ccode\u003e69568d0\u003c/code\u003e\u003c/a\u003e fix: \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2482\"\u003e#2482\u003c/a\u003e Infinity and NaN serialise to null (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2487\"\u003e#2487\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/f06766f33ed7291f84c19f22a1286a34475fbdaf\"\u003e\u003ccode\u003ef06766f\u003c/code\u003e\u003c/a\u003e feat: allow tree-shaking by adding ``\u0026quot;sideEffects\u0026quot;: false\u003ccode\u003eto\u003c/code\u003epackage.json` ...\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `picomatch` from 4.0.3 to 4.0.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/releases\"\u003epicomatch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.0.4\u003c/h2\u003e\n\u003cp\u003eThis is a security release fixing several security relevant issues.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj\"\u003eCVE-2026-33671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p\"\u003eCVE-2026-33672\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/micromatch/picomatch/compare/4.0.3...4.0.4\"\u003ehttps://github.com/micromatch/picomatch/compare/4.0.3...4.0.4\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/e5474fc1a4d7991870058170407dda8a42be5334\"\u003e\u003ccode\u003ee5474fc\u003c/code\u003e\u003c/a\u003e Publish 4.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/4516eb521f13a46b2fe1a1d2c9ef6b20ddc0e903\"\u003e\u003ccode\u003e4516eb5\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/5eceecd27543b8e056b9307d69e105ea03618a7d\"\u003e\u003ccode\u003e5eceecd\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/0db7dd70651ca7c8265601c0442a996ed32e3238\"\u003e\u003ccode\u003e0db7dd7\u003c/code\u003e\u003c/a\u003e Run benchmark again against latest minimatch version (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/161\"\u003e#161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/95003777eb1c60dec09495a8231fa2ba4054d76a\"\u003e\u003ccode\u003e9500377\u003c/code\u003e\u003c/a\u003e docs: clarify what brace expansion syntax is and isn't supported (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/134\"\u003e#134\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/2661f23eca86c8b4a2b14815b9b2b3b74bd5a171\"\u003e\u003ccode\u003e2661f23\u003c/code\u003e\u003c/a\u003e fix typo in globstars.js test name (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/138\"\u003e#138\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/1798b07e9df59500b9cf567294d44d559032f4c7\"\u003e\u003ccode\u003e1798b07\u003c/code\u003e\u003c/a\u003e docs: fix \u003ccode\u003emakeRe\u003c/code\u003e example (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/143\"\u003e#143\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/9d76bc57a03b7f57cc4ca516c8071daf632bafd8\"\u003e\u003ccode\u003e9d76bc5\u003c/code\u003e\u003c/a\u003e chore: undocument removed options (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/146\"\u003e#146\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/e4d718bbfb47e4f030ab2612b5b04a9297fe272d\"\u003e\u003ccode\u003ee4d718b\u003c/code\u003e\u003c/a\u003e Remove unused time-require (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/160\"\u003e#160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/38dffeb16221cc8eb8981524fb6895dd2aaaba76\"\u003e\u003ccode\u003e38dffeb\u003c/code\u003e\u003c/a\u003e chore(deps): pin dependencies (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/158\"\u003e#158\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/micromatch/picomatch/compare/4.0.3...4.0.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `vite` from 7.2.2 to 7.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/releases\"\u003evite's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.3.2\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.2/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.3.1\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.1/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.3.0\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.0/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.2.7\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.7/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.2.6\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.6/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.2.5\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.5/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eNote: 7.2.5 failed to publish so it is skipped on npm\u003c/em\u003e\u003c/p\u003e\n\u003ch2\u003ev7.2.4\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.4/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.2.3\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.3/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.2/packages/vite/CHANGELOG.md\"\u003evite's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.3.1...v7.3.2\"\u003e7.3.2\u003c/a\u003e (2026-04-06)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eavoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22161\"\u003e#22161\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/09d8c903bde12fee2710314d3b42bc789c686df7\"\u003e09d8c90\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebackport \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22159\"\u003e#22159\u003c/a\u003e, apply server.fs check to env transport (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22162\"\u003e#22162\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/19db0f29c3a3ac4e64cc95c270716c77fd223ad1\"\u003e19db0f2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echeck \u003ccode\u003eserver.fs\u003c/code\u003e after stripping query as well (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22160\"\u003e#22160\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/f8103cc946f137a54e395fe3f5d08e8209231ed6\"\u003ef8103cc\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.3.0...v7.3.1\"\u003e7.3.1\u003c/a\u003e (2026-01-07)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003eignoreOutdatedRequests\u003c/code\u003e option to \u003ccode\u003eoptimizeDeps\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21364\"\u003e#21364\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/9d39d373a7b4e0a93322b70b9dbeb202af06af3e\"\u003e9d39d37\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.2.7...v7.3.0\"\u003e7.3.0\u003c/a\u003e (2025-12-15)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update esbuild from ^0.25.0 to ^0.27.0 (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21183\"\u003e#21183\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/cff26ec0fc13373d7125a5eac6cb01fe63fee4b1\"\u003ecff26ec\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.2.6...v7.2.7\"\u003e7.2.7\u003c/a\u003e (2025-12-08)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eplugin shortcut support (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21211\"\u003e#21211\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/721f16343d9555ae8fc71a2e5354b22e12ff0dc3\"\u003e721f163\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.2.5...v7.2.6\"\u003e7.2.6\u003c/a\u003e (2025-12-01)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.2.4...v7.2.5\"\u003e7.2.5\u003c/a\u003e (2025-12-01)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003econfig:\u003c/strong\u003e handle shebang properly (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21158\"\u003e#21158\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/df5a30d2690a2ebc4824a79becdcef30538dc602\"\u003edf5a30d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update all non-major dependencies (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21146\"\u003e#21146\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/a3cd262f37228967e455617e982b35fccc49ffe9\"\u003ea3cd262\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update all non-major dependencies (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21175\"\u003e#21175\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/72e398a46d8d2f54fbcbeb9ff0dceab346aeb642\"\u003e72e398a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix \u003ccode\u003eexternal: true\u003c/code\u003e merging (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21164\"\u003e#21164\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/5ef557a96c4a1f2b3a3aa25c12df3ee87b4a03f5\"\u003e5ef557a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eshortcuts not rebound after server restart (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21166\"\u003e#21166\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/3765f7baea36234bf3816eeed38776d27bfd3649\"\u003e3765f7b\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance Improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e replace debug with obug (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21137\"\u003e#21137\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/203a5512a42a1031f685993f5d9cbae5f328354f\"\u003e203a551\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eclarify manifest.json \u003ccode\u003eimports\u003c/code\u003e field is JS chunks only (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21136\"\u003e#21136\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/46d3077f2b63771cc50230bc907c48f5773c00fb\"\u003e46d3077\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMiscellaneous Chores\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update rolldown-related dependencies (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21174\"\u003e#21174\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/74559c947483a8ee24da052ac2d9568f7cb3546a\"\u003e74559c9\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.2.3...v7.2.4\"\u003e7.2.4\u003c/a\u003e (2025-11-20)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003erevert \u0026quot;perf(deps): replace debug with obug (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21107\"\u003e#21107\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://github.com/vitejs/vite/commit/2d66b7b14aa6dfd62f3d6a59ee8382ed5ca6fd32\"\u003e2d66b7b\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.2.2...v7.2.3\"\u003e7.2.3\u003c/a\u003e (2025-11-20)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/cc383e07b66d4c5a9768fcb570e0af812cb8d999\"\u003e\u003ccode\u003ecc383e0\u003c/code\u003e\u003c/a\u003e release: v7.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/09d8c903bde12fee2710314d3b42bc789c686df7\"\u003e\u003ccode\u003e09d8c90\u003c/code\u003e\u003c/a\u003e fix: avoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22161\"\u003e#22161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/f8103cc946f137a54e395fe3f5d08e8209231ed6\"\u003e\u003ccode\u003ef8103cc\u003c/code\u003e\u003c/a\u003e fix: check \u003ccode\u003eserver.fs\u003c/code\u003e after stripping query as well (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22160\"\u003e#22160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/19db0f29c3a3ac4e64cc95c270716c77fd223ad1\"\u003e\u003ccode\u003e19db0f2\u003c/code\u003e\u003c/a\u003e fix: backport \u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22159\"\u003e#22159\u003c/a\u003e, apply server.fs check to env transport (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22162\"\u003e#22162\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/95e8923f35d0252c9f6eb2d5e358c084542706f1\"\u003e\u003ccode\u003e95e8923\u003c/code\u003e\u003c/a\u003e release: v7.3.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/9d39d373a7b4e0a93322b70b9dbeb202af06af3e\"\u003e\u003ccode\u003e9d39d37\u003c/code\u003e\u003c/a\u003e feat: add \u003ccode\u003eignoreOutdatedRequests\u003c/code\u003e option to \u003ccode\u003eoptimizeDeps\u003c/code\u003e (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/21364\"\u003e#21364\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/acf7e05eaeb18e98f5e19e2d3e648950726f20d1\"\u003e\u003ccode\u003eacf7e05\u003c/code\u003e\u003c/a\u003e release: v7.3.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/cff26ec0fc13373d7125a5eac6cb01fe63fee4b1\"\u003e\u003ccode\u003ecff26ec\u003c/code\u003e\u003c/a\u003e feat(deps): update esbuild from ^0.25.0 to ^0.27.0 (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/21183\"\u003e#21183\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/317b3b272f9ef6faa647a51ab3b0768fecc1071d\"\u003e\u003ccode\u003e317b3b2\u003c/code\u003e\u003c/a\u003e release: v7.2.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/721f16343d9555ae8fc71a2e5354b22e12ff0dc3\"\u003e\u003ccode\u003e721f163\u003c/code\u003e\u003c/a\u003e fix: plugin shortcut support (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/21211\"\u003e#21211\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vitejs/vite/commits/v7.3.2/packages/vite\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@isaacs/brace-expansion` from 5.0.0 to 5.0.1\n\nUpdates `@opentelemetry/exporter-prometheus` from 0.203.0 to 0.218.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/releases\"\u003e@​opentelemetry/exporter-prometheus's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eexperimental/v0.218.0\u003c/h2\u003e\n\u003ch2\u003e0.218.0\u003c/h2\u003e\n\u003ch3\u003e:rocket: Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat(otlp-transformer): replace protobufjs metrics serialization with custom implementation \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6629\"\u003e#6625\u003c/a\u003e \u003ca href=\"https://github.com/pichlermarc\"\u003e\u003ccode\u003e@​pichlermarc\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(configuration): show all config validation errors, if there are multiple \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6683\"\u003e#6683\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(sdk-node): allow startNodeSDK() without an arg \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6688\"\u003e#6688\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e:house: Internal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003erefactor(sdk-logs): alias \u003ccode\u003eLoggerProviderConfig\u003c/code\u003e to \u003ccode\u003eLoggerProviderOptions\u003c/code\u003e \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6691\"\u003e#6691\u003c/a\u003e \u003ca href=\"https://github.com/david-luna\"\u003e\u003ccode\u003e@​david-luna\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erefactor(sdk-logs): use \u003ccode\u003eLogger.enabled()\u003c/code\u003e within \u003ccode\u003eLogger.emit()\u003c/code\u003e implementation \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6680\"\u003e#6680\u003c/a\u003e \u003ca href=\"https://github.com/david-luna\"\u003e\u003ccode\u003e@​david-luna\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eexperimental/v0.217.0\u003c/h2\u003e\n\u003ch2\u003e0.217.0\u003c/h2\u003e\n\u003ch3\u003e:rocket: Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat(otlp-transformer): replace protobufjs trace serialization with custom implementation \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6625\"\u003e#6625\u003c/a\u003e \u003ca href=\"https://github.com/pichlermarc\"\u003e\u003ccode\u003e@​pichlermarc\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(configuration): auto-generate TypeScript types from OTel declarative config JSON schema (stable v1.0.0) using \u003ccode\u003ejson-schema-to-typescript\u003c/code\u003e and \u003ccode\u003eajv\u003c/code\u003e \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6533\"\u003e#6533\u003c/a\u003e \u003ca href=\"https://github.com/MikeGoldsmith\"\u003e\u003ccode\u003e@​MikeGoldsmith\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(configuration, sdk-node): \u003ccode\u003estartNodeSDK()\u003c/code\u003e code path now uses \u003ccode\u003elog_level\u003c/code\u003e configuration to setup a DiagConsoleLogger \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6668\"\u003e#6668\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eNote that allowed values for \u003ccode\u003elog_level\u003c/code\u003e in a configuration YAML file are \u003cem\u003enot\u003c/em\u003e the same set as for \u003ccode\u003eOTEL_LOG_LEVEL\u003c/code\u003e. Use \u003ccode\u003elog_level: trace\u003c/code\u003e to see \u003cem\u003eall\u003c/em\u003e logs (equivalent of \u003ccode\u003eOTEL_LOG_LEVEL=ALL\u003c/code\u003e). Use \u003ccode\u003elog_level: fatal\u003c/code\u003e to effectively disable the SDK's internal diagnostic logger (equivalent of \u003ccode\u003eOTEL_LOG_LEVEL=NONE\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eIf \u003ccode\u003elog_level\u003c/code\u003e is not specified, a diagnostic console logger at \u0026quot;info\u0026quot; level will be setup.\u003c/li\u003e\n\u003cli\u003eAn invalid YAML config file will now result in a noop OTel SDK.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e:bug: Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix(configuration): do not validate \u003ccode\u003eOTEL_CONFIG_FILE\u003c/code\u003e value before using it for file config \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6643\"\u003e#6643\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(configuration): improve how 'additionalProperties' in JSON schema is translated to TS types \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6650\"\u003e#6650\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(configuration): remove stripMinItems and preprocessNullArrays from validation/parsing \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6657\"\u003e#6657\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(configuration): improve handling of enums in generated types \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6659\"\u003e#6659\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(configuration): improve the technique for removing '| null' on types the JSON Schema \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6662\"\u003e#6662\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(sampler-jaeger-remote): add missing axios dep \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6656\"\u003e#6656\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(exporter-prometheus): handle malformed URLs in Prometheus exporter request handler \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6674\"\u003e#6674\u003c/a\u003e \u003ca href=\"https://github.com/homanp\"\u003e\u003ccode\u003e@​homanp\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eexperimental/v0.216.0\u003c/h2\u003e\n\u003ch2\u003e0.216.0\u003c/h2\u003e\n\u003ch3\u003e:rocket: Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat(sdk-node): wire attribute_keys from declarative configuration to ViewOptions.attributesProcessors \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6427\"\u003e#6427\u003c/a\u003e \u003ca href=\"https://github.com/ravitheja4531-cell\"\u003e\u003ccode\u003e@​ravitheja4531-cell\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(sdk-node): set TracerProvider in startNodeSDK() \u003ca ...\n\n_Description has been truncated_","html_url":"https://github.com/cosmiccareer/terminai/pull/13","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/cosmiccareer%2Fterminai/issues/13","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/13/packages"}},{"old_version":"3.2.2","new_version":"3.2.3","update_type":"patch","path":null,"pr_created_at":"2026-05-22T05:56:45.000Z","version_change":"3.2.2 → 3.2.3","issue":{"uuid":"4500243369","node_id":"PR_kwDOQzTyFs7eORM-","number":9,"state":"closed","title":"Bump the npm_and_yarn group across 15 directories with 24 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-22T11:28:11.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-22T05:56:45.000Z","updated_at":"2026-05-22T11:28:13.000Z","time_to_close":19886,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":24,"packages":[{"name":"rollup","old_version":"3.29.5","new_version":"3.30.0","repository_url":"https://github.com/rollup/rollup"},{"name":"undici","old_version":"5.28.4","new_version":"6.24.0","repository_url":"https://github.com/nodejs/undici"},{"name":"electron","old_version":"23.1.2","new_version":"39.8.5","repository_url":"https://github.com/electron/electron"},{"name":"webpack","old_version":"5.82.1","new_version":"5.104.1","repository_url":"https://github.com/webpack/webpack"},{"name":"webpack-dev-server","old_version":"4.15.0","new_version":"5.2.4","repository_url":"https://github.com/webpack/webpack-dev-server"},{"name":"immutable","old_version":"4.0.0-rc.12","new_version":"4.3.8","repository_url":"https://github.com/immutable-js/immutable-js"},{"name":"@tootallnate/once","old_version":"2.0.0","new_version":"2.0.1","repository_url":"https://github.com/TooTallNate/once"},{"name":"fast-xml-parser","old_version":"3.19.0","new_version":"3.21.1","repository_url":"https://github.com/NaturalIntelligence/fast-xml-parser"},{"name":"flatted","old_version":"3.2.7","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"follow-redirects","old_version":"1.15.6","new_version":"1.16.0","repository_url":"https://github.com/follow-redirects/follow-redirects"},{"name":"jws","old_version":"3.2.2","new_version":"3.2.3","repository_url":"https://github.com/brianloveswords/node-jws"},{"name":"lodash","old_version":"4.17.21","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"node-forge","old_version":"1.3.1","new_version":"1.4.0","repository_url":"https://github.com/digitalbazaar/forge"},{"name":"postcss","old_version":"6.0.23","new_version":"8.5.15","repository_url":"https://github.com/postcss/postcss"},{"name":"protocol-buffers-schema","old_version":"3.3.2","new_version":"3.6.1","repository_url":"https://github.com/mafintosh/protocol-buffers-schema"},{"name":"simple-git","old_version":"3.28.0","new_version":"3.36.0","repository_url":"https://github.com/steveukx/git-js"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 16 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [rollup](https://github.com/rollup/rollup) | `3.29.5` | `3.30.0` |\n| [undici](https://github.com/nodejs/undici) | `5.28.4` | `6.24.0` |\n| [electron](https://github.com/electron/electron) | `23.1.2` | `39.8.5` |\n| [webpack](https://github.com/webpack/webpack) | `5.82.1` | `5.104.1` |\n| [webpack-dev-server](https://github.com/webpack/webpack-dev-server) | `4.15.0` | `5.2.4` |\n| [immutable](https://github.com/immutable-js/immutable-js) | `4.0.0-rc.12` | `4.3.8` |\n| [@tootallnate/once](https://github.com/TooTallNate/once) | `2.0.0` | `2.0.1` |\n| [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) | `3.19.0` | `3.21.1` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.2.7` | `3.4.2` |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.6` | `1.16.0` |\n| [jws](https://github.com/brianloveswords/node-jws) | `3.2.2` | `3.2.3` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [node-forge](https://github.com/digitalbazaar/forge) | `1.3.1` | `1.4.0` |\n| [postcss](https://github.com/postcss/postcss) | `6.0.23` | `8.5.15` |\n| [protocol-buffers-schema](https://github.com/mafintosh/protocol-buffers-schema) | `3.3.2` | `3.6.1` |\n| [simple-git](https://github.com/steveukx/git-js/tree/HEAD/simple-git) | `3.28.0` | `3.36.0` |\n\nBumps the npm_and_yarn group with 7 updates in the /compiler/apps/playground directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [ajv](https://github.com/ajv-validator/ajv) | `6.12.6` | `6.15.0` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.1` | `3.4.2` |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.9` | `1.16.0` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [postcss](https://github.com/postcss/postcss) | `8.4.47` | `8.5.10` |\n| [next](https://github.com/vercel/next.js) | `15.5.9` | `15.5.18` |\n\nBumps the npm_and_yarn group with 2 updates in the /fixtures/attribute-behavior directory: [diff](https://github.com/kpdecker/jsdiff) and [lodash](https://github.com/lodash/lodash).\nBumps the npm_and_yarn group with 4 updates in the /fixtures/concurrent/time-slicing directory: [diff](https://github.com/kpdecker/jsdiff), [follow-redirects](https://github.com/follow-redirects/follow-redirects), [lodash](https://github.com/lodash/lodash) and [picomatch](https://github.com/micromatch/picomatch).\nBumps the npm_and_yarn group with 4 updates in the /fixtures/dom directory: [diff](https://github.com/kpdecker/jsdiff), [follow-redirects](https://github.com/follow-redirects/follow-redirects), [lodash](https://github.com/lodash/lodash) and [picomatch](https://github.com/micromatch/picomatch).\nBumps the npm_and_yarn group with 2 updates in the /fixtures/expiration directory: [diff](https://github.com/kpdecker/jsdiff) and [lodash](https://github.com/lodash/lodash).\nBumps the npm_and_yarn group with 1 update in the /fixtures/fiber-debugger directory: [diff](https://github.com/kpdecker/jsdiff).\nBumps the npm_and_yarn group with 6 updates in the /fixtures/flight directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [undici](https://github.com/nodejs/undici) | `5.28.4` | `6.24.0` |\n| [webpack](https://github.com/webpack/webpack) | `5.93.0` | `5.104.1` |\n| [@babel/plugin-transform-modules-systemjs](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs) | `7.18.9` | `7.29.4` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.11` | `4.18.1` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.2.2` | `2.3.2` |\n| [postcss](https://github.com/postcss/postcss) | `8.4.16` | `8.5.10` |\n\nBumps the npm_and_yarn group with 8 updates in the /fixtures/owner-stacks directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [rollup](https://github.com/rollup/rollup) | `2.79.2` | `2.80.0` |\n| [webpack](https://github.com/webpack/webpack) | `5.97.1` | `5.107.1` |\n| [@babel/plugin-transform-modules-systemjs](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs) | `7.25.9` | `7.29.4` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.2` | `3.4.2` |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.9` | `1.16.0` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [node-forge](https://github.com/digitalbazaar/forge) | `1.3.1` | `1.4.0` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n\nBumps the npm_and_yarn group with 3 updates in the /fixtures/ssr directory: [diff](https://github.com/kpdecker/jsdiff), [follow-redirects](https://github.com/follow-redirects/follow-redirects) and [lodash](https://github.com/lodash/lodash).\nBumps the npm_and_yarn group with 8 updates in the /fixtures/view-transition directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [rollup](https://github.com/rollup/rollup) | `2.79.2` | `2.80.0` |\n| [webpack](https://github.com/webpack/webpack) | `5.97.1` | `5.107.1` |\n| [@babel/plugin-transform-modules-systemjs](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs) | `7.25.9` | `7.29.4` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.2` | `3.4.2` |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.9` | `1.16.0` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [node-forge](https://github.com/digitalbazaar/forge) | `1.3.1` | `1.4.0` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n\nBumps the npm_and_yarn group with 1 update in the /packages/react-devtools-extensions directory: [webpack-dev-server](https://github.com/webpack/webpack-dev-server).\nBumps the npm_and_yarn group with 1 update in the /packages/react-devtools-inline directory: [webpack-dev-server](https://github.com/webpack/webpack-dev-server).\nBumps the npm_and_yarn group with 1 update in the /packages/react-devtools-shell directory: [webpack-dev-server](https://github.com/webpack/webpack-dev-server).\nBumps the npm_and_yarn group with 1 update in the /packages/react-devtools-timeline directory: [webpack-dev-server](https://github.com/webpack/webpack-dev-server).\n\nUpdates `minimatch` from 3.0.4 to 3.1.2\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/699c459443a6bd98f5b28197978f76e7f71467ac\"\u003e\u003ccode\u003e699c459\u003c/code\u003e\u003c/a\u003e 3.1.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/2f2b5ff1bb1b6a01f4404f7e475f0a2cba578ab7\"\u003e\u003ccode\u003e2f2b5ff\u003c/code\u003e\u003c/a\u003e fix: trim pattern\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/25d7c0d09c47063c9b0d2ace17ef8e951d90eccc\"\u003e\u003ccode\u003e25d7c0d\u003c/code\u003e\u003c/a\u003e 3.1.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/55dda291dfb595bd11b4edb19b45dd98eda76de0\"\u003e\u003ccode\u003e55dda29\u003c/code\u003e\u003c/a\u003e fix: treat nocase:true as always having magic\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/5e1fb8dd2bb78c0ae22101b9229fac4c76ef039e\"\u003e\u003ccode\u003e5e1fb8d\u003c/code\u003e\u003c/a\u003e 3.1.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/f8145c54f34075069f4a23cb214d871da4cd4006\"\u003e\u003ccode\u003ef8145c5\u003c/code\u003e\u003c/a\u003e Add 'allowWindowsEscape' option\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/570e8b1aef6c9e823a824aa0b9be10db43857cd7\"\u003e\u003ccode\u003e570e8b1\u003c/code\u003e\u003c/a\u003e add publishConfig for v3 publishes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/5b7cd3372be253759fb4d865eb3f38f189a5fcdf\"\u003e\u003ccode\u003e5b7cd33\u003c/code\u003e\u003c/a\u003e 3.0.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/20b4b562830680867feb75f9c635aca08e5c86ff\"\u003e\u003ccode\u003e20b4b56\u003c/code\u003e\u003c/a\u003e [fix] revert all breaking syntax changes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/2ff038852ec03e85e60e0eb333005c680ac8a543\"\u003e\u003ccode\u003e2ff0388\u003c/code\u003e\u003c/a\u003e document, expose, and test 'partial:true' option\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v3.0.4...v3.1.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rollup` from 3.29.5 to 3.30.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rollup/rollup/releases\"\u003erollup's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.30.0\u003c/h2\u003e\n\u003ch2\u003e3.30.0\u003c/h2\u003e\n\u003cp\u003e\u003cem\u003e2026-02-22\u003c/em\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThrow when the generated bundle contains paths that would leave the output directory (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6276\"\u003e#6276\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePull Requests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6276\"\u003e#6276\u003c/a\u003e: Validate bundle stays within output dir (\u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rollup/rollup/blob/v3.30.0/CHANGELOG.md\"\u003erollup's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.30.0\u003c/h2\u003e\n\u003cp\u003e\u003cem\u003e2026-02-22\u003c/em\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThrow when the generated bundle contains paths that would leave the output directory (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6276\"\u003e#6276\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePull Requests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6276\"\u003e#6276\u003c/a\u003e: Validate bundle stays within output dir (\u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/d91d5e11becc2f16d3a493231fb5bf48f74758a9\"\u003e\u003ccode\u003ed91d5e1\u003c/code\u003e\u003c/a\u003e 3.30.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/967740910dc90f3c928c91642f2b80c1ed40d60b\"\u003e\u003ccode\u003e9677409\u003c/code\u003e\u003c/a\u003e Update release script for backports\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/c8cf1f9c48c516285758c1e11f08a54f304fd44e\"\u003e\u003ccode\u003ec8cf1f9\u003c/code\u003e\u003c/a\u003e Validate bundle stays within output dir (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6276\"\u003e#6276\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/rollup/rollup/compare/v3.29.5...v3.30.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `undici` from 5.28.4 to 6.24.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodejs/undici/releases\"\u003eundici's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.24.0\u003c/h2\u003e\n\u003ch1\u003eUndici v6.24.0 Security Release Notes (LTS)\u003c/h1\u003e\n\u003cp\u003eThis release backports fixes for security vulnerabilities affecting the v6 line.\u003c/p\u003e\n\u003ch2\u003eUpgrade guidance\u003c/h2\u003e\n\u003cp\u003eAll users on v6 should upgrade to \u003cstrong\u003ev6.24.0\u003c/strong\u003e or later.\u003c/p\u003e\n\u003ch2\u003eFixed advisories\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-6q6p-2qxm\"\u003eGHSA-2mjp-6q6p-2qxm\u003c/a\u003e / CVE-2026-1525 (Medium)\u003cbr /\u003e\nInconsistent interpretation of HTTP requests (request/response smuggling class issue).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj\"\u003eGHSA-f269-vfmq-vjvj\u003c/a\u003e / CVE-2026-1528 (High)\u003cbr /\u003e\nMalicious WebSocket 64-bit frame length handling could crash the client.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-4992-7rv2-5pvq\"\u003eGHSA-4992-7rv2-5pvq\u003c/a\u003e / CVE-2026-1527 (Medium)\u003cbr /\u003e\nCRLF injection via the \u003ccode\u003eupgrade\u003c/code\u003e option.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8\"\u003eGHSA-v9p9-hfj2-hcw8\u003c/a\u003e / CVE-2026-2229 (High)\u003cbr /\u003e\nUnhandled exception from invalid \u003ccode\u003eserver_max_window_bits\u003c/code\u003e in WebSocket permessage-deflate negotiation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q\"\u003eGHSA-vrm6-8vpv-qv8q\u003c/a\u003e / CVE-2026-1526 (High)\u003cbr /\u003e\nUnbounded memory consumption in WebSocket permessage-deflate decompression.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNot applicable to v6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-phc3-fgpg-7m6h\"\u003eGHSA-phc3-fgpg-7m6h\u003c/a\u003e / CVE-2026-2581 affects \u003ccode\u003e\u0026gt;= 7.17.0 \u0026lt; 7.24.0\u003c/code\u003e only.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAffected and patched ranges (v6)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-1525: affected \u003ccode\u003e\u0026lt; 6.24.0\u003c/code\u003e, patched \u003ccode\u003e6.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1528: affected \u003ccode\u003e\u0026gt;= 6.0.0 \u0026lt; 6.24.0\u003c/code\u003e, patched \u003ccode\u003e6.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1527: affected \u003ccode\u003e\u0026lt; 6.24.0\u003c/code\u003e, patched \u003ccode\u003e6.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-2229: affected \u003ccode\u003e\u0026lt; 6.24.0\u003c/code\u003e, patched \u003ccode\u003e6.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1526: affected \u003ccode\u003e\u0026lt; 6.24.0\u003c/code\u003e, patched \u003ccode\u003e6.24.0\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eReferences\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eGitHub Security Advisories: \u003ca href=\"https://github.com/nodejs/undici/security/advisories\"\u003ehttps://github.com/nodejs/undici/security/advisories\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-1525: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-1525\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-1525\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-1528: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-1528\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-1528\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-1527: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-1527\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-1527\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-2229: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-2229\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-2229\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-1526: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-1526\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-1526\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.23.0\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/8873c947271faf1ebc455bdc6158ecbc022ecfa9\"\u003e\u003ccode\u003e8873c94\u003c/code\u003e\u003c/a\u003e Bumped v6.24.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/411bd01a42e7917009bbf686f7628b99d67bbce9\"\u003e\u003ccode\u003e411bd01\u003c/code\u003e\u003c/a\u003e test(websocket): use node:assert for Node 18 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/844bf59699d778944f78a24ae819c0e8f295766e\"\u003e\u003ccode\u003e844bf59\u003c/code\u003e\u003c/a\u003e test: fix http2 lint regressions in backport\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/a444e4f13e8958b4e1ac42bc0d53ace7fba0a9c1\"\u003e\u003ccode\u003ea444e4f\u003c/code\u003e\u003c/a\u003e test: stabilize h2 and tls-cert-leak under current test runner\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/dc032a1050d5489b8ce9b4c22aafba98a942f87b\"\u003e\u003ccode\u003edc032a1\u003c/code\u003e\u003c/a\u003e fix: h2 CI (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4395\"\u003e#4395\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/4cd3f4b3a2ef910ba728c47ae78294d956410450\"\u003e\u003ccode\u003e4cd3f4b\u003c/code\u003e\u003c/a\u003e test: increase bitness in \u003ccode\u003etest/fixtures/*.pem\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/3659\"\u003e#3659\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/7df6442194b7a54e9ac734335e6e0a56a9bc6666\"\u003e\u003ccode\u003e7df6442\u003c/code\u003e\u003c/a\u003e fix: adapt websocket frame-limit handling for v6 parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/4e0179ae643e6f4380f24cc3683c1b1ca2afb094\"\u003e\u003ccode\u003e4e0179a\u003c/code\u003e\u003c/a\u003e fix: reject duplicate content-length and host headers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/5a97f0893b53ba7d1d5549d3df7e55d9c2673f89\"\u003e\u003ccode\u003e5a97f08\u003c/code\u003e\u003c/a\u003e Fix websocket 64-bit length overflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/e43e898603dd5e0c14a75b08b83257598d664a39\"\u003e\u003ccode\u003ee43e898\u003c/code\u003e\u003c/a\u003e fix: validate upgrade header to prevent CRLF injection\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nodejs/undici/compare/v5.28.4...v6.24.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for undici since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `electron` from 23.1.2 to 39.8.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/electron/electron/releases\"\u003eelectron's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eelectron v39.8.5\u003c/h2\u003e\n\u003ch1\u003eRelease Notes for v39.8.5\u003c/h1\u003e\n\u003ch2\u003eFixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a crash in \u003ccode\u003eclipboard.readImage()\u003c/code\u003e when the clipboard contains malformed image data. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50493\"\u003e#50493\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50491\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50492\"\u003e41\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50494\"\u003e42\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003cli\u003eFixed a crash when calling an offscreen shared texture's \u003ccode\u003erelease()\u003c/code\u003e after the texture object was garbage collected. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50499\"\u003e#50499\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50500\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50501\"\u003e41\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50502\"\u003e42\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eelectron v39.8.4\u003c/h2\u003e\n\u003ch1\u003eRelease Notes for v39.8.4\u003c/h1\u003e\n\u003ch2\u003eFixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where \u003ccode\u003enodeIntegrationInWorker\u003c/code\u003e overrides in \u003ccode\u003esetWindowOpenHandler\u003c/code\u003e were not honored for child windows sharing a renderer process with their opener. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50468\"\u003e#50468\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50163\"\u003e38\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50467\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50134\"\u003e41\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003cli\u003eFixed crash when handling JavaScript dialogs from windows opened with invalid or empty URLs. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50400\"\u003e#50400\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50401\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50399\"\u003e41\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50398\"\u003e42\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003cli\u003eFixed improper focus tracking in BaseWindow on MacOS. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50338\"\u003e#50338\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50337\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50340\"\u003e41\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50339\"\u003e42\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003cli\u003eFixed window freeze when failing to enter/exit fullscreen on macOS. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50341\"\u003e#50341\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50344\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50343\"\u003e41\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50342\"\u003e42\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eOther Changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for using a proxy during yarn install. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50349\"\u003e#50349\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50352\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50350\"\u003e41\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50351\"\u003e42\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003cli\u003eBackported fix for 485935305. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50440\"\u003e#50440\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBackported fix for 489381399. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50443\"\u003e#50443\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBackported fix for chromium:475877320. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50436\"\u003e#50436\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBackported fixes for 484751092, 487117772. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50461\"\u003e#50461\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eelectron v39.8.3\u003c/h2\u003e\n\u003ch1\u003eRelease Notes for v39.8.3\u003c/h1\u003e\n\u003ch2\u003eFixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded additional ASAR support to additional \u003ccode\u003efs\u003c/code\u003e copy methods. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50284\"\u003e#50284\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50287\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50286\"\u003e41\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50285\"\u003e42\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003cli\u003eFixed user resizing of transparent windows on win32 platform. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50300\"\u003e#50300\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50301\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50298\"\u003e41\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50299\"\u003e42\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eelectron v39.8.2\u003c/h2\u003e\n\u003ch1\u003eRelease Notes for v39.8.2\u003c/h1\u003e\n\u003ch2\u003eOther Changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBackported fix for b/491421267. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50230\"\u003e#50230\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eelectron v39.8.1\u003c/h2\u003e\n\u003ch1\u003eRelease Notes for v39.8.1\u003c/h1\u003e\n\u003ch2\u003eFixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded validation to protocol client methods to reject protocol names that do not conform to the RFC 3986 URI scheme grammar. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50156\"\u003e#50156\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50157\"\u003e38\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50158\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50155\"\u003e41\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue on macOS where calling \u003ccode\u003eautoUpdater.quitAndInstall()\u003c/code\u003e could fail if \u003ccode\u003echeckForUpdates()\u003c/code\u003e was called again after an update was already downloaded. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50215\"\u003e#50215\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50216\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50217\"\u003e41\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue where Chrome Devtools menus may not appear in certain embedded windows. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50136\"\u003e#50136\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50138\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50137\"\u003e41\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue where \u003ccode\u003eadditionalData\u003c/code\u003e passed to \u003ccode\u003eapp.requestSingleInstanceLock\u003c/code\u003e on Windows could be truncated or fail to deserialize in the primary instance's \u003ccode\u003esecond-instance\u003c/code\u003e event. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50174\"\u003e#50174\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50177\"\u003e38\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50162\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50154\"\u003e41\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue where \u003ccode\u003escreen.getCursorScreenPoint()\u003c/code\u003e crashed on Wayland when it was called before a \u003ccode\u003eBrowserWindow\u003c/code\u003e had been created. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50106\"\u003e#50106\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50104\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50105\"\u003e41\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/electron/electron/commit/9d2f8cb4da0d35e2daf7e7f60e35313b508cb224\"\u003e\u003ccode\u003e9d2f8cb\u003c/code\u003e\u003c/a\u003e refactor: remove dead named-window lookup from guest-window-manager (\u003ca href=\"https://redirect.github.com/electron/electron/issues/50498\"\u003e#50498\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/electron/electron/commit/11730047394233e70743c52567e17f4c3b2dc9fc\"\u003e\u003ccode\u003e1173004\u003c/code\u003e\u003c/a\u003e fix: crash calling OSR shared texture release() after texture GC'd (\u003ca href=\"https://redirect.github.com/electron/electron/issues/50499\"\u003e#50499\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/electron/electron/commit/be37adefd08f882e3f1fb8403d2d9e92c3009d56\"\u003e\u003ccode\u003ebe37ade\u003c/code\u003e\u003c/a\u003e fix: crash in clipboard.readImage() on malformed image data (\u003ca href=\"https://redirect.github.com/electron/electron/issues/50493\"\u003e#50493\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/electron/electron/commit/7007907df08d02da98f513dcbdb430ab51be59c7\"\u003e\u003ccode\u003e7007907\u003c/code\u003e\u003c/a\u003e chore: cherry-pick 3 changes from chromium (\u003ca href=\"https://redirect.github.com/electron/electron/issues/50461\"\u003e#50461\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/electron/electron/commit/2c8b6ee0c0a7c26871dc0b320982afd8ed29df6c\"\u003e\u003ccode\u003e2c8b6ee\u003c/code\u003e\u003c/a\u003e chore: cherry-pick fbfb27470bf6 from chromium (\u003ca href=\"https://redirect.github.com/electron/electron/issues/50436\"\u003e#50436\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/electron/electron/commit/4c64377ead6b53bc565d7793a2712e49882e5354\"\u003e\u003ccode\u003e4c64377\u003c/code\u003e\u003c/a\u003e chore: cherry-pick 50b057660b4d from chromium (\u003ca href=\"https://redirect.github.com/electron/electron/issues/50440\"\u003e#50440\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/electron/electron/commit/0ef056130cde0c19c81ccfbc2932df6911765849\"\u003e\u003ccode\u003e0ef0561\u003c/code\u003e\u003c/a\u003e fix: read nodeIntegrationInWorker from per-frame WebPreferences (\u003ca href=\"https://redirect.github.com/electron/electron/issues/50122\"\u003e#50122\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/electron/electron/issues/50\"\u003e#50\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/electron/electron/commit/64373df3ca697bc6fe6e3ab1f463ba05beaf64cf\"\u003e\u003ccode\u003e64373df\u003c/code\u003e\u003c/a\u003e chore: cherry-pick 074d472db745 from chromium (\u003ca href=\"https://redirect.github.com/electron/electron/issues/50443\"\u003e#50443\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/electron/electron/commit/13e44072be367f516cfad36f95d183765174f4bf\"\u003e\u003ccode\u003e13e4407\u003c/code\u003e\u003c/a\u003e fix: don't re-parse URL unnecessarily when handling dialogs (\u003ca href=\"https://redirect.github.com/electron/electron/issues/50400\"\u003e#50400\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/electron/electron/commit/16a038502a4ea0c79976be60bcc8f28a49f1ab99\"\u003e\u003ccode\u003e16a0385\u003c/code\u003e\u003c/a\u003e ci: output build cache hit rate as GHA annotation (\u003ca href=\"https://redirect.github.com/electron/electron/issues/50369\"\u003e#50369\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/electron/electron/compare/v23.1.2...v39.8.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `webpack` from 5.82.1 to 5.104.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack/releases\"\u003ewebpack's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.104.1\u003c/h2\u003e\n\u003ch2\u003e5.104.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e2efd21b: Reexports runtime calculation should not accessing \u003cstrong\u003eWEBPACK_IMPORT_KEY\u003c/strong\u003e decl with var.\u003c/li\u003e\n\u003cli\u003ec510070: Fixed a user information bypass vulnerability in the HttpUriPlugin plugin.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.104.0\u003c/h2\u003e\n\u003ch2\u003e5.104.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ed3dd841: Use method shorthand to render module content in \u003ccode\u003e__webpack_modules__\u003c/code\u003e object.\u003c/li\u003e\n\u003cli\u003ed3dd841: Enhance \u003ccode\u003eimport.meta.env\u003c/code\u003e to support object access.\u003c/li\u003e\n\u003cli\u003e4baab4e: Optimize dependency sorting in updateParent: sort each module only once by deferring to finishUpdateParent(), and reduce traversal count in sortWithSourceOrder by caching WeakMap values upfront.\u003c/li\u003e\n\u003cli\u003e04cd530: Handle more at-rules for CSS modules.\u003c/li\u003e\n\u003cli\u003ecafae23: Added options to control the renaming of at-rules and various identifiers in CSS modules.\u003c/li\u003e\n\u003cli\u003ed3dd841: Added \u003ccode\u003ebase64url\u003c/code\u003e, \u003ccode\u003ebase62\u003c/code\u003e, \u003ccode\u003ebase58\u003c/code\u003e, \u003ccode\u003ebase52\u003c/code\u003e, \u003ccode\u003ebase49\u003c/code\u003e, \u003ccode\u003ebase36\u003c/code\u003e, \u003ccode\u003ebase32\u003c/code\u003e and \u003ccode\u003ebase25\u003c/code\u003e digests.\u003c/li\u003e\n\u003cli\u003e5983843: Provide a stable runtime function variable \u003ccode\u003e__webpack_global__\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003ed3dd841: Improved \u003ccode\u003elocalIdentName\u003c/code\u003e hashing for CSS.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e22c48fb: Added module existence check for informative error message in development mode.\u003c/li\u003e\n\u003cli\u003e50689e1: Use the fully qualified class name (or export name) for \u003ccode\u003e[fullhash]\u003c/code\u003e placeholder in CSS modules.\u003c/li\u003e\n\u003cli\u003ed3dd841: Support universal lazy compilation.\u003c/li\u003e\n\u003cli\u003ed3dd841: Fixed module library export definitions when multiple runtimes.\u003c/li\u003e\n\u003cli\u003ed3dd841: Fixed CSS nesting and CSS custom properties parsing.\u003c/li\u003e\n\u003cli\u003ed3dd841: Don't write fragment from URL to filename and apply fragment to module URL.\u003c/li\u003e\n\u003cli\u003eaab1da9: Fixed bugs for \u003ccode\u003ecss/global\u003c/code\u003e type.\u003c/li\u003e\n\u003cli\u003ed3dd841: Compatibility \u003ccode\u003eimport.meta.filename\u003c/code\u003e and \u003ccode\u003eimport.meta.dirname\u003c/code\u003e with \u003ccode\u003eeval\u003c/code\u003e devtools.\u003c/li\u003e\n\u003cli\u003ed3dd841: Handle nested \u003ccode\u003e__webpack_require__\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e728ddb7: The speed of identifier parsing has been improved.\u003c/li\u003e\n\u003cli\u003e0f8b31b: Improve types.\u003c/li\u003e\n\u003cli\u003ed3dd841: Don't corrupt \u003ccode\u003edebugId\u003c/code\u003e injection when \u003ccode\u003ehidden-source-map\u003c/code\u003e is used.\u003c/li\u003e\n\u003cli\u003e2179fdb: Re-validate HttpUriPlugin redirects against allowedUris, restrict to http(s) and add a conservative redirect limit to prevent SSRF and untrusted content inclusion. Redirects failing policy are rejected before caching/lockfile writes.\u003c/li\u003e\n\u003cli\u003ed3dd841: Serialize \u003ccode\u003eHookWebpackError\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003ed3dd841: Added ability to use built-in properties in dotenv and define plugin.\u003c/li\u003e\n\u003cli\u003e3c4319f: Optimizing the regular expression character class by specifying ranges for runtime code.\u003c/li\u003e\n\u003cli\u003ed3dd841: Reduce collision for local indent name in CSS.\u003c/li\u003e\n\u003cli\u003ed3dd841: Remove CSS link tags when CSS imports are removed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.103.0\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003eDotenvPlugin\u003c/code\u003e and top level \u003ccode\u003edotenv\u003c/code\u003e option to enable this plugin\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eWebpackManifestPlugin\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdded support the \u003ccode\u003eignoreList\u003c/code\u003e option in devtool plugins\u003c/li\u003e\n\u003cli\u003eAllow to use custom javascript parse function\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack/blob/main/CHANGELOG.md\"\u003ewebpack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.104.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e2efd21b: Reexports runtime calculation should not accessing \u003cstrong\u003eWEBPACK_IMPORT_KEY\u003c/strong\u003e decl with var.\u003c/li\u003e\n\u003cli\u003ec510070: Fixed a user information bypass vulnerability in the HttpUriPlugin plugin.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.104.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ed3dd841: Use method shorthand to render module content in \u003ccode\u003e__webpack_modules__\u003c/code\u003e object.\u003c/li\u003e\n\u003cli\u003ed3dd841: Enhance \u003ccode\u003eimport.meta.env\u003c/code\u003e to support object access.\u003c/li\u003e\n\u003cli\u003e4baab4e: Optimize dependency sorting in updateParent: sort each module only once by deferring to finishUpdateParent(), and reduce traversal count in sortWithSourceOrder by caching WeakMap values upfront.\u003c/li\u003e\n\u003cli\u003e04cd530: Handle more at-rules for CSS modules.\u003c/li\u003e\n\u003cli\u003ecafae23: Added options to control the renaming of at-rules and various identifiers in CSS modules.\u003c/li\u003e\n\u003cli\u003ed3dd841: Added \u003ccode\u003ebase64url\u003c/code\u003e, \u003ccode\u003ebase62\u003c/code\u003e, \u003ccode\u003ebase58\u003c/code\u003e, \u003ccode\u003ebase52\u003c/code\u003e, \u003ccode\u003ebase49\u003c/code\u003e, \u003ccode\u003ebase36\u003c/code\u003e, \u003ccode\u003ebase32\u003c/code\u003e and \u003ccode\u003ebase25\u003c/code\u003e digests.\u003c/li\u003e\n\u003cli\u003e5983843: Provide a stable runtime function variable \u003ccode\u003e__webpack_global__\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003ed3dd841: Improved \u003ccode\u003elocalIdentName\u003c/code\u003e hashing for CSS.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e22c48fb: Added module existence check for informative error message in development mode.\u003c/li\u003e\n\u003cli\u003e50689e1: Use the fully qualified class name (or export name) for \u003ccode\u003e[fullhash]\u003c/code\u003e placeholder in CSS modules.\u003c/li\u003e\n\u003cli\u003ed3dd841: Support universal lazy compilation.\u003c/li\u003e\n\u003cli\u003ed3dd841: Fixed module library export definitions when multiple runtimes.\u003c/li\u003e\n\u003cli\u003ed3dd841: Fixed CSS nesting and CSS custom properties parsing.\u003c/li\u003e\n\u003cli\u003ed3dd841: Don't write fragment from URL to filename and apply fragment to module URL.\u003c/li\u003e\n\u003cli\u003eaab1da9: Fixed bugs for \u003ccode\u003ecss/global\u003c/code\u003e type.\u003c/li\u003e\n\u003cli\u003ed3dd841: Compatibility \u003ccode\u003eimport.meta.filename\u003c/code\u003e and \u003ccode\u003eimport.meta.dirname\u003c/code\u003e with \u003ccode\u003eeval\u003c/code\u003e devtools.\u003c/li\u003e\n\u003cli\u003ed3dd841: Handle nested \u003ccode\u003e__webpack_require__\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e728ddb7: The speed of identifier parsing has been improved.\u003c/li\u003e\n\u003cli\u003e0f8b31b: Improve types.\u003c/li\u003e\n\u003cli\u003ed3dd841: Don't corrupt \u003ccode\u003edebugId\u003c/code\u003e injection when \u003ccode\u003ehidden-source-map\u003c/code\u003e is used.\u003c/li\u003e\n\u003cli\u003e2179fdb: Re-validate HttpUriPlugin redirects against allowedUris, restrict to http(s) and add a conservative redirect limit to prevent SSRF and untrusted content inclusion. Redirects failing policy are rejected before caching/lockfile writes.\u003c/li\u003e\n\u003cli\u003ed3dd841: Serialize \u003ccode\u003eHookWebpackError\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003ed3dd841: Added ability to use built-in properties in dotenv and define plugin.\u003c/li\u003e\n\u003cli\u003e3c4319f: Optimizing the regular expression character class by specifying ranges for runtime code.\u003c/li\u003e\n\u003cli\u003ed3dd841: Reduce collision for local indent name in CSS.\u003c/li\u003e\n\u003cli\u003ed3dd841: Remove CSS link tags when CSS imports are removed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/24e3c2d2c9f8c6d60810302b2ea70ed86e2863dc\"\u003e\u003ccode\u003e24e3c2d\u003c/code\u003e\u003c/a\u003e chore(release): new release (\u003ca href=\"https://redirect.github.com/webpack/webpack/issues/20253\"\u003e#20253\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/2efd21b0b06baa9b1a7f009b336379dcef24c1a5\"\u003e\u003ccode\u003e2efd21b\u003c/code\u003e\u003c/a\u003e fix(re-exports): reexports runtime calculation should not accessing `__WEBPAC...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/c5100702335a9cdcb75558ccd80def2329bd4abf\"\u003e\u003ccode\u003ec510070\u003c/code\u003e\u003c/a\u003e fix(security): userinfo bypass vulnerability in HttpUriPlugin allowedUris\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/4b0501c69700963bad1285b56f9cfa74704cb963\"\u003e\u003ccode\u003e4b0501c\u003c/code\u003e\u003c/a\u003e ci: fix release (\u003ca href=\"https://redirect.github.com/webpack/webpack/issues/20252\"\u003e#20252\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/0c213cecf2906bc41102c3a4cfdd1ad3522d0171\"\u003e\u003ccode\u003e0c213ce\u003c/code\u003e\u003c/a\u003e ci: use \u003ccode\u003e\\\u0026lt;@\u0026amp;1450591255485743204\u0026gt;\u003c/code\u003e over \u003ccode\u003e@here\u003c/code\u003e for discord notificationw\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/5bf8bc51bcfb49d25b73aae450b246cd8b8b423a\"\u003e\u003ccode\u003e5bf8bc5\u003c/code\u003e\u003c/a\u003e refactor: types for benchmarks and tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/505a5e744fbcf4471ddb534bf1d4aebea9643c1b\"\u003e\u003ccode\u003e505a5e7\u003c/code\u003e\u003c/a\u003e chore(release): new release (\u003ca href=\"https://redirect.github.com/webpack/webpack/issues/20188\"\u003e#20188\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/0c066808d59e4f9406e11bab4ffa2e0feacbd0e2\"\u003e\u003ccode\u003e0c06680\u003c/code\u003e\u003c/a\u003e refactor: update eslint configuration\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/2eb0d6a410513960bd7d65bf15baf15704a612eb\"\u003e\u003ccode\u003e2eb0d6a\u003c/code\u003e\u003c/a\u003e ci: release announcement (\u003ca href=\"https://redirect.github.com/webpack/webpack/issues/20238\"\u003e#20238\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/b2b24590a08755b706d2009ca97a226addf9e83b\"\u003e\u003ccode\u003eb2b2459\u003c/code\u003e\u003c/a\u003e ci: cancel in progress (\u003ca href=\"https://redirect.github.com/webpack/webpack/issues/20239\"\u003e#20239\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/webpack/webpack/compare/v5.82.1...v5.104.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `webpack-dev-server` from 4.15.0 to 5.2.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack-dev-server/releases\"\u003ewebpack-dev-server's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.2.4\u003c/h2\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.3...v5.2.4\"\u003e5.2.4\u003c/a\u003e (2026-05-11)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eset Cross-Origin-Resource-Policy header to prevent source code theft over HTTP\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.2.3\u003c/h2\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.2...v5.2.3\"\u003e5.2.3\u003c/a\u003e (2026-01-12)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003ecause\u003c/code\u003e for \u003ccode\u003eerrorObject\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5518\"\u003e#5518\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/37b033da2c48335178495a1987c469a26ef3de60\"\u003e37b033d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ecompatibility with event target and universal target and lazy compilation  (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/574026c44b9c51f0bbd2f5a2836c54607289a071\"\u003e574026c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eoverlay:\u003c/strong\u003e add ESC key to dismiss overlay (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5598\"\u003e#5598\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/f91baa8831e061e2998849966b8002b40b83fb07\"\u003ef91baa8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eprogress indicator styles (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5557\"\u003e#5557\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/41a53a1accdb0a90785d82cbe8a079794eeed3c8\"\u003e41a53a1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade selfsigned to v5\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.2.2\u003c/h2\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.1...v5.2.2\"\u003e5.2.2\u003c/a\u003e (2025-06-03)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u0026quot;Overlay enabled\u0026quot; false positive (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/18e72ee3e57a6e7598a6c068c0ff7c7bb6a857f1\"\u003e18e72ee\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edo not crush when error is null for runtime errors (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5447\"\u003e#5447\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/309991f947baa0354140b9930a9654ac792e20c4\"\u003e309991f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove unnecessary header \u003ccode\u003eX_TEST\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5451\"\u003e#5451\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/64a6124bf1b4d158bb42a4341dd03121ae3759fa\"\u003e64a6124\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erespect the \u003ccode\u003eallowedHosts\u003c/code\u003e option for cross-origin header check (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5510\"\u003e#5510\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/03d12141bf7be09dfb14e91e5c834ee63bd9a9a2\"\u003e03d1214\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.2.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.0...v6.0.0\"\u003e5.2.1\u003c/a\u003e (2025-03-26)\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ecross-origin requests are not allowed unless allowed by \u003ccode\u003eAccess-Control-Allow-Origin\u003c/code\u003e header\u003c/li\u003e\n\u003cli\u003erequests with an IP addresses in the \u003ccode\u003eOrigin\u003c/code\u003e header are not allowed to connect to WebSocket server unless configured by \u003ccode\u003eallowedHosts\u003c/code\u003e or it different from the \u003ccode\u003eHost\u003c/code\u003e header\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThe above changes may make the dev server not work if you relied on such behavior, but unfortunately they carry security risks, so they were considered as fixes.\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eprevent overlay for errors caught by React error boundaries (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5431\"\u003e#5431\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/8c1abc903ab444d9ce99e567b9a6c603e1ec06be\"\u003e8c1abc9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etake the first network found instead of the last one, this restores the same behavior as 5.0.4 (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5411\"\u003e#5411\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/ffd0b86b790d372f90e17aea92cfd9def83fee96\"\u003effd0b86\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.2.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.1.0...v5.2.0\"\u003e5.2.0\u003c/a\u003e (2024-12-11)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack-dev-server/blob/main/CHANGELOG.md\"\u003ewebpack-dev-server's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.3...v5.2.4\"\u003e5.2.4\u003c/a\u003e (2026-05-11)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eset Cross-Origin-Resource-Policy header to prevent source code theft over HTTP\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.2...v5.2.3\"\u003e5.2.3\u003c/a\u003e (2026-01-12)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003ecause\u003c/code\u003e for \u003ccode\u003eerrorObject\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5518\"\u003e#5518\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/37b033da2c48335178495a1987c469a26ef3de60\"\u003e37b033d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ecompatibility with event target and universal target and lazy compilation  (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/574026c44b9c51f0bbd2f5a2836c54607289a071\"\u003e574026c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eoverlay:\u003c/strong\u003e add ESC key to dismiss overlay (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5598\"\u003e#5598\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/f91baa8831e061e2998849966b8002b40b83fb07\"\u003ef91baa8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eprogress indicator styles (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5557\"\u003e#5557\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/41a53a1accdb0a90785d82cbe8a079794eeed3c8\"\u003e41a53a1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade selfsigned to v5\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.1...v5.2.2\"\u003e5.2.2\u003c/a\u003e (2025-06-03)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u0026quot;Overlay enabled\u0026quot; false positive (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/18e72ee3e57a6e7598a6c068c0ff7c7bb6a857f1\"\u003e18e72ee\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edo not crush when error is null for runtime errors (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5447\"\u003e#5447\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/309991f947baa0354140b9930a9654ac792e20c4\"\u003e309991f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove unnecessary header \u003ccode\u003eX_TEST\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5451\"\u003e#5451\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/64a6124bf1b4d158bb42a4341dd03121ae3759fa\"\u003e64a6124\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erespect the \u003ccode\u003eallowedHosts\u003c/code\u003e option for cross-origin header check (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5510\"\u003e#5510\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/03d12141bf7be09dfb14e91e5c834ee63bd9a9a2\"\u003e03d1214\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.0...v6.0.0\"\u003e5.2.1\u003c/a\u003e (2025-03-26)\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ecross-origin requests are not allowed unless allowed by \u003ccode\u003eAccess-Control-Allow-Origin\u003c/code\u003e header\u003c/li\u003e\n\u003cli\u003erequests with an IP addresses in the \u003ccode\u003eOrigin\u003c/code\u003e header are not allowed to connect to WebSocket server unless configured by \u003ccode\u003eallowedHosts\u003c/code\u003e or it different from the \u003ccode\u003eHost\u003c/code\u003e header\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThe above changes may make the dev server not work if you relied on such behavior, but unfortunately they carry security risks, so they were considered as fixes.\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eprevent overlay for errors caught by React error boundaries (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5431\"\u003e#5431\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/8c1abc903ab444d9ce99e567b9a6c603e1ec06be\"\u003e8c1abc9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etake the first network found instead of the last one, this restores the same behavior as 5.0.4 (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5411\"\u003e#5411\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/ffd0b86b790d372f90e17aea92cfd9def83fee96\"\u003effd0b86\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.1.0...v5.2.0\"\u003e5.2.0\u003c/a\u003e (2024-12-11)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadded \u003ccode\u003egetClientEntry\u003c/code\u003e and \u003ccode\u003egetClientHotEntry\u003c/code\u003e methods to get clients entries (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/dc642a832d45c23c5c7a08fbf29995e0db7e0d95\"\u003edc642a8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/fd401308f1cc026262880e2dab810004d6444282\"\u003e\u003ccode\u003efd40130\u003c/code\u003e\u003c/a\u003e chore(release): 5.2.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/ece4f3617bea31fb6d3833f69a32b6c289959a49\"\u003e\u003ccode\u003eece4f36\u003c/code\u003e\u003c/a\u003e chore: update deps (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5661\"\u003e#5661\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/a2161442a314a06a97e25d1404d08410cb4e9c51\"\u003e\u003ccode\u003ea216144\u003c/code\u003e\u003c/a\u003e ci: fix test (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5658\"\u003e#5658\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/df073c53a8cefb54210b43813fa6ee60364a554e\"\u003e\u003ccode\u003edf073c5\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/b550a702bd4246d1724513b70de0bfbe6604672f\"\u003e\u003ccode\u003eb550a70\u003c/code\u003e\u003c/a\u003e chore(release): 5.2.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/9704dc52e3f696ae1446428c25882745e9b65cbb\"\u003e\u003ccode\u003e9704dc5\u003c/code\u003e\u003c/a\u003e chore: upgrade selfsigned to v5 and remove node-forge dependency (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5618\"\u003e#5618\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/92bf644784741e8ea5adaa4a1dc26f4d462f223d\"\u003e\u003ccode\u003e92bf644\u003c/code\u003e\u003c/a\u003e chore: bump express to update qs (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5621\"\u003e#5621\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/792b2f0bd13a3b93abf701fe3a5cf41ee16722f4\"\u003e\u003ccode\u003e792b2f0\u003c/code\u003e\u003c/a\u003e chore(deps-dev): bump the dependencies group with 4 updates (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5606\"\u003e#5606\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/6d587cab3e023675de2feedf81bcdfcec7d5b774\"\u003e\u003ccode\u003e6d587ca\u003c/code\u003e\u003c/a\u003e chore(deps): bump the dependencies group across 1 directory with 27 updates (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/f91baa8831e061e2998849966b8002b40b83fb07\"\u003e\u003ccode\u003ef91baa8\u003c/code\u003e\u003c/a\u003e fix(overlay): add ESC key to dismiss overlay (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5598\"\u003e#5598\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v4.15.0...v5.2.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `immutable` from 4.0.0-rc.12 to 4.3.8\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/immutable-js/immutable-js/releases\"\u003eimmutable's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.3.8\u003c/h2\u003e\n\u003cp\u003eFix Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in immutable\u003c/p\u003e\n\u003ch2\u003ev4.3.7\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix issue with slice negative of filtered sequence by \u003ca href=\"https://github.com/jdeniau\"\u003e\u003ccode\u003e@​jdeniau\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/2006\"\u003eimmutable-js/immutable-js#2006\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/immutable-js/immutable-js/compare/v4.3.6...v4.3.7\"\u003ehttps://github.com/immutable-js/immutable-js/compare/v4.3.6...v4.3.7\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.3.6\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix Repeat(\u003c!-- raw HTML omitted --\u003e).equals(undefined) incorrectly returning true by \u003ca href=\"https://github.com/butchler\"\u003e\u003ccode\u003e@​butchler\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/1994\"\u003eimmutable-js/immutable-js#1994\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternals\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003echange youtube image by \u003ca href=\"https://github.com/jdeniau\"\u003e\u003ccode\u003e@​jdeniau\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/1973\"\u003eimmutable-js/immutable-js#1973\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade eslint and ignore no-constructor-return rule for actual constructors by \u003ca href=\"https://github.com/jdeniau\"\u003e\u003ccode\u003e@​jdeniau\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/1974\"\u003eimmutable-js/immutable-js#1974\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupgrate documentation website to next 14 by \u003ca href=\"https://github.com/jdeniau\"\u003e\u003ccode\u003e@​jdeniau\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/1975\"\u003eimmutable-js/immutable-js#1975\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003estart migrating to nextjs app router by \u003ca href=\"https://github.com/jdeniau\"\u003e\u003ccode\u003e@​jdeniau\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/1976\"\u003eimmutable-js/immutable-js#1976\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupgrade next sitemap by \u003ca href=\"https://github.com/jdeniau\"\u003e\u003ccode\u003e@​jdeniau\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/1978\"\u003eimmutable-js/immutable-js#1978\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/butchler\"\u003e\u003ccode\u003e@​butchler\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/1994\"\u003eimmutable-js/immutable-js#1994\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/immutable-js/immutable-js/compare/v4.3.5...v4.3.6\"\u003ehttps://github.com/immutable-js/immutable-js/compare/v4.3.5...v4.3.6\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.3.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix Set.fromKeys types with Map constructor in TS 5.0 by \u003ca href=\"https://github.com/jdeniau\"\u003e\u003ccode\u003e@​jdeniau\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/1971\"\u003eimmutable-js/immutable-js#1971\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupgrade to TS 5.1 by \u003ca href=\"https://github.com/jdeniau\"\u003e\u003ccode\u003e@​jdeniau\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/1972\"\u003eimmutable-js/immutable-js#1972\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix dist-stats command by \u003ca href=\"https://github.com/jdeniau\"\u003e\u003ccode\u003e@​jdeniau\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/1964\"\u003eimmutable-js/immutable-js#1964\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix Read the Docs link on readme by \u003ca href=\"https://github.com/joshding\"\u003e\u003ccode\u003e@​joshding\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/1970\"\u003eimmutable-js/immutable-js#1970\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/joshding\"\u003e\u003ccode\u003e@​joshding\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/1970\"\u003eimmutable-js/immutable-js#1970\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/immutable-js/immutable-js/compare/v4.3.4...v4.3.5\"\u003ehttps://github.com/immutable-js/immutable-js/compare/v4.3.4...v4.3.5\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e4.3.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRollback toJS type due to circular reference error by \u003ca href=\"https://github.com/jdeniau\"\u003e\u003ccode\u003e@​jdeniau\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/1958\"\u003eimmutable-js/immutable-js#1958\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/immutable-js/immutable-js/compare/v4.3.3...v4.3.4\"\u003ehttps://github.com/immutable-js/immutable-js/compare/v4.3.3...v4.3.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.3.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[typescript] manage to handle toJS circular reference. \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/1932\"\u003e#1932\u003c/a\u003e by \u003ca href=\"https://github.com/jdeniau\"\u003e\u003ccode\u003e@​jdeniau\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/immutable-js/immutable-js/blob/main/CHANGELOG.md\"\u003eimmutable's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003eAll notable changes to this project will be documented in this file.\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"https://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e,\nand this project adheres to \u003ca href=\"https://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\nDates are formatted as YYYY-MM-DD.\u003c/p\u003e\n\u003ch2\u003eUnreleased\u003c/h2\u003e\n\u003ch2\u003e5.1.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in immutable\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.1.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate some files to TS by \u003ca href=\"https://github.com/jdeniau\"\u003e\u003ccode\u003e@​jdeniau\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/2125\"\u003eimmutable-js/immutable-js#2125\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eIterator.ts\u003c/li\u003e\n\u003cli\u003ePairSorting.ts\u003c/li\u003e\n\u003cli\u003etoJS.ts\u003c/li\u003e\n\u003cli\u003eMath.ts\u003c/li\u003e\n\u003cli\u003eHash.ts\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eExtract CollectionHelperMethods and convert to TS by \u003ca href=\"https://github.com/jdeniau\"\u003e\u003ccode\u003e@​jdeniau\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/2131\"\u003eimmutable-js/immutable-js#2131\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse npm \u003ca href=\"https://docs.npmjs.com/trusted-publishers\"\u003etrusted publishing only\u003c/a\u003e to avoid token stealing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix/a11y issues by \u003ca href=\"https://github.com/lyannel\"\u003e\u003ccode\u003e@​lyannel\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/2136\"\u003eimmutable-js/immutable-js#2136\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDoc add Map.get signature update by \u003ca href=\"https://github.com/borracciaBlu\"\u003e\u003ccode\u003e@​borracciaBlu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/2138\"\u003eimmutable-js/immutable-js#2138\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(doc):minor-issues#2132 by \u003ca href=\"https://github.com/JayMeDotDot\"\u003e\u003ccode\u003e@​JayMeDotDot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/2133\"\u003eimmutable-js/immutable-js#2133\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix algolia search by \u003ca href=\"https://github.com/jdeniau\"\u003e\u003ccode\u003e@​jdeniau\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/2135\"\u003eimmutable-js/immutable-js#2135\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTypo in OrderedMap by \u003ca href=\"https://github.com/jdeniau\"\u003e\u003ccode\u003e@​jdeniau\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/2144\"\u003eimmutable-js/immutable-js#2144\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003echore: Sort all imports and activate eslint import rule by \u003ca href=\"https://github.com/jdeniau\"\u003e\u003ccode\u003e@​jdeniau\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/2119\"\u003eimmutable-js/immutable-js#2119\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.1.3\u003c/h2\u003e\n\u003ch3\u003eTypeScript\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix: allow readonly map entry constructor by \u003ca href=\"https://github.com/septs\"\u003e\u003ccode\u003e@​septs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/2123\"\u003eimmutable-js/immutable-js#2123\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cp\u003eThere has been a huge amount of changes in the documentation, mainly migrate from an autogenerated documentation from .d.ts file, to a proper documentation in markdown.\nThe playground has been included on nearly all method examples.\nWe added a page about browser extensions too: \u003ca href=\"https://immutable-js.com/browser-extension/\"\u003ehttps://immutable-js.com/browser-extension/\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eInternal\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/immutable-js/immutable-js/commit/485cbe0edf3ca7bb4b9c4a80ac55ba937a291da0\"\u003e\u003ccode\u003e485cbe0\u003c/code\u003e\u003c/a\u003e 4.3.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/immutable-js/immutable-js/commit/6ed4eb626906df788b08019061b292b90bc718cb\"\u003e\u003ccode\u003e6ed4eb6\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/immutable-js/immutable-js/commit/94bcd3c79972db4afffd8d1e5aab415880098b05\"\u003e\u003ccode\u003e94bcd3c\u003c/code\u003e\u003c/a\u003e fix new proto key injection\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/immutable-js/immutable-js/commit/faeb58b0cc71ed351dc51f672a95ae21bc859ef5\"\u003e\u003ccode\u003efaeb58b\u003c/code\u003e\u003c/a\u003e fix Prototype Pollution in mergeDeep, toJS, etc.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/immutable-js/immutable-js/commit/37ca4170060827e5f4eaa1969d1b61e5dc5eb11d\"\u003e\u003ccode\u003e37ca417\u003c/code\u003e\u003c/a\u003e release 4.3.7 (\u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/issues/2007\"\u003e#2007\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/immutable-js/immutable-js/commit/23daf26b51ecc2805dcd9ac8534ce523397f9b62\"\u003e\u003ccode\u003e23daf26\u003c/code\u003e\u003c/a\u003e Fix issue with slice negative of filtered sequence (\u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/issues/2006\"\u003e#2006\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/immutable-js/immutable-js/commit/493afba6ec17d9c999dc5a15ac80c71c6bdba1c3\"\u003e\u003ccode\u003e493afba\u003c/code\u003e\u003c/a\u003e release 4.3.6 (\u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/issues/1997\"\u003e#1997\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/immutable-js/immutable-js/commit/be3cb9a7ae9a29f82c9d0c595f5f3cb957d7006c\"\u003e\u003ccode\u003ebe3cb9a\u003c/code\u003e\u003c/a\u003e Fix Repeat(\u0026lt;value\u0026gt;).equals(undefined) incorrectly returning true (\u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/issues/1994\"\u003e#1994\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/immutable-js/immutable-js/commit/d7664bf9d3539da8ea095f2ed08bbe1cd0d46071\"\u003e\u003ccode\u003ed7664bf\u003c/code\u003e\u003c/a\u003e generate sitemap in path that will be deployed\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/immutable-js/immutable-js/commit/f8327b1db0bb131df8a830cf14642f6ad07ca466\"\u003e\u003ccode\u003ef8327b1\u003c/code\u003e\u003c/a\u003e upgrade next sitemap (\u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/issues/1978\"\u003e#1978\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/immutable-js/immutable-js/compare/v4.0.0-rc.12...v4.3.8\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for immutable since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@tootallnate/once` from 2.0.0 to 2.0.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/TooTallNate/once/releases\"\u003e@​tootallnate/once's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.0.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ea1e5e2d: Fix promise hang when AbortSignal is aborted\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/TooTallNate/once/blob/v2.0.1/CHANGELOG.md\"\u003e@​tootallnate/once's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.0.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ea1e5e2d: Fix promise hang when AbortSignal is aborted\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TooTallNate/once/commit/bcbb21d387e5fb2d0bf8ec2fd8d0ac97d4553241\"\u003e\u003ccode\u003ebcbb21d\u003c/code\u003e\u003c/a\u003e ci: fix OIDC publishing — Node 24, npm latest, provenance\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TooTallNate/once/commit/dc24387be8e3405f1e7c911caf76c87b72a0e145\"\u003e\u003ccode\u003edc24387\u003c/code\u003e\u003c/a\u003e Version Packages (2.x) (\u003ca href=\"https://redirect.github.com/TooTallNate/once/issues/12\"\u003e#12\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TooTallNate/once/commit/b8a6f80afcfd2482b4bdb1e29d784340a05e0ce3\"\u003e\u003ccode\u003eb8a6f80\u003c/code\u003e\u003c/a\u003e CI: test all Node versions on Linux only\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TooTallNate/once/commit/dabcc0fb6202663cd83994f0a21ea1c710395327\"\u003e\u003ccode\u003edabcc0f\u003c/code\u003e\u003c/a\u003e ci: drop EOL Node.js 14.x/16.x, add 22.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TooTallNate/once/commit/b464efcf4238d92590245b4d211d2fc05a94d28a\"\u003e\u003ccode\u003eb464efc\u003c/code\u003e\u003c/a\u003e Update CI: modern Node versions, fix macOS ARM64 compat\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TooTallNate/once/commit/a1e5e2d784bcd1c65e49fac1524c6c94fe81f871\"\u003e\u003ccode\u003ea1e5e2d\u003c/code\u003e\u003c/a\u003e Fix promise hang when AbortSignal is aborted\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/TooTallNate/once/compare/2.0.0...v2.0.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for \u003ccode\u003e@​tootallnate/once\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fast-xml-parser` from 3.19.0 to 3.21.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md\"\u003efast-xml-parser's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e3.21.1 / 2021-10-31\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCorrectly format JSON elements with a text prop but no attribute props ( By \u003ca href=\"https://github.com/haddadnj\"\u003ehaddadnj\u003c/a\u003e )\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e3.21.0 / 2021-10-25\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003efeat: added option \u003ccode\u003erootNodeName\u003c/code\u003e to set tag name for array input when converting js object to XML.\u003c/li\u003e\n\u003cli\u003efeat: added option \u003ccode\u003ealwaysCreateTextNode\u003c/code\u003e to force text node creation (by: \u003cem\u003e\u003ca href=\"https://github.com/massimo-ua\"\u003e\u003ccode\u003e@​massimo-ua\u003c/code\u003e\u003c/a\u003e\u003c/em\u003e)\u003c/li\u003e\n\u003cli\u003e⚠️ feat: Better error location for unclosed tags. (by \u003cem\u003e\u003ca href=\"https://github.com/Gei0r\"\u003e\u003ccode\u003e@​Gei0r\u003c/code\u003e\u003c/a\u003e\u003c/em\u003e)\n\u003cul\u003e\n\u003cli\u003eSome error messages would be changed when validating XML. Eg\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e{ InvalidXml: \u0026quot;Invalid '[    \\\u0026quot;rootNode\\\u0026quot;]' found.\u0026quot; }\u003c/code\u003e → \u003ccode\u003e{InvalidTag: \u0026quot;Unclosed tag 'rootNode'.\u0026quot;}\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e{ InvalidTag: \u0026quot;Closing tag 'rootNode' is expected inplace of 'rootnode'.\u0026quot; }\u003c/code\u003e → \u003ccode\u003e{ InvalidTag: \u0026quot;Expected closing tag 'rootNode' (opened in line 1) instead of closing tag 'rootnode'.\u0026quot;}\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e⚠️ feat: Column in error response when validating XML\u003c/li\u003e\n\u003c/ul\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003e{\n  \u0026quot;code\u0026quot;: \u0026quot;InvalidAttr\u0026quot;,\n  \u0026quot;msg\u0026quot;:  \u0026quot;Attribute 'abc' is repeated.\u0026quot;,\n  \u0026quot;line\u0026quot;: 1,\n  \u0026quot;col\u0026quot;: 22\n}\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003e3.20.1 / 2021-09-25\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eupdate strnum package\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e3.20.0 / 2021-09-10\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUse strnum npm package to parse string to number\n\u003cul\u003e\n\u003cli\u003ebreaking change: long number will be parsed to scientific notation.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/dccf7febf2e73043d1aa8cb7e061134939d58f66\"\u003e\u003ccode\u003edccf7fe\u003c/code\u003e\u003c/a\u003e fix: JSON format for tags with text but no attribute\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/3eb1def561016cec9c1d249b4b4c2e25821900ee\"\u003e\u003ccode\u003e3eb1def\u003c/code\u003e\u003c/a\u003e Correctly format JSON elements with a text prop but no attribute props (\u003ca href=\"https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/387\"\u003e#387\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/a61686982a4d1332ee93a4b810b1cd5b13a4a804\"\u003e\u003ccode\u003ea616869\u003c/code\u003e\u003c/a\u003e fix: make \u003ccode\u003enyc\u003c/code\u003e a devDep (\u003ca href=\"https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/386\"\u003e#386\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/75c20fed6bc8338e388871d6e1aad7274f1f6f61\"\u003e\u003ccode\u003e75c20fe\u003c/code\u003e\u003c/a\u003e Create Docs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/2c4c5e5b7057457736dfaef02e286ea707045696\"\u003e\u003ccode\u003e2c4c5e5\u003c/code\u003e\u003c/a\u003e fix github build for coverage path\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/75947c4c6bd837384b9b25a816387cdb51426227\"\u003e\u003ccode\u003e75947c4\u003c/code\u003e\u003c/a\u003e update checklist\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/c05b37cf86c95deb3b8dd1ed1acedd9cdd424af8\"\u003e\u003ccode\u003ec05b37c\u003c/code\u003e\u003c/a\u003e update browser bundles\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/01727d00021ef865670a3edda1326f388af71543\"\u003e\u003ccode\u003e01727d0\u003c/code\u003e\u003c/a\u003e update dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/71616d6e8fe4b793deda25ed70117c7e8bda9847\"\u003e\u003ccode\u003e71616d6\u003c/code\u003e\u003c/a\u003e update package detail\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/a85b3778db8d095987b7dd17bcabd1cb21b986ab\"\u003e\u003ccode\u003ea85b377\u003c/code\u003e\u003c/a\u003e (feat) option set tag name for input js obj when converts to XML\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/compare/3.19.0...v3.21.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `flatted` from 3.2.7 to 3.4.2\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/3bf09091c3562e17a0647bc06710dd6097079cf7\"\u003e\u003ccode\u003e3bf0909\u003c/code\u003e\u003c/a\u003e 3.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/885ddcc33cf9657caf38c57c7be45ae1c5272802\"\u003e\u003ccode\u003e885ddcc\u003c/code\u003e\u003c/a\u003e fix CWE-1321\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commi...\n\n_Description has been truncated_","html_url":"https://github.com/1042422227/react/pull/9","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/1042422227%2Freact/issues/9","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/9/packages"}},{"old_version":"3.2.2","new_version":"3.2.3","update_type":"patch","path":null,"pr_created_at":"2026-05-22T05:34:14.000Z","version_change":"3.2.2 → 3.2.3","issue":{"uuid":"4500126251","node_id":"PR_kwDOE6qmMc7eN5Be","number":15,"state":"closed","title":"Bump the npm_and_yarn group across 9 directories with 19 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-24T23:51:29.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-22T05:34:14.000Z","updated_at":"2026-05-24T23:51:31.000Z","time_to_close":238635,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":19,"packages":[{"name":"browserstack-local","old_version":"1.4.0","new_version":"1.5.9","repository_url":"https://github.com/browserstack/browserstack-local-nodejs"},{"name":"express","old_version":"4.17.0","new_version":"4.22.0","repository_url":"https://github.com/expressjs/express"},{"name":"minimatch","old_version":"3.0.4","new_version":"3.1.4","repository_url":"https://github.com/isaacs/minimatch"},{"name":"pnpm","old_version":"5.14.3","new_version":"10.28.2","repository_url":"https://github.com/pnpm/pnpm"},{"name":"tar","old_version":"4.4.10","new_version":"7.5.11","repository_url":"https://github.com/isaacs/node-tar"},{"name":"devalue","old_version":"2.0.1","new_version":"5.8.1","repository_url":"https://github.com/sveltejs/devalue"},{"name":"@babel/plugin-transform-modules-systemjs","old_version":"7.12.1","new_version":"7.29.4","repository_url":"https://github.com/babel/babel"},{"name":"bn.js","old_version":"4.11.9","new_version":"5.2.3","repository_url":"https://github.com/indutny/bn.js"},{"name":"follow-redirects","old_version":"1.9.0","new_version":"1.16.0","repository_url":"https://github.com/follow-redirects/follow-redirects"},{"name":"handlebars","old_version":"4.5.3","new_version":"4.7.9","repository_url":"https://github.com/handlebars-lang/handlebars.js"},{"name":"js-yaml","old_version":"3.13.1","new_version":"3.14.2","repository_url":"https://github.com/nodeca/js-yaml"},{"name":"jws","old_version":"3.2.2","new_version":"3.2.3","repository_url":"https://github.com/brianloveswords/node-jws"},{"name":"picomatch","old_version":"2.2.2","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"rollup","old_version":"2.35.1","new_version":"2.80.0","repository_url":"https://github.com/rollup/rollup"},{"name":"tar-fs","old_version":"2.0.0","new_version":"2.1.4","repository_url":"https://github.com/mafintosh/tar-fs"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 15 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [browserstack-local](https://github.com/browserstack/browserstack-local-nodejs) | `1.4.0` | `1.5.9` |\n| [express](https://github.com/expressjs/express) | `4.17.0` | `4.22.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.4` |\n| [pnpm](https://github.com/pnpm/pnpm/tree/HEAD/pnpm) | `5.14.3` | `10.28.2` |\n| [tar](https://github.com/isaacs/node-tar) | `4.4.10` | `7.5.11` |\n| [devalue](https://github.com/sveltejs/devalue) | `2.0.1` | `5.8.1` |\n| [@babel/plugin-transform-modules-systemjs](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs) | `7.12.1` | `7.29.4` |\n| [bn.js](https://github.com/indutny/bn.js) | `4.11.9` | `5.2.3` |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.9.0` | `1.16.0` |\n| [handlebars](https://github.com/handlebars-lang/handlebars.js) | `4.5.3` | `4.7.9` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.13.1` | `3.14.2` |\n| [jws](https://github.com/brianloveswords/node-jws) | `3.2.2` | `3.2.3` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.2.2` | `2.3.2` |\n| [rollup](https://github.com/rollup/rollup) | `2.35.1` | `2.80.0` |\n| [tar-fs](https://github.com/mafintosh/tar-fs) | `2.0.0` | `2.1.4` |\n\nBumps the npm_and_yarn group with 1 update in the /examples/api-routes-rate-limit directory: [next](https://github.com/vercel/next.js).\nBumps the npm_and_yarn group with 1 update in the /examples/using-preact directory: [next](https://github.com/vercel/next.js).\nBumps the npm_and_yarn group with 1 update in the /examples/with-firebase-authentication directory: [js-cookie](https://github.com/js-cookie/js-cookie).\nBumps the npm_and_yarn group with 1 update in the /examples/with-mongodb-mongoose directory: [mongoose](https://github.com/Automattic/mongoose).\nBumps the npm_and_yarn group with 1 update in the /examples/with-next-translate directory: [next](https://github.com/vercel/next.js).\nBumps the npm_and_yarn group with 1 update in the /examples/with-paste-typescript directory: [next](https://github.com/vercel/next.js).\nBumps the npm_and_yarn group with 1 update in the /examples/with-storybook-styled-jsx-scss directory: [next](https://github.com/vercel/next.js).\nBumps the npm_and_yarn group with 1 update in the /examples/with-three-js directory: [next](https://github.com/vercel/next.js).\n\nUpdates `browserstack-local` from 1.4.0 to 1.5.9\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/browserstack/browserstack-local-nodejs/releases\"\u003ebrowserstack-local's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eChanged local binary paths to support LocalBinary 7.3. Fixed folder argument.\u003c/h2\u003e\n\u003cp\u003eChanged local binary paths to support LocalBinary 7.3.\nFixed folder argument when building browserstack local arguments.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserstack/browserstack-local-nodejs/commit/f11c8ea6af74397e113bee17a170d2a62c8bce08\"\u003e\u003ccode\u003ef11c8ea\u003c/code\u003e\u003c/a\u003e 1.5.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserstack/browserstack-local-nodejs/commit/8c461a517ef8b274e28ae008d15ccc738ce8db83\"\u003e\u003ccode\u003e8c461a5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/browserstack/browserstack-local-nodejs/issues/169\"\u003e#169\u003c/a\u003e from browserstack/LOC-6480\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserstack/browserstack-local-nodejs/commit/ee24820b591123c5ebde347639da4b2f54841e5a\"\u003e\u003ccode\u003eee24820\u003c/code\u003e\u003c/a\u003e use writeFileSync instead of echo to clear the logfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserstack/browserstack-local-nodejs/commit/440aa806810347033b641a09cc24704f115e7448\"\u003e\u003ccode\u003e440aa80\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/browserstack/browserstack-local-nodejs/issues/163\"\u003e#163\u003c/a\u003e from browserstack/release_1.5.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserstack/browserstack-local-nodejs/commit/125b8f1d3b946d23c686d38e60e365d2200992b6\"\u003e\u003ccode\u003e125b8f1\u003c/code\u003e\u003c/a\u003e 1.5.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserstack/browserstack-local-nodejs/commit/3eeca3f1e505032c7cacc691684432c1348006d0\"\u003e\u003ccode\u003e3eeca3f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/browserstack/browserstack-local-nodejs/issues/162\"\u003e#162\u003c/a\u003e from browserstack/download_source_from_specified_host\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserstack/browserstack-local-nodejs/commit/17a583ae8ccddce15d48150b5bb134614913e0bf\"\u003e\u003ccode\u003e17a583a\u003c/code\u003e\u003c/a\u003e refactor into utility methods\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserstack/browserstack-local-nodejs/commit/4c0de9ded45228b163573a8a1293576bbfc2afc3\"\u003e\u003ccode\u003e4c0de9d\u003c/code\u003e\u003c/a\u003e Request download source from specified host\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserstack/browserstack-local-nodejs/commit/3b190ed2033a0ddaa1580d1289ef6fbc72f09842\"\u003e\u003ccode\u003e3b190ed\u003c/code\u003e\u003c/a\u003e 1.5.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserstack/browserstack-local-nodejs/commit/56d7b62e8a1e5b2a4eb121b3ebad0eb1e9ce976f\"\u003e\u003ccode\u003e56d7b62\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/browserstack/browserstack-local-nodejs/issues/161\"\u003e#161\u003c/a\u003e from browserstack/Change_Binary_Download_Distribution\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/browserstack/browserstack-local-nodejs/compare/v1.4.0...v1.5.9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~browserstack-admin\"\u003ebrowserstack-admin\u003c/a\u003e, a new releaser for browserstack-local since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `express` from 4.17.0 to 4.22.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/expressjs/express/releases\"\u003eexpress's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.22.0\u003c/h2\u003e\n\u003ch2\u003eImportant: Security\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity fix for \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2024-51999\"\u003eCVE-2024-51999\u003c/a\u003e (\u003ca href=\"https://github.com/expressjs/express/security/advisories/GHSA-pj86-cfqh-vqx6\"\u003eGHSA-pj86-cfqh-vqx6\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRefactor: improve readability by \u003ca href=\"https://github.com/sazk07\"\u003e\u003ccode\u003e@​sazk07\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6190\"\u003eexpressjs/express#6190\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add support for Node.js@23.0 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6080\"\u003eexpressjs/express#6080\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMethod functions with no path should error by \u003ca href=\"https://github.com/wesleytodd\"\u003e\u003ccode\u003e@​wesleytodd\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/5957\"\u003eexpressjs/express#5957\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: updated github actions ci workflow by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6323\"\u003eexpressjs/express#6323\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: reorder \u003ccode\u003enpm i\u003c/code\u003e steps to fix ci for older node versions by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6336\"\u003eexpressjs/express#6336\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBackport: ci: add node.js 24 to test matrix by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6506\"\u003eexpressjs/express#6506\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(4.x): wider range for query test skip by \u003ca href=\"https://github.com/jonchurch\"\u003e\u003ccode\u003e@​jonchurch\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6513\"\u003eexpressjs/express#6513\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003euse tilde notation for certain dependencies by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6905\"\u003eexpressjs/express#6905\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeps: qs@6.14.0 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6909\"\u003eexpressjs/express#6909\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeps: use tilde notation for \u003ccode\u003eqs\u003c/code\u003e by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6919\"\u003eexpressjs/express#6919\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelease: 4.22.0 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6921\"\u003eexpressjs/express#6921\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/expressjs/express/compare/4.21.2...4.22.0\"\u003ehttps://github.com/expressjs/express/compare/4.21.2...4.22.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e4.21.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd funding field (v4) by \u003ca href=\"https://github.com/bjohansebas\"\u003e\u003ccode\u003e@​bjohansebas\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6065\"\u003eexpressjs/express#6065\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeps: path-to-regexp@0.1.11 by \u003ca href=\"https://github.com/blakeembrey\"\u003e\u003ccode\u003e@​blakeembrey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/5956\"\u003eexpressjs/express#5956\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeps: bump path-to-regexp@0.1.12 by \u003ca href=\"https://github.com/jonchurch\"\u003e\u003ccode\u003e@​jonchurch\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6209\"\u003eexpressjs/express#6209\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelease: 4.21.2 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6094\"\u003eexpressjs/express#6094\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/expressjs/express/compare/4.21.1...4.21.2\"\u003ehttps://github.com/expressjs/express/compare/4.21.1...4.21.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e4.21.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBackport a fix for CVE-2024-47764 to the 4.x branch by \u003ca href=\"https://github.com/joshbuker\"\u003e\u003ccode\u003e@​joshbuker\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6029\"\u003eexpressjs/express#6029\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelease: 4.21.1 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6031\"\u003eexpressjs/express#6031\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/expressjs/express/compare/4.21.0...4.21.1\"\u003ehttps://github.com/expressjs/express/compare/4.21.0...4.21.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e4.21.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate \u003ccode\u003e\u0026quot;back\u0026quot;\u003c/code\u003e magic string in redirects by \u003ca href=\"https://github.com/blakeembrey\"\u003e\u003ccode\u003e@​blakeembrey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/5935\"\u003eexpressjs/express#5935\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efinalhandler@1.3.1 by \u003ca href=\"https://github.com/wesleytodd\"\u003e\u003ccode\u003e@​wesleytodd\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/5954\"\u003eexpressjs/express#5954\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(deps): serve-static@1.16.2 by \u003ca href=\"https://github.com/wesleytodd\"\u003e\u003ccode\u003e@​wesleytodd\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/5951\"\u003eexpressjs/express#5951\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgraded dependency qs to 6.13.0 to match qs in body-parser by \u003ca href=\"https://github.com/agadzinski93\"\u003e\u003ccode\u003e@​agadzinski93\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/5946\"\u003eexpressjs/express#5946\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agadzinski93\"\u003e\u003ccode\u003e@​agadzinski93\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/5946\"\u003eexpressjs/express#5946\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/expressjs/express/blob/4.22.0/History.md\"\u003eexpress's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e4.22.0 / 2025-12-01\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity fix for \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2024-51999\"\u003eCVE-2024-51999\u003c/a\u003e (\u003ca href=\"https://github.com/expressjs/express/security/advisories/GHSA-pj86-cfqh-vqx6\"\u003eGHSA-pj86-cfqh-vqx6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edeps: use tilde notation for dependencies\u003c/li\u003e\n\u003cli\u003edeps: qs@6.14.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e4.21.2 / 2024-11-06\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003edeps: path-to-regexp@0.1.12\n\u003cul\u003e\n\u003cli\u003eFix backtracking protection\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003edeps: path-to-regexp@0.1.11\n\u003cul\u003e\n\u003cli\u003eThrows an error on invalid path values\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e4.21.1 / 2024-10-08\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eBackported a fix for \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2024-47764\"\u003eCVE-2024-47764\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e4.21.0 / 2024-09-11\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate \u003ccode\u003eres.location(\u0026quot;back\u0026quot;)\u003c/code\u003e and \u003ccode\u003eres.redirect(\u0026quot;back\u0026quot;)\u003c/code\u003e magic string\u003c/li\u003e\n\u003cli\u003edeps: serve-static@1.16.2\n\u003cul\u003e\n\u003cli\u003eincludes send@0.19.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003edeps: finalhandler@1.3.1\u003c/li\u003e\n\u003cli\u003edeps: qs@6.13.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e4.20.0 / 2024-09-10\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003edeps: serve-static@0.16.0\n\u003cul\u003e\n\u003cli\u003eRemove link renderization in html while redirecting\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003edeps: send@0.19.0\n\u003cul\u003e\n\u003cli\u003eRemove link renderization in html while redirecting\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003edeps: body-parser@0.6.0\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003edepth\u003c/code\u003e option to customize the depth level in the parser\u003c/li\u003e\n\u003cli\u003eIMPORTANT: The default \u003ccode\u003edepth\u003c/code\u003e level for parsing URL-encoded data is now \u003ccode\u003e32\u003c/code\u003e (previously was \u003ccode\u003eInfinity\u003c/code\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eRemove link renderization in html while using \u003ccode\u003eres.redirect\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003edeps: path-to-regexp@0.1.10\n\u003cul\u003e\n\u003cli\u003eAdds support for named matching groups in the routes using a regex\u003c/li\u003e\n\u003cli\u003eAdds backtracking protection to parameters without regexes defined\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003edeps: encodeurl@~2.0.0\n\u003cul\u003e\n\u003cli\u003eRemoves encoding of \u003ccode\u003e\\\u003c/code\u003e, \u003ccode\u003e|\u003c/code\u003e, and \u003ccode\u003e^\u003c/code\u003e to align better with URL spec\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eDeprecate passing \u003ccode\u003eoptions.maxAge\u003c/code\u003e and \u003ccode\u003eoptions.expires\u003c/code\u003e to \u003ccode\u003eres.clearCookie\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003eWill be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e4.19.2 / 2024-03-25\u003c/h1\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/49744abd1120484fe64d7bde1cd3197c32523b6e\"\u003e\u003ccode\u003e49744ab\u003c/code\u003e\u003c/a\u003e 4.22.0 (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6921\"\u003e#6921\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/6e97452f600a3b01719fbc5517d833c7646b0bb7\"\u003e\u003ccode\u003e6e97452\u003c/code\u003e\u003c/a\u003e sec: security patch for CVE-2024-51999\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/6a23d34d652b9e69a4486d2a2a0dea54b9685fa5\"\u003e\u003ccode\u003e6a23d34\u003c/code\u003e\u003c/a\u003e deps: use tilde notation for \u003ccode\u003eqs\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6919\"\u003e#6919\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/8c12cdf93b89a4628b59179e3cc0722fc517d6b3\"\u003e\u003ccode\u003e8c12cdf\u003c/code\u003e\u003c/a\u003e deps: qs@6.14.0 (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6909\"\u003e#6909\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/7fea74fcf02764580f38f2a7f1932dfa54cddd90\"\u003e\u003ccode\u003e7fea74f\u003c/code\u003e\u003c/a\u003e deps: use tilde notation for certain dependencies (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6905\"\u003e#6905\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/dac7a0475a99e9dfc57b3b8e6d5bdf52813f1944\"\u003e\u003ccode\u003edac7a04\u003c/code\u003e\u003c/a\u003e chore: wider range for query test skip (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6513\"\u003e#6513\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/997919b48879bbd53171c3b4e5dd1b04ad139241\"\u003e\u003ccode\u003e997919b\u003c/code\u003e\u003c/a\u003e ci: add node.js 24 to test matrix (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6506\"\u003e#6506\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/36fb59c6c7d9dfca0b08dfeafb5b6e4a249234a1\"\u003e\u003ccode\u003e36fb59c\u003c/code\u003e\u003c/a\u003e fix(ci): reorder \u003ccode\u003enpm i\u003c/code\u003e steps to fix ci for older node versions (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6336\"\u003e#6336\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/3a5edfaff06f1a2c7079b08d0635108b371eddfd\"\u003e\u003ccode\u003e3a5edfa\u003c/code\u003e\u003c/a\u003e fix(ci): updated github actions ci workflow (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6323\"\u003e#6323\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/52d978119a7af27667cce5d99ac0739dc269d818\"\u003e\u003ccode\u003e52d9781\u003c/code\u003e\u003c/a\u003e fix(test): add test for method routes without paths \u003ca href=\"https://redirect.github.com/expressjs/express/issues/5955\"\u003e#5955\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/expressjs/express/compare/4.17.0...4.22.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~ulisesgascon\"\u003eulisesgascon\u003c/a\u003e, a new releaser for express since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 3.0.4 to 3.1.4\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a2e084af579731af66c221214e3ca8222c9bf23\"\u003e\u003ccode\u003e1a2e084\u003c/code\u003e\u003c/a\u003e 3.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/ae24656237c3d58067442f790ce17eff84463a47\"\u003e\u003ccode\u003eae24656\u003c/code\u003e\u003c/a\u003e update lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/b1003749228b2a79e1f237963a0d559ef7a0941e\"\u003e\u003ccode\u003eb100374\u003c/code\u003e\u003c/a\u003e limit recursion for **, improve perf considerably\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/26ffeaa091b9f660833e23f42e07165b33e85c13\"\u003e\u003ccode\u003e26ffeaa\u003c/code\u003e\u003c/a\u003e lockfile update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/9eca892a4e5dbb20534f9f30483b85cdeee6c2eb\"\u003e\u003ccode\u003e9eca892\u003c/code\u003e\u003c/a\u003e lock node version to 14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/00c323b188b704e5d4bc534ecec2268cfa70a32a\"\u003e\u003ccode\u003e00c323b\u003c/code\u003e\u003c/a\u003e 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/30486b2048929264f44d18822891cfffa02af78b\"\u003e\u003ccode\u003e30486b2\u003c/code\u003e\u003c/a\u003e update CI matrix and actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/9c31b2d4e0af72a6c2d2d62c5dbc2247da669802\"\u003e\u003ccode\u003e9c31b2d\u003c/code\u003e\u003c/a\u003e update test expectations for coalesced consecutive stars\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/46fe687857cf02f6cf45469cc593b97e11b10c96\"\u003e\u003ccode\u003e46fe687\u003c/code\u003e\u003c/a\u003e coalesce consecutive non-globstar * characters\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/5a9ccbda64befc5d94b965534dbea2853c92aebd\"\u003e\u003ccode\u003e5a9ccbd\u003c/code\u003e\u003c/a\u003e [meta] update publishConfig.tag to legacy-v3\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v3.0.4...v3.1.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pnpm` from 5.14.3 to 10.28.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pnpm/pnpm/releases\"\u003epnpm's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003epnpm 10.28.2\u003c/h2\u003e\n\u003ch2\u003ePatch Changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eSecurity fix: prevent path traversal in \u003ccode\u003edirectories.bin\u003c/code\u003e field.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eWhen pnpm installs a \u003ccode\u003efile:\u003c/code\u003e or \u003ccode\u003egit:\u003c/code\u003e dependency, it now validates that symlinks point within the package directory. Symlinks to paths outside the package root are skipped to prevent local data from being leaked into \u003ccode\u003enode_modules\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003eThis fixes a security issue where a malicious package could create symlinks to sensitive files (e.g., \u003ccode\u003e/etc/passwd\u003c/code\u003e, \u003ccode\u003e~/.ssh/id_rsa\u003c/code\u003e) and have their contents copied when the package is installed.\u003c/p\u003e\n\u003cp\u003eNote: This only affects \u003ccode\u003efile:\u003c/code\u003e and \u003ccode\u003egit:\u003c/code\u003e dependencies. Registry packages (npm) have symlinks stripped during publish and are not affected.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed optional dependencies to request full metadata from the registry to get the \u003ccode\u003elibc\u003c/code\u003e field, which is required for proper platform compatibility checks \u003ca href=\"https://redirect.github.com/pnpm/pnpm/issues/9950\"\u003e#9950\u003c/a\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ePlatinum Sponsors\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eGold Sponsors\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pnpm/pnpm/blob/v10.28.2/pnpm/CHANGELOG.md\"\u003epnpm's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e10.28.2\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eSecurity fix: prevent path traversal in \u003ccode\u003edirectories.bin\u003c/code\u003e field.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eWhen pnpm installs a \u003ccode\u003efile:\u003c/code\u003e or \u003ccode\u003egit:\u003c/code\u003e dependency, it now validates that symlinks point within the package directory. Symlinks to paths outside the package root are skipped to prevent local data from being leaked into \u003ccode\u003enode_modules\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003eThis fixes a security issue where a malicious package could create symlinks to sensitive files (e.g., \u003ccode\u003e/etc/passwd\u003c/code\u003e, \u003ccode\u003e~/.ssh/id_rsa\u003c/code\u003e) and have their contents copied when the package is installed.\u003c/p\u003e\n\u003cp\u003eNote: This only affects \u003ccode\u003efile:\u003c/code\u003e and \u003ccode\u003egit:\u003c/code\u003e dependencies. Registry packages (npm) have symlinks stripped during publish and are not affected.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed optional dependencies to request full metadata from the registry to get the \u003ccode\u003elibc\u003c/code\u003e field, which is required for proper platform compatibility checks \u003ca href=\"https://redirect.github.com/pnpm/pnpm/issues/9950\"\u003e#9950\u003c/a\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e10.28.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFixed installation of config dependencies from private registries.\u003c/p\u003e\n\u003cp\u003eAdded support for object type in \u003ccode\u003econfigDependencies\u003c/code\u003e when the tarball URL returned from package metadata differs from the computed URL \u003ca href=\"https://redirect.github.com/pnpm/pnpm/pull/10431\"\u003e#10431\u003c/a\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix path traversal vulnerability in binary fetcher ZIP extraction\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eValidate ZIP entry paths before extraction to prevent writing files outside target directory\u003c/li\u003e\n\u003cli\u003eValidate BinaryResolution.prefix (basename) to prevent directory escape via crafted prefix\u003c/li\u003e\n\u003cli\u003eBoth attack vectors now throw \u003ccode\u003eERR_PNPM_PATH_TRAVERSAL\u003c/code\u003e error\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSupport plain \u003ccode\u003ehttp://\u003c/code\u003e and \u003ccode\u003ehttps://\u003c/code\u003e URLs ending with \u003ccode\u003e.git\u003c/code\u003e as git repository dependencies.\u003c/p\u003e\n\u003cp\u003ePreviously, URLs like \u003ccode\u003ehttps://gitea.example.org/user/repo.git#commit\u003c/code\u003e were not recognized as git repositories because they lacked the \u003ccode\u003egit+\u003c/code\u003e prefix (e.g., \u003ccode\u003egit+https://\u003c/code\u003e). This caused issues when installing dependencies from self-hosted git servers like Gitea or Forgejo that don't provide tarball downloads.\u003c/p\u003e\n\u003cp\u003eChanges:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe git resolver now runs before the tarball resolver, ensuring git URLs are handled by the correct resolver\u003c/li\u003e\n\u003cli\u003eThe git resolver now recognizes plain \u003ccode\u003ehttp://\u003c/code\u003e and \u003ccode\u003ehttps://\u003c/code\u003e URLs ending in \u003ccode\u003e.git\u003c/code\u003e as git repositories\u003c/li\u003e\n\u003cli\u003eRemoved the \u003ccode\u003eisRepository\u003c/code\u003e check from the tarball resolver since it's no longer needed with the new resolver order\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFixes \u003ca href=\"https://github.com/pnpm/pnpm/tree/HEAD/pnpm/issues/10468\"\u003e#10468\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003epnpm run -r\u003c/code\u003e and \u003ccode\u003epnpm run --filter\u003c/code\u003e now fail with a non-zero exit code when no packages have the specified script. Previously, this only failed when all packages were selected. Use \u003ccode\u003e--if-present\u003c/code\u003e to suppress this error \u003ca href=\"https://redirect.github.com/pnpm/pnpm/issues/6844\"\u003e#6844\u003c/a\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a path traversal vulnerability in tarball extraction on Windows. The path normalization was only checking for \u003ccode\u003e./\u003c/code\u003e but not \u003ccode\u003e.\\\u003c/code\u003e. Since backslashes are directory separators on Windows, malicious packages could use paths like \u003ccode\u003efoo\\..\\..\\.npmrc\u003c/code\u003e to write files outside the package directory.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eWhen running \u0026quot;pnpm exec\u0026quot; from a subdirectory of a project, don't change the current working directory to the root of the project \u003ca href=\"https://redirect.github.com/pnpm/pnpm/issues/5759\"\u003e#5759\u003c/a\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a path traversal vulnerability in pnpm's bin linking. Bin names starting with \u003ccode\u003e@\u003c/code\u003e bypassed validation, and after scope normalization, path traversal sequences like \u003ccode\u003e../../\u003c/code\u003e remained intact.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRevert Try to avoid making network calls with preferOffline \u003ca href=\"https://redirect.github.com/pnpm/pnpm/pull/10334\"\u003e#10334\u003c/a\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003e--save-peer\u003c/code\u003e to write valid semver ranges to \u003ccode\u003epeerDependencies\u003c/code\u003e for protocol-based installs (e.g. \u003ccode\u003ejsr:\u003c/code\u003e) by deriving from resolved versions when available and falling back to \u003ccode\u003e*\u003c/code\u003e if none is available \u003ca href=\"https://redirect.github.com/pnpm/pnpm/issues/10417\"\u003e#10417\u003c/a\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDo not exclude the root workspace project, when it is explicitly selected via a filter \u003ca href=\"https://redirect.github.com/pnpm/pnpm/pull/10465\"\u003e#10465\u003c/a\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e10.28.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pnpm/pnpm/commit/89a2c4ec38735945ccc7a208221e696fae655e3f\"\u003e\u003ccode\u003e89a2c4e\u003c/code\u003e\u003c/a\u003e chore(release): 10.28.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pnpm/pnpm/commit/a484cea3f2564a80ce8c3171d433f3d8c3e714ef\"\u003e\u003ccode\u003ea484cea\u003c/code\u003e\u003c/a\u003e fix(npm-resolver): request full metadata for optional dependencies (\u003ca href=\"https://github.com/pnpm/pnpm/tree/HEAD/pnpm/issues/10455\"\u003e#10455\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pnpm/pnpm/commit/c90837083c28949364627d02a47238f17eea25db\"\u003e\u003ccode\u003ec908370\u003c/code\u003e\u003c/a\u003e test: fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pnpm/pnpm/commit/0b5a56aaec74a51d796adc1828c399ad6319c5be\"\u003e\u003ccode\u003e0b5a56a\u003c/code\u003e\u003c/a\u003e chore(release): 10.28.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pnpm/pnpm/commit/916b26b63ce92e3357698aef311c2deaa8a077c8\"\u003e\u003ccode\u003e916b26b\u003c/code\u003e\u003c/a\u003e fix: prevent implicit root exclusion when user filters are provided (\u003ca href=\"https://github.com/pnpm/pnpm/tree/HEAD/pnpm/issues/10465\"\u003e#10465\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pnpm/pnpm/commit/9cbba288fc49a428615db5a5d3ad8a5ef973cc71\"\u003e\u003ccode\u003e9cbba28\u003c/code\u003e\u003c/a\u003e fix(exec): preserve user execution cwd (\u003ca href=\"https://github.com/pnpm/pnpm/tree/HEAD/pnpm/issues/10445\"\u003e#10445\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pnpm/pnpm/commit/91a241e692de524a974460f69c35a309769d3045\"\u003e\u003ccode\u003e91a241e\u003c/code\u003e\u003c/a\u003e chore(release): 10.28.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pnpm/pnpm/commit/a9784fb3df170e16d9627a262cce0255cf3e41ed\"\u003e\u003ccode\u003ea9784fb\u003c/code\u003e\u003c/a\u003e revert: \u0026quot;chore: upgrade qs to 6.14.1 (\u003ca href=\"https://github.com/pnpm/pnpm/tree/HEAD/pnpm/issues/10389\"\u003e#10389\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pnpm/pnpm/commit/787ed46577c0e477f47587d2d968e8350be55f8b\"\u003e\u003ccode\u003e787ed46\u003c/code\u003e\u003c/a\u003e chore: upgrade qs to 6.14.1 (\u003ca href=\"https://github.com/pnpm/pnpm/tree/HEAD/pnpm/issues/10389\"\u003e#10389\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pnpm/pnpm/commit/6bdba72ad31e4d6b79821405e09c6bdcc93894ee\"\u003e\u003ccode\u003e6bdba72\u003c/code\u003e\u003c/a\u003e chore(release): 10.27.0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pnpm/pnpm/commits/v10.28.2/pnpm\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for pnpm since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `tar` from 4.4.10 to 7.5.11\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/isaacs/node-tar/releases\"\u003etar's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.1.13\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/npm/node-tar/compare/v6.1.12...v6.1.13\"\u003e6.1.13\u003c/a\u003e (2022-12-07)\u003c/h2\u003e\n\u003ch3\u003eDependencies\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-tar/commit/cc4e0ddfe523a0bce383846a67442c637a65d486\"\u003e\u003ccode\u003ecc4e0dd\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-tar/pull/343\"\u003e#343\u003c/a\u003e bump minipass from 3.3.6 to 4.0.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.1.12\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/npm/node-tar/compare/v6.1.11...v6.1.12\"\u003e6.1.12\u003c/a\u003e (2022-10-31)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-tar/commit/57493ee66ece50d62114e02914282fc37be3a91a\"\u003e\u003ccode\u003e57493ee\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-tar/pull/332\"\u003e#332\u003c/a\u003e ensuring close event is emited after stream has ended (\u003ca href=\"https://github.com/webark\"\u003e\u003ccode\u003e@​webark\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-tar/commit/b003c64f624332e24e19b30dc011069bb6708680\"\u003e\u003ccode\u003eb003c64\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-tar/pull/314\"\u003e#314\u003c/a\u003e replace deprecated String.prototype.substr() (\u003ca href=\"https://redirect.github.com/isaacs/node-tar/issues/314\"\u003e#314\u003c/a\u003e) (\u003ca href=\"https://github.com/CommanderRoot\"\u003e\u003ccode\u003e@​CommanderRoot\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/lukekarrys\"\u003e\u003ccode\u003e@​lukekarrys\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-tar/commit/f12992932f171ea248b27fad95e7d489a56d31ed\"\u003e\u003ccode\u003ef129929\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-tar/pull/313\"\u003e#313\u003c/a\u003e remove dead link to benchmarks (\u003ca href=\"https://redirect.github.com/isaacs/node-tar/issues/313\"\u003e#313\u003c/a\u003e) (\u003ca href=\"https://github.com/yetzt\"\u003e\u003ccode\u003e@​yetzt\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-tar/commit/c1faa9f44001dfb0bc7638b2850eb6058bd56a4a\"\u003e\u003ccode\u003ec1faa9f\u003c/code\u003e\u003c/a\u003e add examples/explanation of using tar.t (\u003ca href=\"https://github.com/isaacs\"\u003e\u003ccode\u003e@​isaacs\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md\"\u003etar's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003e7.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003ezstd\u003c/code\u003e compression support.\u003c/li\u003e\n\u003cli\u003eConsistent TOCTOU behavior in sync t.list\u003c/li\u003e\n\u003cli\u003eOnly read from ustar block if not specified in Pax\u003c/li\u003e\n\u003cli\u003eFix sync tar.list when file size reduces while reading\u003c/li\u003e\n\u003cli\u003eSanitize absolute linkpaths properly\u003c/li\u003e\n\u003cli\u003ePrevent writing hardlink entries to the archive ahead of their\nfile target\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate \u003ccode\u003eonentry\u003c/code\u003e in favor of \u003ccode\u003eonReadEntry\u003c/code\u003e for clarity.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eonWriteEntry\u003c/code\u003e option\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDRY the command definitions into a single \u003ccode\u003emakeCommand\u003c/code\u003e method,\nand update the type signatures to more appropriately infer the\nreturn type from the options and arguments provided.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate minipass to v7.1.0\u003c/li\u003e\n\u003cli\u003eUpdate the type definitions of \u003ccode\u003ewrite()\u003c/code\u003e and \u003ccode\u003eend()\u003c/code\u003e methods on\n\u003ccode\u003eUnpack\u003c/code\u003e and \u003ccode\u003eParser\u003c/code\u003e classes to be compatible with the\nNodeJS.WritableStream type in the latest versions of\n\u003ccode\u003e@types/node\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for node \u0026lt;18\u003c/li\u003e\n\u003cli\u003eRewrite in TypeScript, provide ESM and CommonJS hybrid\ninterface\u003c/li\u003e\n\u003cli\u003eAdd tree-shake friendly exports, like \u003ccode\u003eimport('tar/create')\u003c/code\u003e\nand \u003ccode\u003eimport('tar/read-entry')\u003c/code\u003e to get individual functions or\nclasses.\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003echmod\u003c/code\u003e option that defaults to false, and deprecate\n\u003ccode\u003enoChmod\u003c/code\u003e. That is, reverse the default option regarding\nexplicitly setting file system modes to match tar entry\nsettings.\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eprocessUmask\u003c/code\u003e option to avoid having to call\n\u003ccode\u003eprocess.umask()\u003c/code\u003e when \u003ccode\u003echmod: true\u003c/code\u003e (or \u003ccode\u003enoChmod: false\u003c/code\u003e) is\nset.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/bf776f673164215074b62749e0fe80e5834588f4\"\u003e\u003ccode\u003ebf776f6\u003c/code\u003e\u003c/a\u003e 7.5.11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/f48b5fa3b7985ddab96dc0f2125a4ffc9911b6ad\"\u003e\u003ccode\u003ef48b5fa\u003c/code\u003e\u003c/a\u003e prevent escaping symlinks with drive-relative paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/97cff15d3539a37a4095eb3d287147d9d77c2dc3\"\u003e\u003ccode\u003e97cff15\u003c/code\u003e\u003c/a\u003e docs: more security info\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/2b72abc1d47c3570e1ad95c9ab557fc4c2e6e4b1\"\u003e\u003ccode\u003e2b72abc\u003c/code\u003e\u003c/a\u003e 7.5.10\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/7bc755dd85e623c0279e08eb3784909e6d7e4b9f\"\u003e\u003ccode\u003e7bc755d\u003c/code\u003e\u003c/a\u003e parse root off paths before sanitizing .. parts\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/c8cb84629dee649feedde03f2f4ea48f2e44e778\"\u003e\u003ccode\u003ec8cb846\u003c/code\u003e\u003c/a\u003e update deps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/1f0c2c9006b10199cf2686f8ef43e79a1773e1aa\"\u003e\u003ccode\u003e1f0c2c9\u003c/code\u003e\u003c/a\u003e 7.5.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/fbb08518bf290733b68ca4d4135f75becf73fd75\"\u003e\u003ccode\u003efbb0851\u003c/code\u003e\u003c/a\u003e build minified version as default export\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/6b8eba0ef367ac937e703238daa6df94ae6f823f\"\u003e\u003ccode\u003e6b8eba0\u003c/code\u003e\u003c/a\u003e 7.5.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/2cb1120bcefe28d7ecc719b41441ade59c52e384\"\u003e\u003ccode\u003e2cb1120\u003c/code\u003e\u003c/a\u003e fix(unpack): improve UnpackSync symlink error \u0026quot;into\u0026quot; path accuracy\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/node-tar/compare/v4.4.10...v7.5.11\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~isaacs\"\u003eisaacs\u003c/a\u003e, a new releaser for tar since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `devalue` from 2.0.1 to 5.8.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sveltejs/devalue/releases\"\u003edevalue's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.8.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e206ca67: fix: force sparse arrays to allocate sparsely\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.8.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ec5115b0: feat: add \u003ccode\u003estringifyAsync\u003c/code\u003e for async serialization\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.7.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e8becc7c: fix: handle regexes consistently in uneval's value and reference formats\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.7.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edf2e284: feat: use native alternatives to encode/decode base64\u003c/li\u003e\n\u003cli\u003e498656e: feat: add \u003ccode\u003eDataView\u003c/code\u003e support\u003c/li\u003e\n\u003cli\u003ea210130: feat: whitelist \u003ccode\u003eFloat16Array\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003edf2e284: feat: simplify TypedArray slices\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e5590634: fix: get \u003ccode\u003euneval\u003c/code\u003e type handling up to parity with \u003ccode\u003estringify\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e57f73fc: fix: correctly support boxed bigints and sentinel values\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.6.4\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e87c1f3c: fix: reject \u003ccode\u003e__proto__\u003c/code\u003e keys in malformed \u003ccode\u003eObject\u003c/code\u003e wrapper payloads\u003c/p\u003e\n\u003cp\u003eThis validates the \u003ccode\u003e\u0026quot;Object\u0026quot;\u003c/code\u003e parse path and throws when the wrapped value has an own \u003ccode\u003e__proto__\u003c/code\u003e key.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e40f1db1: fix: ensure sparse array indices are integers\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e87c1f3c: fix: disallow \u003ccode\u003e__proto__\u003c/code\u003e keys in null-prototype object parsing\u003c/p\u003e\n\u003cp\u003eThis disallows \u003ccode\u003e__proto__\u003c/code\u003e keys in the \u003ccode\u003e\u0026quot;null\u0026quot;\u003c/code\u003e parse path so null-prototype object hydration cannot carry that key through parse/unflatten.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.6.3\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e0f04d4d: fix: Properly handle \u003ccode\u003e__proto__\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e819f1ac: fix: better encoding for sparse arrays\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.6.2\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sveltejs/devalue/blob/main/CHANGELOG.md\"\u003edevalue's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.8.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e206ca67: fix: force sparse arrays to allocate sparsely\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.8.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ec5115b0: feat: add \u003ccode\u003estringifyAsync\u003c/code\u003e for async serialization\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.7.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e8becc7c: fix: handle regexes consistently in uneval's value and reference formats\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.7.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edf2e284: feat: use native alternatives to encode/decode base64\u003c/li\u003e\n\u003cli\u003e498656e: feat: add \u003ccode\u003eDataView\u003c/code\u003e support\u003c/li\u003e\n\u003cli\u003ea210130: feat: whitelist \u003ccode\u003eFloat16Array\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003edf2e284: feat: simplify TypedArray slices\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e5590634: fix: get \u003ccode\u003euneval\u003c/code\u003e type handling up to parity with \u003ccode\u003estringify\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e57f73fc: fix: correctly support boxed bigints and sentinel values\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.6.4\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e87c1f3c: fix: reject \u003ccode\u003e__proto__\u003c/code\u003e keys in malformed \u003ccode\u003eObject\u003c/code\u003e wrapper payloads\u003c/p\u003e\n\u003cp\u003eThis validates the \u003ccode\u003e\u0026quot;Object\u0026quot;\u003c/code\u003e parse path and throws when the wrapped value has an own \u003ccode\u003e__proto__\u003c/code\u003e key.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e40f1db1: fix: ensure sparse array indices are integers\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e87c1f3c: fix: disallow \u003ccode\u003e__proto__\u003c/code\u003e keys in null-prototype object parsing\u003c/p\u003e\n\u003cp\u003eThis disallows \u003ccode\u003e__proto__\u003c/code\u003e keys in the \u003ccode\u003e\u0026quot;null\u0026quot;\u003c/code\u003e parse path so null-prototype object hydration cannot carry that key through parse/unflatten.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.6.3\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e0f04d4d: fix: Properly handle \u003ccode\u003e__proto__\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e819f1ac: fix: better encoding for sparse arrays\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.6.2\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/devalue/commit/796ea83a76eb7e0f2af376f9c2c875f1d057f50f\"\u003e\u003ccode\u003e796ea83\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://redirect.github.com/sveltejs/devalue/issues/152\"\u003e#152\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/devalue/commit/206ca6712fbc380a4571c59de9ab04b91110792d\"\u003e\u003ccode\u003e206ca67\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/devalue/commit/14933f78ff6b712829162628682b0a1993e75d19\"\u003e\u003ccode\u003e14933f7\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://redirect.github.com/sveltejs/devalue/issues/151\"\u003e#151\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/devalue/commit/c5115b0074ec298fb4077f6cee5616cefbd13902\"\u003e\u003ccode\u003ec5115b0\u003c/code\u003e\u003c/a\u003e feat: \u003ccode\u003estringifyAsync\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/sveltejs/devalue/issues/150\"\u003e#150\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/devalue/commit/67dad450b5db18ea9aa3059d334d8b0ee6704d9e\"\u003e\u003ccode\u003e67dad45\u003c/code\u003e\u003c/a\u003e docs: update README to reflect serialization stability non-goal (\u003ca href=\"https://redirect.github.com/sveltejs/devalue/issues/147\"\u003e#147\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/devalue/commit/6eb920a7db6fe388f24f640d0e4e874a57f148fb\"\u003e\u003ccode\u003e6eb920a\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://redirect.github.com/sveltejs/devalue/issues/146\"\u003e#146\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/devalue/commit/8becc7c436f0d4f85e2e5b32cb49dcfdf4fdec42\"\u003e\u003ccode\u003e8becc7c\u003c/code\u003e\u003c/a\u003e fix: handle regexes consistently in uneval's value and reference formats (\u003ca href=\"https://redirect.github.com/sveltejs/devalue/issues/145\"\u003e#145\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/devalue/commit/2eee2e435ea0ea3d495dc7a266486df95a4eb6ed\"\u003e\u003ccode\u003e2eee2e4\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://redirect.github.com/sveltejs/devalue/issues/144\"\u003e#144\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/devalue/commit/498656e75d36dfc63a386240722bdeac63337b25\"\u003e\u003ccode\u003e498656e\u003c/code\u003e\u003c/a\u003e DataView support (\u003ca href=\"https://redirect.github.com/sveltejs/devalue/issues/143\"\u003e#143\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/devalue/commit/5590634db53ed555d3ce2e2024924b30352a6afc\"\u003e\u003ccode\u003e5590634\u003c/code\u003e\u003c/a\u003e Improve platform types support (\u003ca href=\"https://redirect.github.com/sveltejs/devalue/issues/142\"\u003e#142\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sveltejs/devalue/compare/v2.0.1...v5.8.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for devalue since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@babel/plugin-transform-modules-systemjs` from 7.12.1 to 7.29.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/babel/babel/releases\"\u003e@​babel/plugin-transform-modules-systemjs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.29.4 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-plugin-transform-modules-systemjs\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17974\"\u003e#17974\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 1\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.3 (2026-04-30)\u003c/h2\u003e\n\u003ch4\u003e:eyeglasses: Spec Compliance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17923\"\u003e#17923\u003c/a\u003e Support flow extends bound (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helper-create-class-features-plugin\u003c/code\u003e, \u003ccode\u003ebabel-plugin-proposal-decorators\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17931\"\u003e#17931\u003c/a\u003e fix(decorators): replace super within all removed static elements (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-register\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17915\"\u003e#17915\u003c/a\u003e Fix thread synchronization issues in \u003ccode\u003e@babel/register\u003c/code\u003e (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-compat-data\u003c/code\u003e, \u003ccode\u003ebabel-plugin-bugfix-safari-rest-destructuring-rhs-array\u003c/code\u003e, \u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17788\"\u003e#17788\u003c/a\u003e Add bugfix plugin for Safari array rest destructuring bug (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:nail_care: Polish\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17782\"\u003e#17782\u003c/a\u003e Improve trailing comma comment handling (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:memo: Documentation\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17847\"\u003e#17847\u003c/a\u003e Replace npmjs.com links with npmx.dev (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:running_woman: Performance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helper-import-to-platform-api\u003c/code\u003e, \u003ccode\u003ebabel-plugin-proposal-import-wasm-source\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-json-modules\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17818\"\u003e#17818\u003c/a\u003e Load async Wasm and JSON imports in parallel (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 4\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eBabel Bot (\u003ca href=\"https://github.com/babel-bot\"\u003e\u003ccode\u003e@​babel-bot\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNicolò Ribaudo (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.2 (2026-03-16)\u003c/h2\u003e\n\u003ch4\u003e:eyeglasses: Spec Compliance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17840\"\u003e#17840\u003c/a\u003e [7.x backport] async x =\u0026gt; {} must be in leading pos (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helpers\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-async-generator-functions\u003c/code\u003e, \u003ccode\u003ebabel-preset-env\u003c/code\u003e, \u003ccode\u003ebabel-runtime-corejs3\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17805\"\u003e#17805\u003c/a\u003e [7.x backport] fix: Properly handle await in finally (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-preset-env\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/a458f66074b97d54773db8159af673d23b26079b\"\u003e\u003ccode\u003ea458f66\u003c/code\u003e\u003c/a\u003e v7.29.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/32ebd5aaf2526ddd176fd6a3d1e3dc594abdc8d9\"\u003e\u003ccode\u003e32ebd5a\u003c/code\u003e\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17974\"\u003e#17974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/aa8394e454337d118ac3d40bfa3ee1a3cb3f3ed2\"\u003e\u003ccode\u003eaa8394e\u003c/code\u003e\u003c/a\u003e v7.29.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/0053db620c05acf0036f593b5aaf4e372daa79d0\"\u003e\u003ccode\u003e0053db6\u003c/code\u003e\u003c/a\u003e Update polyfill packages (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17727\"\u003e#17727\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/61647ae2397c82c3c71f077b5ab109106a5cac0f\"\u003e\u003ccode\u003e61647ae\u003c/code\u003e\u003c/a\u003e v7.28.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/a177d551adba99773f4ff00ea9bf46550def6132\"\u003e\u003ccode\u003ea177d55\u003c/code\u003e\u003c/a\u003e [Babel 8] Use \u003ccode\u003et.traverseFast\u003c/code\u003e to replace some \u003ccode\u003epath.traverse\u003c/code\u003e (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17518\"\u003e#17518\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/eebd3a06021c13d335b5b0bd79734df3abbea678\"\u003e\u003ccode\u003eeebd3a0\u003c/code\u003e\u003c/a\u003e v7.27.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/317e332e650bc04907bc787ab79f930288a3e71e\"\u003e\u003ccode\u003e317e332\u003c/code\u003e\u003c/a\u003e Enforce node protocol import (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17207\"\u003e#17207\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/fdc0fb59e119ee0b38bced63867a344a5b4bc2f3\"\u003e\u003ccode\u003efdc0fb5\u003c/code\u003e\u003c/a\u003e [Babel 8] Bump nodejs requirements to \u003ccode\u003e^20.19.0 || \u0026gt;= 22.12.0\u003c/code\u003e (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17204\"\u003e#17204\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/cd24cc07ef6558b7f6510f9177f6393c91b0549f\"\u003e\u003ccode\u003ecd24cc0\u003c/code\u003e\u003c/a\u003e chore: Update TS 5.7 (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17053\"\u003e#17053\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/babel/babel/commits/v7.29.4/packages/babel-plugin-transform-modules-systemjs\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for \u003ccode\u003e@​babel/plugin-transform-modules-systemjs\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `bn.js` from 4.11.9 to 5.2.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/indutny/bn.js/releases\"\u003ebn.js's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: serious issue in \u003ccode\u003e.toString(16)\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/295\"\u003e#295\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: Buffer not using global in browser (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/260\"\u003e#260\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix: LE constructor for HEX (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/265\"\u003e#265\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.1.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for defined but not implemented Symbol.for (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/252\"\u003e#252\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.1.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix BN v5/v4 interoperability issue (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/249\"\u003e#249\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.1.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eTemporary workaround for BN#_move (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/236\"\u003e#236\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd eslintrc instead config in package.json (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/237\"\u003e#237\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.1.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBenchmark for BigInt (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/226\"\u003e#226\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd documentation for max/min (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/232\"\u003e#232\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate BN#inspect for Symbols (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/225\"\u003e#225\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove performance of toArrayLike (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/222\"\u003e#222\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etemporary disable jumboMulTo in BN#mulTo (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/221\"\u003e#221\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eoptimize toBitArray function (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/212\"\u003e#212\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix iaddn sign issue (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/216\"\u003e#216\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003etravis: update node versions (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/205\"\u003e#205\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRefactor buffer constructor (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/200\"\u003e#200\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003elib: fix for negative numbers: imuln, modrn, idivn (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/185\"\u003e#185\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebn: fix Red#imod (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/178\"\u003e#178\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echeck unexpected high bits for invalid characters (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/173\"\u003e#173\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edocument support very large integers (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/158\"\u003e#158\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eonly define toBuffer if Buffer is defined (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/172\"\u003e#172\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003elib: better validation of string input (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/151\"\u003e#151\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etests: reject decimal input in constructor (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/91\"\u003e#91\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebn: make .strip() an internal method (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/105\"\u003e#105\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003elib: deprecate \u003ccode\u003e.modn()\u003c/code\u003e introduce \u003ccode\u003e.modrn()\u003c/code\u003e  (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/112\"\u003e#112\u003c/a\u003e \u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/129\"\u003e#129\u003c/a\u003e \u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/130\"\u003e#130\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebn: don't accept invalid characters (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/141\"\u003e#141\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003epackage: use \u003ccode\u003efiles\u003c/code\u003e insteadof \u003ccode\u003e.npmignore\u003c/code\u003e  (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/152\"\u003e#152\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebn: improve allocation speed for buffers (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/167\"\u003e#167\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etoJSON to default to interoperable hex (length % 2) (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/164\"\u003e#164\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/indutny/bn.js/blob/master/CHANGELOG.md\"\u003ebn.js's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.2.3 / 2026-02-19\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: imaskn state (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/317\"\u003e#317\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.2 / 2025-04-25\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: imuln/muln with zero (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/313\"\u003e#313\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.1 / 2022-02-23\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: serious issue in \u003ccode\u003e.toString(16)\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/295\"\u003e#295\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.0 / 2021-02-23\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: Buffer not using global in browser (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/260\"\u003e#260\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix LE constructor for HEX (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/265\"\u003e#265\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.1.3 / 2020-08-14\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for defined but not implemented Symbol.for (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/252\"\u003e#252\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.1.2 / 2020-05-20\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix BN v5/v4 interoperability issue (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/249\"\u003e#249\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.1.1 / 2019-12-24\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eTemporary workaround for BN#_move (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/236\"\u003e#236\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd eslintrc instead config in package.json (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/237\"\u003e#237\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.1.0 / 2019-12-23\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBenchmark for BigInt (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/226\"\u003e#226\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd documentation for max/min (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/232\"\u003e#232\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate BN#inspect for Symbols (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/225\"\u003e#225\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove performance of toArrayLike (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/222\"\u003e#222\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etemporary disable jumboMulTo in BN#mulTo (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/221\"\u003e#221\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eoptimize toBitArray function (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/212\"\u003e#212\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix iaddn sign issue (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/216\"\u003e#216\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.0.0 / 2019-07-04\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/ea6c072a951493ca99e5cd5f8da3851b90116271\"\u003e\u003ccode\u003eea6c072\u003c/code\u003e\u003c/a\u003e 5.2.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/33df26b5771e824f303a79ec6407409376baa64b\"\u003e\u003ccode\u003e33df26b\u003c/code\u003e\u003c/a\u003e fix imaskn state (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/317\"\u003e#317\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/6db7c3818569423b94ebcf2bdff90fcfb9c47f6d\"\u003e\u003ccode\u003e6db7c38\u003c/code\u003e\u003c/a\u003e 5.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/c7e1a532566c83fd0297ff7669c227b824928bf4\"\u003e\u003ccode\u003ec7e1a53\u003c/code\u003e\u003c/a\u003e Fix imuln/muln with zero (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/313\"\u003e#313\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/4cc0bfa5195d54876a6b807827e582522c813019\"\u003e\u003ccode\u003e4cc0bfa\u003c/code\u003e\u003c/a\u003e docs: mention the max plain JS number argument value (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/307\"\u003e#307\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/5df40f81ea8afb835b909bb7c21e0833cdeb6a30\"\u003e\u003ccode\u003e5df40f8\u003c/code\u003e\u003c/a\u003e Document \u003ccode\u003elength\u003c/code\u003e unit in \u003ccode\u003etoBuffer(...)\u003c/code\u003e input (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/299\"\u003e#299\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/7078ea85082f2d14e6b315debec76b472b1d55fa\"\u003e\u003ccode\u003e7078ea8\u003c/code\u003e\u003c/a\u003e 5.2.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/042ab62e70418c15f189b45460709a51faf303cc\"\u003e\u003ccode\u003e042ab62\u003c/code\u003e\u003c/a\u003e Fix serious issue in \u003ccode\u003e.toString(16)\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/295\"\u003e#295\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/db57519421f0c47c9f68c05fa6fc12273dcca2c2\"\u003e\u003ccode\u003edb57519\u003c/code\u003e\u003c/a\u003e Fix a few typos in readme (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/285\"\u003e#285\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/4187ca213e91b41acf72be046072f2dc1f06d0de\"\u003e\u003ccode\u003e4187ca2\u003c/code\u003e\u003c/a\u003e readme: add Scout APM to new Sponsors section\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/indutny/bn.js/compare/v4.11.9...v5.2.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `follow-redirects` from 1.9.0 to 1.16.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/0c23a223067201c368035e82954c11eb2578a33b\"\u003e\u003ccode\u003e0c23a22\u003c/code\u003e\u003c/a\u003e Release version 1.16.0 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/844c4d302ac963d29bdb5dc1754ec7df3d70d7f9\"\u003e\u003ccode\u003e844c4d3\u003c/code\u003e\u003c/a\u003e Add sensitiveHeaders option.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5e8b8d024e2c76f804a284258e585ecb49a575be\"\u003e\u003ccode\u003e5e8b8d0\u003c/code\u003e\u003c/a\u003e ci: add Node.js 24.x to the CI matrix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7953e2255aa0b93602eed3804f3bc5e6923a03af\"\u003e\u003ccode\u003e7953e22\u003c/code\u003e\u003c/a\u003e ci: upgrade GitHub Actions to use setup-node@v6 and checkout@v6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/86dc1f86e4b56bcd642c78384d51f10f123aea75\"\u003e\u003ccode\u003e86dc1f8\u003c/code\u003e\u003c/a\u003e Sanitizing input.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/21ef28a544c5e57f4c34b8476d75f2144609a1eb\"\u003e\u003ccode\u003e21ef28a\u003c/code\u003e\u003c/a\u003e Release version 1.15.11 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7c88135da3bd0681a7e156ee66b16b2f6f98b480\"\u003e\u003ccode\u003e7c88135\u003c/code\u003e\u003c/a\u003e Roll back tree shaking.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/6e389ba094beec211a8847788a146917a16c1bdb\"\u003e\u003ccode\u003e6e389ba\u003c/code\u003e\u003c/a\u003e Release version 1.15.10 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5bc496e0229abda823221e0c6267926a3f93f262\"\u003e\u003ccode\u003e5bc496e\u003c/code\u003e\u003c/a\u003e Shake me up before you go-go.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/694d6b47a42bc8377e5ef1480394de451e16bd5b\"\u003e\u003ccode\u003e694d6b4\u003c/code\u003e\u003c/a\u003e Bump minimist from 1.2.5 to 1.2.8\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/follow-redirects/follow-redirects/compare/v1.9.0...v1.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `handlebars` from 4.5.3 to 4.7.9\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/handlebars-lang/handlebars.js/releases\"\u003ehandlebars's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.7.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: enable shell mode for spawn to resolve Windows EINVAL issue - e0137c2\u003c/li\u003e\n\u003cli\u003efix type \u0026quot;RuntimeOptions\u0026quot; also accepting string partials - eab1d14\u003c/li\u003e\n\u003cli\u003efeat(types): set \u003ccode\u003ehash\u003c/code\u003e to be a \u003ccode\u003eRecord\u0026lt;string, any\u0026gt;\u003c/code\u003e - de4414d\u003c/li\u003e\n\u003cli\u003efix non-contiguous program indices - 4512766\u003c/li\u003e\n\u003cli\u003erefactor: rename i to startPartIndex - e497a35\u003c/li\u003e\n\u003cli\u003esecurity: fix security issues - 68d8df5\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2w6w-674q-4c4q\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2w6w-674q-4c4q\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-3mfm-83xf-c92r\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-3mfm-83xf-c92r\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xhpv-hc6g-r9c6\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xhpv-hc6g-r9c6\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xjpj-3mr7-gcpf\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xjpj-3mr7-gcpf\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-9cx6-37pm-9jff\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-9cx6-37pm-9jff\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2qvq-rjwj-gvw9\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2qvq-rjwj-gvw9\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-7rx3-28cr-v5wh\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-7rx3-28cr-v5wh\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-442j-39wm-28r2\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-442j-39wm-28r2\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.8...v4.7.9\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.7.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMake library compatible with workers (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1894\"\u003e#1894\u003c/a\u003e) - 3d3796c\u003c/li\u003e\n\u003cli\u003eDon't rely on Node.js global object (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1776\"\u003e#1776\u003c/a\u003e) - 2954e7e\u003c/li\u003e\n\u003cli\u003eFix compiling of each block params in strict mode (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1855\"\u003e#1855\u003c/a\u003e) - 30dbf04\u003c/li\u003e\n\u003cli\u003eFix rollup warning when importing Handlebars as ESM - 03d387b\u003c/li\u003e\n\u003cli\u003eFix bundler issue with webpack 5 (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1862\"\u003e#1862\u003c/a\u003e) - c6c6bbb\u003c/li\u003e\n\u003cli\u003eUse https instead of git for mustache submodule - 88ac068\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.7...v4.7.8\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/handlebars-lang/handlebars.js/blob/v4.7.9/release-notes.md\"\u003ehandlebars's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.7.9 - March 26th, 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: enable shell mode for spawn to resolve Windows EINVAL issue - e0137c2\u003c/li\u003e\n\u003cli\u003efix type \u0026quot;RuntimeOptions\u0026quot; also accepting string partials - eab1d14\u003c/li\u003e\n\u003cli\u003efeat(types): set \u003ccode\u003ehash\u003c/code\u003e to be a \u003ccode\u003eRecord\u0026lt;string, any\u0026gt;\u003c/code\u003e - de4414d\u003c/li\u003e\n\u003cli\u003efix non-contiguous program indices - 4512766\u003c/li\u003e\n\u003cli\u003erefactor: rename i to startPartIndex - e497a35\u003c/li\u003e\n\u003cli\u003esecurity: fix security issues - 68d8df5\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.8...v4.7.9\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.7.8 - July 27th, 2023\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMake library compatible with workers (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1894\"\u003e#1894\u003c/a\u003e) - 3d3796c\u003c/li\u003e\n\u003cli\u003eDon't rely on Node.js global object (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1776\"\u003e#1776\u003c/a\u003e) - 2954e7e\u003c/li\u003e\n\u003cli\u003eFix compiling of each block params in strict mode (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1855\"\u003e#1855\u003c/a\u003e) - 30dbf04\u003c/li\u003e\n\u003cli\u003eFix rollup warning when importing Handlebars as ESM - 03d387b\u003c/li\u003e\n\u003cli\u003eFix bundler issue with webpack 5 (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1862\"\u003e#1862\u003c/a\u003e) - c6c6bbb\u003c/li\u003e\n\u003cli\u003eUse https instead of git for mustache submodule - 88ac068\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.7...v4.7.8\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.7.7 - February 15th, 2021\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix weird error in integration tests - eb860c0\u003c/li\u003e\n\u003cli\u003efix: check prototype property access in strict-mode (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1736\"\u003e#1736\u003c/a\u003e) - b6d3de7\u003c/li\u003e\n\u003cli\u003efix: escape property names in compat mode (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1736\"\u003e#1736\u003c/a\u003e) - f058970\u003c/li\u003e\n\u003cli\u003erefactor: In spec tests, use expectTemplate over equals and shouldThrow (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1683\"\u003e#1683\u003c/a\u003e) - 77825f8\u003c/li\u003e\n\u003cli\u003echore: start testing on Node.js 12 and 13 - 3789a30\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e(POSSIBLY) BREAKING CHANGES:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ethe changes from version \u003ca href=\"https://github.com/handlebars-lang/handlebars.js/blob/master/release-notes.md#v460---january-8th-2020\"\u003e4.6.0\u003c/a\u003e now also apply\nin when using the compile-option \u0026quot;strict: true\u0026quot;. Access to prototype properties is forbidden completely by default, specific properties or methods\ncan be allowed via runtime-options. See \u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1633\"\u003e#1633\u003c/a\u003e for details. If you are using Handlebars as documented, you should not be accessing prototype properties\nfrom your template anyway, so the changes should not be a problem for you. Only the use of undocumented features can break your build.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThat is why we only bump the patch version despite mentioning breaking changes.\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/wycats/handlebars.js/compare/v4.7.6...v4.7.7\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.7.6 - April 3rd, 2020\u003c/h2\u003e\n\u003cp\u003eChore/Housekeeping:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/wycats/handlebars.js/issues/1672\"\u003e#1672\u003c/a\u003e - Switch cmd parser to latest minimist (\u003ca href=\"https://api.github.com/users/dougwilson\"\u003e\u003ccode\u003e@​dougwilson\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eCompatibility notes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRestored Node.js compatibility\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/detail...\n\n_Description has been truncated_","html_url":"https://github.com/Surfndez/next.js/pull/15","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Surfndez%2Fnext.js/issues/15","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/15/packages"}},{"old_version":"3.2.2","new_version":"3.2.3","update_type":"patch","path":null,"pr_created_at":"2026-05-20T16:26:51.000Z","version_change":"3.2.2 → 3.2.3","issue":{"uuid":"4488195628","node_id":"PR_kwDOSjJwAs7dnUlA","number":2,"state":"closed","title":"chore(deps): bump the npm_and_yarn group across 1 directory with 5 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-20T16:34:10.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-20T16:26:51.000Z","updated_at":"2026-05-20T16:34:20.000Z","time_to_close":439,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"npm_and_yarn","update_count":5,"packages":[{"name":"next","old_version":"16.1.0-canary.19","new_version":"16.2.6","repository_url":"https://github.com/vercel/next.js"},{"name":"postcss","old_version":"8.5.6","new_version":"8.5.10","repository_url":"https://github.com/postcss/postcss"},{"name":"jws","old_version":"3.2.2","new_version":"3.2.3","repository_url":"https://github.com/brianloveswords/node-jws"},{"name":"path-to-regexp","old_version":"0.1.7","new_version":"8.4.2","repository_url":"https://github.com/pillarjs/path-to-regexp"},{"name":"picomatch","old_version":"4.0.3","new_version":"4.0.4","repository_url":"https://github.com/micromatch/picomatch"}],"path":null,"ecosystem":"npm"},"body":"[//]: # (dependabot-start)\n⚠️  **Dependabot is rebasing this PR** ⚠️ \n\nRebasing might not happen immediately, so don't worry if this takes some time.\n\nNote: if you make any changes to this PR yourself, they will take precedence over the rebase.\n\n---\n\n[//]: # (dependabot-end)\n\nBumps the npm_and_yarn group with 5 updates in the /site directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [next](https://github.com/vercel/next.js) | `16.1.0-canary.19` | `16.2.6` |\n| [postcss](https://github.com/postcss/postcss) | `8.5.6` | `8.5.10` |\n| [jws](https://github.com/brianloveswords/node-jws) | `3.2.2` | `3.2.3` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `0.1.7` | `8.4.2` |\n| [picomatch](https://github.com/micromatch/picomatch) | `4.0.3` | `4.0.4` |\n\n\nUpdates `next` from 16.1.0-canary.19 to 16.2.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vercel/next.js/releases\"\u003enext's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev16.2.6\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nThis release contains security fixes and backported bug fixes. It does \u003cstrong\u003enot\u003c/strong\u003e include all pending features/changes on canary.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eSecurity Fixes\u003c/h3\u003e\n\u003cp\u003eThe following advisories have been addressed:\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eHigh:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-8h8q-6873-q5fj\"\u003eGHSA-8h8q-6873-q5fj: Denial of Service with Server Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-267c-6grr-h53f\"\u003eGHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-26hh-7cqf-hhc6\"\u003eGHSA-26hh-7cqf-hhc6: Middleware / Proxy bypass in App Router applications via segment-prefetch routes - \u003cstrong\u003eIncomplete Fix Follow-Up\u003c/strong\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-mg66-mrh9-m8jx\"\u003eGHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-492v-c6pp-mqqv\"\u003eGHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-c4j6-fc7j-m34r\"\u003eGHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-36qx-fr4f-26g5\"\u003eGHSA-36qx-fr4f-26g5: Middleware / Proxy bypass in Pages Router applications using i18n\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eModerate:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-ffhc-5mcf-pf4q\"\u003eGHSA-ffhc-5mcf-pf4q: Cross-site scripting in App Router applications using CSP nonces\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-gx5p-jg67-6x7h\"\u003eGHSA-gx5p-jg67-6x7h: Cross-site scripting in beforeInteractive scripts with untrusted input\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-h64f-5h5j-jqjh\"\u003eGHSA-h64f-5h5j-jqjh: Denial of Service in the Image Optimization API\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-wfc6-r584-vfw7\"\u003eGHSA-wfc6-r584-vfw7: Cache poisoning in React Server Component responses\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eLow:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-vfv6-92ff-j949\"\u003eGHSA-vfv6-92ff-j949: Cache poisoning via collisions in React Server Component cache-busting\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-3g8h-86w9-wvmq\"\u003eGHSA-3g8h-86w9-wvmq: Middleware / Proxy redirects can be cache-poisoned\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCore Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix: preserve HTTP access fallbacks during prerender recovery (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92231\"\u003e#92231\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix fallback route params case in app-page handler (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/91737\"\u003e#91737\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix invalid HTML response for route-level RSC requests in deployment adapter (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/91541\"\u003e#91541\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePatch setHeader for direct route handlers (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93101\"\u003e#93101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eInclude deployment id in \u003ccode\u003ecacheHandlers\u003c/code\u003e keys (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93453\"\u003e#93453\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix double-encoding of URL pathname parts in client param parsing (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93491\"\u003e#93491\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev16.2.5\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nThis release contains security fixes and backported bug fixes. It does \u003cstrong\u003enot\u003c/strong\u003e include all pending features/changes on canary.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eSecurity Fixes\u003c/h3\u003e\n\u003cp\u003eThe following advisories have been addressed:\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eHigh:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-8h8q-6873-q5fj\"\u003eGHSA-8h8q-6873-q5fj: Denial of Service with Server Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-267c-6grr-h53f\"\u003eGHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-mg66-mrh9-m8jx\"\u003eGHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-492v-c6pp-mqqv\"\u003eGHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-c4j6-fc7j-m34r\"\u003eGHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/ee6e79b1792a4d401ddf2480f40a83549fe8e722\"\u003e\u003ccode\u003eee6e79b\u003c/code\u003e\u003c/a\u003e v16.2.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/afa053d9eb9c2a68c7eba43e84fe6bed8babcd45\"\u003e\u003ccode\u003eafa053d\u003c/code\u003e\u003c/a\u003e Turbopack: Match proxy matchers with webpack implementation (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93594\"\u003e#93594\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/97a154e5bbee0cb1ac3fb8aa4db66ac36e796e3d\"\u003e\u003ccode\u003e97a154e\u003c/code\u003e\u003c/a\u003e Turbopack: Fix middleware matcher suffix (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93590\"\u003e#93590\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/83899bc89103d4df1479e065c7c1e09d4698a7b6\"\u003e\u003ccode\u003e83899bc\u003c/code\u003e\u003c/a\u003e [backport] Disable build caches for production/staging/force-preview deploys ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/7b222b90954d607fc28a34e9b360a9b1636bc206\"\u003e\u003ccode\u003e7b222b9\u003c/code\u003e\u003c/a\u003e [backport][test] Pin package manager to patch versions (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93595\"\u003e#93595\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/a8dc24f1fe23d4a22d24fac734837f7c824138f7\"\u003e\u003ccode\u003ea8dc24f\u003c/code\u003e\u003c/a\u003e [backport] Turbopack: more strict vergen setup (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93587\"\u003e#93587\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/766148f9cd48c0e218acafcd0f15defc14871bf4\"\u003e\u003ccode\u003e766148f\u003c/code\u003e\u003c/a\u003e v16.2.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/0dd94836a8b43209fcfefa448c141683c22c1a27\"\u003e\u003ccode\u003e0dd9483\u003c/code\u003e\u003c/a\u003e fix: add explicit checks for RSC header (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/83\"\u003e#83\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/98\"\u003e#98\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/d166096c399c4fc4e09cd2d1bf26dca6579a855d\"\u003e\u003ccode\u003ed166096\u003c/code\u003e\u003c/a\u003e fix proxy matching for segment prefetch URLs (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/89\"\u003e#89\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/96\"\u003e#96\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/9d50c0b7190f59c470308578e12882788819f14c\"\u003e\u003ccode\u003e9d50c0b\u003c/code\u003e\u003c/a\u003e Strip next-resume header from incoming requests (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92\"\u003e#92\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vercel/next.js/compare/v16.1.0-canary.19...v16.2.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for next since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `postcss` from 8.5.6 to 8.5.10\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/releases\"\u003epostcss's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcessor#version\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map annotation cleaning performance (by CodeAnt AI).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/blob/main/CHANGELOG.md\"\u003epostcss's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcessor#version\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map annotation cleaning performance (by CodeAnt AI).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/33b9790263dc1562a46ce45d9532bd63e95b7986\"\u003e\u003ccode\u003e33b9790\u003c/code\u003e\u003c/a\u003e Release 8.5.10 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/536c79e4b01e58a3a56b09c3c0cf2323f4b9a28b\"\u003e\u003ccode\u003e536c79e\u003c/code\u003e\u003c/a\u003e Escape \u0026lt;/style\u0026gt; in CSS output (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2074\"\u003e#2074\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/afa96b2a139ce625c4d27973313479c7c85f39d4\"\u003e\u003ccode\u003eafa96b2\u003c/code\u003e\u003c/a\u003e Update dependencies (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2073\"\u003e#2073\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/effe88bb87cabdc1876e02adbdd30f392f19f40d\"\u003e\u003ccode\u003eeffe88b\u003c/code\u003e\u003c/a\u003e Typo (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2072\"\u003e#2072\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/3ee79a2c4a11e41d52db50b444eebe38299495ad\"\u003e\u003ccode\u003e3ee79a2\u003c/code\u003e\u003c/a\u003e Thread model (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2071\"\u003e#2071\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/2e0683daca4dc2919211b03774f6b2d137136c01\"\u003e\u003ccode\u003e2e0683d\u003c/code\u003e\u003c/a\u003e Create incident response docs (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/fe88ac29c06b7b218be32994cdc6ca1525bdf2c9\"\u003e\u003ccode\u003efe88ac2\u003c/code\u003e\u003c/a\u003e Release 8.5.9 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/c551632496b87ab3f1965bfda5dc386b6c71963e\"\u003e\u003ccode\u003ec551632\u003c/code\u003e\u003c/a\u003e Avoid RegExp when we can use simple JS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/89a6b744060eb8dee743351c785a9fbe37d4525a\"\u003e\u003ccode\u003e89a6b74\u003c/code\u003e\u003c/a\u003e Move SECURITY.txt for docs folder to keep GitHub page cleaner\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/6ceb8a46af9f9de821faee98f861bdf84617347b\"\u003e\u003ccode\u003e6ceb8a4\u003c/code\u003e\u003c/a\u003e Create SECURITY.md\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/postcss/postcss/compare/8.5.6...8.5.10\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jws` from 3.2.2 to 3.2.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/brianloveswords/node-jws/releases\"\u003ejws's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.2.3\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix advisory GHSA-869p-cjfg-cm3x: createSign and createVerify now require\nthat a non empty secret is provided (via opts.secret, opts.privateKey or opts.key)\nwhen using HMAC algorithms.\u003c/li\u003e\n\u003cli\u003eUpgrading JWA version to 1.4.2, addressing a compatibility issue for Node \u0026gt;= 25.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/auth0/node-jws/blob/master/CHANGELOG.md\"\u003ejws's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[3.2.3]\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix advisory GHSA-869p-cjfg-cm3x: createSign and createVerify now require\nthat a non empty secret is provided (via opts.secret, opts.privateKey or opts.key)\nwhen using HMAC algorithms.\u003c/li\u003e\n\u003cli\u003eUpgrading JWA version to 1.4.2, adressing a compatibility issue for Node \u0026gt;= 25.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.0.0]\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eBREAKING\u003c/strong\u003e: \u003ccode\u003ejwt.verify\u003c/code\u003e now requires an \u003ccode\u003ealgorithm\u003c/code\u003e parameter, and\n\u003ccode\u003ejws.createVerify\u003c/code\u003e requires an \u003ccode\u003ealgorithm\u003c/code\u003e option. The \u003ccode\u003e\u0026quot;alg\u0026quot;\u003c/code\u003e field\nsignature headers is ignored. This mitigates a critical security flaw\nin the library which would allow an attacker to generate signatures with\narbitrary contents that would be accepted by \u003ccode\u003ejwt.verify\u003c/code\u003e. See\n\u003ca href=\"https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/\"\u003ehttps://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/\u003c/a\u003e\nfor details.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/brianloveswords/node-jws/compare/v1.0.1...v2.0.0\"\u003e2.0.0\u003c/a\u003e - 2015-01-30\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eBREAKING\u003c/strong\u003e: Default payload encoding changed from \u003ccode\u003ebinary\u003c/code\u003e to\n\u003ccode\u003eutf8\u003c/code\u003e. \u003ccode\u003eutf8\u003c/code\u003e is a is a more sensible default than \u003ccode\u003ebinary\u003c/code\u003e because\nmany payloads, as far as I can tell, will contain user-facing\nstrings that could be in any language. (\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/brianloveswords/node-jws/commit/6b6de48\"\u003e6b6de48\u003c/a\u003e\u003c!-- raw HTML omitted --\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCode reorganization, thanks \u003ca href=\"https://github.com/fearphage\"\u003e\u003ccode\u003e@​fearphage\u003c/code\u003e\u003c/a\u003e! (\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/brianloveswords/node-jws/commit/7880050\"\u003e7880050\u003c/a\u003e\u003c!-- raw HTML omitted --\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eOption in all relevant methods for \u003ccode\u003eencoding\u003c/code\u003e. For those few users\nthat might be depending on a \u003ccode\u003ebinary\u003c/code\u003e encoding of the messages, this\nis for them. (\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/brianloveswords/node-jws/commit/6b6de48\"\u003e6b6de48\u003c/a\u003e\u003c!-- raw HTML omitted --\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/auth0/node-jws/commit/4f6e73f24df42f07d632dec6431ade8eda8d11a6\"\u003e\u003ccode\u003e4f6e73f\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/auth0/node-jws/commit/bd0fea57f35a97b6749a632b19ae5100d6d35729\"\u003e\u003ccode\u003ebd0fea5\u003c/code\u003e\u003c/a\u003e version 3.2.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/auth0/node-jws/commit/7c3b4b411004c206af8901fa3f8e644127bbf8d9\"\u003e\u003ccode\u003e7c3b4b4\u003c/code\u003e\u003c/a\u003e Enhance tests for HMAC streaming sign and verify\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/auth0/node-jws/commit/a9b8ed999de8f8fff486ac9167514577a0fae323\"\u003e\u003ccode\u003ea9b8ed9\u003c/code\u003e\u003c/a\u003e Improve secretOrKey initialization in VerifyStream\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/auth0/node-jws/commit/6707fde62cbae465a7f11e52760fb994dbc0e0dc\"\u003e\u003ccode\u003e6707fde\u003c/code\u003e\u003c/a\u003e Improve secret handling in SignStream\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/brianloveswords/node-jws/compare/v3.2.2...v3.2.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~julien.wollscheid\"\u003ejulien.wollscheid\u003c/a\u003e, a new releaser for jws since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `path-to-regexp` from 0.1.7 to 8.4.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pillarjs/path-to-regexp/releases\"\u003epath-to-regexp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.4.2\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFixed\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eError on trailing backslash (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/434\"\u003e#434\u003c/a\u003e)  9a78879\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003ePerformance\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMinimize array allocations (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/437\"\u003e#437\u003c/a\u003e)  937c02d\u003c/li\u003e\n\u003cli\u003eImprove compile performance (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/436\"\u003e#436\u003c/a\u003e)  57247e6\n\u003cul\u003e\n\u003cli\u003eShould improve compilation performance by ~25%\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eRemove internal tokenization during parse (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/435\"\u003e#435\u003c/a\u003e)  5844988\n\u003cul\u003e\n\u003cli\u003eShould improve parse performance by ~20%\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBundle size\u003c/strong\u003e to 1.93 kB, from 1.97 kB.\u003c/p\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/compare/v8.4.1...v8.4.2\"\u003ehttps://github.com/pillarjs/path-to-regexp/compare/v8.4.1...v8.4.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.4.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFixed\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRemove trie deduplication (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/431\"\u003e#431\u003c/a\u003e)  6bc8e84\n\u003cul\u003e\n\u003cli\u003eUsing a trie required non-greedy matching, which regressed wildcards in non-ending mode by matching them up until the first match. For example:\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e/*foo\u003c/code\u003e with \u003ccode\u003e/a/b\u003c/code\u003e = \u003ccode\u003e/a\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e/*foo.html\u003c/code\u003ewith \u003ccode\u003e/a/b.html/c.html\u003c/code\u003e = \u003ccode\u003e/a/b.html\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eAllow backtrack handling to match itself (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/427\"\u003e#427\u003c/a\u003e)  5bcd30b\n\u003cul\u003e\n\u003cli\u003eWhen backtracking was introduced, it rejected matching things like \u003ccode\u003e/:\u0026quot;a\u0026quot;_:\u0026quot;b\u0026quot;\u003c/code\u003e against \u003ccode\u003e/foo__\u003c/code\u003e. This makes intuitive sense because the second parameter is not going to backtrack on \u003ccode\u003e_\u003c/code\u003e anymore, but it's somewhat unexpected since there's no reason it shouldn't match the second \u003ccode\u003e_\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/compare/v8.4.0...v8.4.1\"\u003ehttps://github.com/pillarjs/path-to-regexp/compare/v8.4.0...v8.4.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.4.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eImportant\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-4926\"\u003eCVE-2026-4926\u003c/a\u003e (\u003ca href=\"https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-j3q9-mxjg-w52f\"\u003eGHSA-j3q9-mxjg-w52f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-4923\"\u003eCVE-2026-4923\u003c/a\u003e (\u003ca href=\"https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-27v5-c462-wpq7\"\u003eGHSA-27v5-c462-wpq7\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFixed\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRestricts wildcard backtracking when using more than 1 in a path (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/pull/421\"\u003epillarjs/path-to-regexp#421\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eChanged\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDedupes regex prefixes (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/pull/422\"\u003epillarjs/path-to-regexp#422\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eThis will result in shorter regular expressions for some cases using optional groups\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eRejects large optional route combinations (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/pull/424\"\u003epillarjs/path-to-regexp#424\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eWhen using groups such as \u003ccode\u003e/users{/delete}\u003c/code\u003e it will restrict the number of generated combinations to \u0026lt; 256, equivalent to 8 top-level optional groups and unlikely to occur in a real world application, but avoids exploding the regex size for applications that accept user created routes\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pillarjs/path-to-regexp/blob/master/History.md\"\u003epath-to-regexp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eMoved to \u003ca href=\"https://github.com/pillarjs/path-to-regexp/releases\"\u003eGitHub Releases\u003c/a\u003e\u003c/h1\u003e\n\u003ch2\u003e3.0.0 / 2019-01-13\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAlways use prefix character as delimiter token, allowing any character to be a delimiter (e.g. \u003ccode\u003e/:att1-:att2-:att3-:att4-:att5\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003eRemove \u003ccode\u003epartial\u003c/code\u003e support, prefer escaping the prefix delimiter explicitly (e.g. \u003ccode\u003e\\\\/(apple-)?icon-:res(\\\\d+).png\u003c/code\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.4.0 / 2018-08-26\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSupport \u003ccode\u003estart\u003c/code\u003e option to disable anchoring from beginning of the string\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.3.0 / 2018-08-20\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUse \u003ccode\u003edelimiter\u003c/code\u003e when processing repeated matching groups (e.g. \u003ccode\u003efoo/bar\u003c/code\u003e has no prefix, but has a delimiter)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.1 / 2018-04-24\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAllow empty string with \u003ccode\u003eend: false\u003c/code\u003e to match both relative and absolute paths\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.0 / 2018-03-06\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePass \u003ccode\u003etoken\u003c/code\u003e as second argument to \u003ccode\u003eencode\u003c/code\u003e option (e.g. \u003ccode\u003eencode(value, token)\u003c/code\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.1.0 / 2017-10-20\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHandle non-ending paths where the final character is a delimiter\n\u003cul\u003e\n\u003cli\u003eE.g. \u003ccode\u003e/foo/\u003c/code\u003e before required either \u003ccode\u003e/foo/\u003c/code\u003e or \u003ccode\u003e/foo//\u003c/code\u003e to match in non-ending mode\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.0.0 / 2017-08-23\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNew option! Ability to set \u003ccode\u003eendsWith\u003c/code\u003e to match paths like \u003ccode\u003e/test?query=string\u003c/code\u003e up to the query string\u003c/li\u003e\n\u003cli\u003eNew option! Set \u003ccode\u003edelimiters\u003c/code\u003e for specific characters to be treated as parameter prefixes (e.g. \u003ccode\u003e/:test\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003eRemove \u003ccode\u003eisarray\u003c/code\u003e dependency\u003c/li\u003e\n\u003cli\u003eExplicitly handle trailing delimiters instead of trimming them (e.g. \u003ccode\u003e/test/\u003c/code\u003e is now treated as \u003ccode\u003e/test/\u003c/code\u003e instead of \u003ccode\u003e/test\u003c/code\u003e when matching)\u003c/li\u003e\n\u003cli\u003eRemove overloaded \u003ccode\u003ekeys\u003c/code\u003e argument that accepted \u003ccode\u003eoptions\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eRemove \u003ccode\u003ekeys\u003c/code\u003e list attached to the \u003ccode\u003eRegExp\u003c/code\u003e output\u003c/li\u003e\n\u003cli\u003eRemove asterisk functionality (it's a real pain to properly encode)\u003c/li\u003e\n\u003cli\u003eChange \u003ccode\u003etokensToFunction\u003c/code\u003e (e.g. \u003ccode\u003ecompile\u003c/code\u003e) to accept an \u003ccode\u003eencode\u003c/code\u003e function for pretty encoding (e.g. pass your own implementation)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.7.0 / 2016-11-08\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAllow a \u003ccode\u003edelimiter\u003c/code\u003e option to be passed in with \u003ccode\u003etokensToRegExp\u003c/code\u003e which will be used for \u0026quot;non-ending\u0026quot; token match situations\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.6.0 / 2016-10-03\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePopulate \u003ccode\u003eRegExp.keys\u003c/code\u003e when using the \u003ccode\u003etokensToRegExp\u003c/code\u003e method (making it consistent with the main export)\u003c/li\u003e\n\u003cli\u003eAllow a \u003ccode\u003edelimiter\u003c/code\u003e option to be passed in with \u003ccode\u003eparse\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eUpdated TypeScript definition with \u003ccode\u003eKeys\u003c/code\u003e and \u003ccode\u003eOptions\u003c/code\u003e updated\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.5.3 / 2016-06-15\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/cbf30259e6d34d6135f9e7dbaa3371e7188f9936\"\u003e\u003ccode\u003ecbf3025\u003c/code\u003e\u003c/a\u003e 8.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/937c02df571aef02832610100859efab21995320\"\u003e\u003ccode\u003e937c02d\u003c/code\u003e\u003c/a\u003e Minimize array allocations (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/437\"\u003e#437\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/57247e63fd061aa17b9f75c87712c680b223ee04\"\u003e\u003ccode\u003e57247e6\u003c/code\u003e\u003c/a\u003e Improve compile performance (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/436\"\u003e#436\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/58449883539022c9ac36ea3e9abb0fc7b9d84223\"\u003e\u003ccode\u003e5844988\u003c/code\u003e\u003c/a\u003e Remove internal tokenization during parse (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/435\"\u003e#435\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/9a788793e7eeb0ccf9c53c1cb54d297b5badfcc3\"\u003e\u003ccode\u003e9a78879\u003c/code\u003e\u003c/a\u003e Error on trailing backslash (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/434\"\u003e#434\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/7f058760ae0867fdd75e5ed07d7096f782c1f752\"\u003e\u003ccode\u003e7f05876\u003c/code\u003e\u003c/a\u003e 8.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/6bc8e84677caa52de6db7b2b17a6729ec155b070\"\u003e\u003ccode\u003e6bc8e84\u003c/code\u003e\u003c/a\u003e Remove trie deduplication (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/431\"\u003e#431\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/5bcd30b790fecfd4798521af28a57214996c4139\"\u003e\u003ccode\u003e5bcd30b\u003c/code\u003e\u003c/a\u003e Allow backtrack handling to match itself (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/427\"\u003e#427\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/9f9c6c501f6d015db3df224d2479475d59cac0a5\"\u003e\u003ccode\u003e9f9c6c5\u003c/code\u003e\u003c/a\u003e Add parsing to benchmarks (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/418\"\u003e#418\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/9fd31e0cde4f35b5f15f1676eabe3484618038ad\"\u003e\u003ccode\u003e9fd31e0\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003etrailing: false\u003c/code\u003e tests (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/428\"\u003e#428\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pillarjs/path-to-regexp/compare/v0.1.7...v8.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `picomatch` from 4.0.3 to 4.0.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/releases\"\u003epicomatch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.0.4\u003c/h2\u003e\n\u003cp\u003eThis is a security release fixing several security relevant issues.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj\"\u003eCVE-2026-33671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p\"\u003eCVE-2026-33672\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/micromatch/picomatch/compare/4.0.3...4.0.4\"\u003ehttps://github.com/micromatch/picomatch/compare/4.0.3...4.0.4\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/e5474fc1a4d7991870058170407dda8a42be5334\"\u003e\u003ccode\u003ee5474fc\u003c/code\u003e\u003c/a\u003e Publish 4.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/4516eb521f13a46b2fe1a1d2c9ef6b20ddc0e903\"\u003e\u003ccode\u003e4516eb5\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/5eceecd27543b8e056b9307d69e105ea03618a7d\"\u003e\u003ccode\u003e5eceecd\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/0db7dd70651ca7c8265601c0442a996ed32e3238\"\u003e\u003ccode\u003e0db7dd7\u003c/code\u003e\u003c/a\u003e Run benchmark again against latest minimatch version (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/161\"\u003e#161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/95003777eb1c60dec09495a8231fa2ba4054d76a\"\u003e\u003ccode\u003e9500377\u003c/code\u003e\u003c/a\u003e docs: clarify what brace expansion syntax is and isn't supported (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/134\"\u003e#134\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/2661f23eca86c8b4a2b14815b9b2b3b74bd5a171\"\u003e\u003ccode\u003e2661f23\u003c/code\u003e\u003c/a\u003e fix typo in globstars.js test name (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/138\"\u003e#138\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/1798b07e9df59500b9cf567294d44d559032f4c7\"\u003e\u003ccode\u003e1798b07\u003c/code\u003e\u003c/a\u003e docs: fix \u003ccode\u003emakeRe\u003c/code\u003e example (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/143\"\u003e#143\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/9d76bc57a03b7f57cc4ca516c8071daf632bafd8\"\u003e\u003ccode\u003e9d76bc5\u003c/code\u003e\u003c/a\u003e chore: undocument removed options (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/146\"\u003e#146\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/e4d718bbfb47e4f030ab2612b5b04a9297fe272d\"\u003e\u003ccode\u003ee4d718b\u003c/code\u003e\u003c/a\u003e Remove unused time-require (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/160\"\u003e#160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/38dffeb16221cc8eb8981524fb6895dd2aaaba76\"\u003e\u003ccode\u003e38dffeb\u003c/code\u003e\u003c/a\u003e chore(deps): pin dependencies (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/158\"\u003e#158\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/micromatch/picomatch/compare/4.0.3...4.0.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/DeterminateSystems/async-stripe/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/DeterminateSystems/async-stripe/pull/2","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/DeterminateSystems%2Fasync-stripe/issues/2","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2/packages"}},{"old_version":"3.2.2","new_version":"3.2.3","update_type":"patch","path":null,"pr_created_at":"2026-05-20T12:48:12.000Z","version_change":"3.2.2 → 3.2.3","issue":{"uuid":"4486547991","node_id":"PR_kwDODpAV6c7dh803","number":1,"state":"closed","title":"Bump the npm_and_yarn group across 1 directory with 10 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-25T05:29:07.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-20T12:48:12.000Z","updated_at":"2026-05-25T05:29:09.000Z","time_to_close":405655,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":10,"packages":[{"name":"next","old_version":"9.2.1","new_version":"15.5.18","repository_url":"https://github.com/vercel/next.js"},{"name":"ajv","old_version":"6.10.2","new_version":"6.15.0","repository_url":"https://github.com/ajv-validator/ajv"},{"name":"brace-expansion","old_version":"1.1.11","new_version":"1.1.14","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"js-yaml","old_version":"3.13.1","new_version":"3.14.2","repository_url":"https://github.com/nodeca/js-yaml"},{"name":"jws","old_version":"3.2.2","new_version":"3.2.3","repository_url":"https://github.com/brianloveswords/node-jws"},{"name":"minimatch","old_version":"3.0.4","new_version":"3.1.5","repository_url":"https://github.com/isaacs/minimatch"},{"name":"protobufjs","old_version":"6.8.8","new_version":"6.11.6","repository_url":"https://github.com/protobufjs/protobuf.js"},{"name":"yaml","old_version":"1.7.2","new_version":"1.10.3","repository_url":"https://github.com/eemeli/yaml"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 8 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [next](https://github.com/vercel/next.js) | `9.2.1` | `15.5.18` |\n| [ajv](https://github.com/ajv-validator/ajv) | `6.10.2` | `6.15.0` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.14` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.13.1` | `3.14.2` |\n| [jws](https://github.com/brianloveswords/node-jws) | `3.2.2` | `3.2.3` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.5` |\n| [protobufjs](https://github.com/protobufjs/protobuf.js) | `6.8.8` | `6.11.6` |\n| [yaml](https://github.com/eemeli/yaml) | `1.7.2` | `1.10.3` |\n\n\nUpdates `next` from 9.2.1 to 15.5.18\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vercel/next.js/releases\"\u003enext's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev15.5.18\u003c/h2\u003e\n\u003cp\u003eThis release contains security fixes for the following advisories:\u003c/p\u003e\n\u003cp\u003eHigh:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-8h8q-6873-q5fj\"\u003eGHSA-8h8q-6873-q5fj: Denial of Service with Server Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-267c-6grr-h53f\"\u003eGHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-26hh-7cqf-hhc6\"\u003eGHSA-26hh-7cqf-hhc6: Middleware / Proxy bypass in App Router applications via segment-prefetch routes - Incomplete Fix Follow-Up\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-mg66-mrh9-m8jx\"\u003eGHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-492v-c6pp-mqqv\"\u003eGHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-c4j6-fc7j-m34r\"\u003eGHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-36qx-fr4f-26g5\"\u003eGHSA-36qx-fr4f-26g5: Middleware / Proxy bypass in Pages Router applications using i18n\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eModerate:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-ffhc-5mcf-pf4q\"\u003eGHSA-ffhc-5mcf-pf4q: Cross-site scripting in App Router applications using CSP nonces\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-gx5p-jg67-6x7h\"\u003eGHSA-gx5p-jg67-6x7h: Cross-site scripting in beforeInteractive scripts with untrusted input\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-h64f-5h5j-jqjh\"\u003eGHSA-h64f-5h5j-jqjh: Denial of Service in the Image Optimization API\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-wfc6-r584-vfw7\"\u003eGHSA-wfc6-r584-vfw7: Cache poisoning in React Server Component responses\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eLow:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-vfv6-92ff-j949\"\u003eGHSA-vfv6-92ff-j949: Cache poisoning via collisions in React Server Component cache-busting\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-3g8h-86w9-wvmq\"\u003eGHSA-3g8h-86w9-wvmq: Middleware / Proxy redirects can be cache-poisoned\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev15.5.16\u003c/h2\u003e\n\u003cp\u003eThis release contains security fixes for the following advisories:\u003c/p\u003e\n\u003cp\u003eHigh:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-8h8q-6873-q5fj\"\u003eGHSA-8h8q-6873-q5fj: Denial of Service with Server Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-267c-6grr-h53f\"\u003eGHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-mg66-mrh9-m8jx\"\u003eGHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-492v-c6pp-mqqv\"\u003eGHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-c4j6-fc7j-m34r\"\u003eGHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-36qx-fr4f-26g5\"\u003eGHSA-36qx-fr4f-26g5: Middleware / Proxy bypass in Pages Router applications using i18n\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eModerate:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-ffhc-5mcf-pf4q\"\u003eGHSA-ffhc-5mcf-pf4q: Cross-site scripting in App Router applications using CSP nonces\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-gx5p-jg67-6x7h\"\u003eGHSA-gx5p-jg67-6x7h: Cross-site scripting in beforeInteractive scripts with untrusted input\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-h64f-5h5j-jqjh\"\u003eGHSA-h64f-5h5j-jqjh: Denial of Service in the Image Optimization API\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-wfc6-r584-vfw7\"\u003eGHSA-wfc6-r584-vfw7: Cache poisoning in React Server Component responses\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eLow:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-vfv6-92ff-j949\"\u003eGHSA-vfv6-92ff-j949: Cache poisoning via collisions in React Server Component cache-busting\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-3g8h-86w9-wvmq\"\u003eGHSA-3g8h-86w9-wvmq: Middleware / Proxy redirects can be cache-poisoned\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev15.5.15\u003c/h2\u003e\n\u003cp\u003ePlease refer the following changelogs for more information about this security release:\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://vercel.com/changelog/summary-of-cve-2026-23869\"\u003ehttps://vercel.com/changelog/summary-of-cve-2026-23869\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev15.5.14\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/9ff92cebcaa6ba4e7463b6fd037a8510ba9b81ec\"\u003e\u003ccode\u003e9ff92ce\u003c/code\u003e\u003c/a\u003e v15.5.18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/00ebe23562bd7eb32dd78730984bfadb47138bcf\"\u003e\u003ccode\u003e00ebe23\u003c/code\u003e\u003c/a\u003e [backport] Disable build caches for production/staging/force-preview deploys ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/62c97ab0b5825e2cbc15f6b682d8286a8dd6a038\"\u003e\u003ccode\u003e62c97ab\u003c/code\u003e\u003c/a\u003e v15.5.17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/423623ae38c106273085b66946ee5bf9aab77f2c\"\u003e\u003ccode\u003e423623a\u003c/code\u003e\u003c/a\u003e Turbopack: Match proxy matchers with webpack implementation (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93594\"\u003e#93594\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/fa787399b38d9aa702118f9bd23a8315b9f0ecc6\"\u003e\u003ccode\u003efa78739\u003c/code\u003e\u003c/a\u003e Turbopack: Fix middleware matcher suffix (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93590\"\u003e#93590\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/36e62c6eb7813e42d409eb487f93b829f4ad77e8\"\u003e\u003ccode\u003e36e62c6\u003c/code\u003e\u003c/a\u003e [backport] Turbopack: more strict vergen setup (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93588\"\u003e#93588\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/36589b5db512b7704cdadd873cbe49b6dbcc9261\"\u003e\u003ccode\u003e36589b5\u003c/code\u003e\u003c/a\u003e [backport][test] Pin package manager to patch versions (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93596\"\u003e#93596\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/ad6fd4e50e5aba20b60d283c42b89273a3167ccd\"\u003e\u003ccode\u003ead6fd4e\u003c/code\u003e\u003c/a\u003e v15.5.16\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/79d7dff1448483f0c8f187f98887b31019f6e494\"\u003e\u003ccode\u003e79d7dff\u003c/code\u003e\u003c/a\u003e Ignore malformed CSP nonce headers (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/c4f69086cc8dcbd81b1dbc321c98ea874d90d6f8\"\u003e\u003ccode\u003ec4f6908\u003c/code\u003e\u003c/a\u003e router-server: guard upgrade proxy against absolute-url SSRF (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/77\"\u003e#77\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vercel/next.js/compare/v9.2.1...v15.5.18\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for next since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ajv` from 6.10.2 to 6.15.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ajv-validator/ajv/releases\"\u003eajv's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.12.6\u003c/h2\u003e\n\u003cp\u003eFix performance issue of \u0026quot;url\u0026quot; format.\u003c/p\u003e\n\u003ch2\u003ev6.12.5\u003c/h2\u003e\n\u003cp\u003eFix uri scheme validation (\u003ca href=\"https://github.com/ChALkeR\"\u003e\u003ccode\u003e@​ChALkeR\u003c/code\u003e\u003c/a\u003e).\nFix boolean schemas with strictKeywords option (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/1270\"\u003e#1270\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003ev6.12.4\u003c/h2\u003e\n\u003cp\u003eFix: coercion of one-item arrays to scalar that should fail validation (\u003ca href=\"https://runkit.com/esp/5f3672ba2f6642001ae27411\"\u003efailing example\u003c/a\u003e).\u003c/p\u003e\n\u003ch2\u003ev6.12.3\u003c/h2\u003e\n\u003cp\u003ePass schema object to processCode function\nOption for strictNumbers (\u003ca href=\"https://github.com/issacgerges\"\u003e\u003ccode\u003e@​issacgerges\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/1128\"\u003e#1128\u003c/a\u003e)\nFixed vulnerability related to untrusted schemas (\u003ca href=\"https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CVE-2020-15366\"\u003eCVE-2020-15366\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003ev6.12.2\u003c/h2\u003e\n\u003cp\u003eRemoved post-install script\u003c/p\u003e\n\u003ch2\u003ev6.12.1\u003c/h2\u003e\n\u003cp\u003eDocs and dependency updates\u003c/p\u003e\n\u003ch2\u003ev6.12.0\u003c/h2\u003e\n\u003cp\u003eImproved hostname validation (\u003ca href=\"https://github.com/sambauers\"\u003e\u003ccode\u003e@​sambauers\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/1143\"\u003e#1143\u003c/a\u003e)\nOption \u003ccode\u003ekeywords\u003c/code\u003e to add custom keywords (\u003ca href=\"https://github.com/franciscomorais\"\u003e\u003ccode\u003e@​franciscomorais\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/1137\"\u003e#1137\u003c/a\u003e)\nTypes fixes (\u003ca href=\"https://github.com/boenrobot\"\u003e\u003ccode\u003e@​boenrobot\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/MattiAstedrone\"\u003e\u003ccode\u003e@​MattiAstedrone\u003c/code\u003e\u003c/a\u003e)\nDocs:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/epoberezkin/ajv#error-logging\"\u003eerror logging\u003c/a\u003e example (\u003ca href=\"https://github.com/RadiationSickness\"\u003e\u003ccode\u003e@​RadiationSickness\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTypeScript usage notes (\u003ca href=\"https://github.com/thetric\"\u003e\u003ccode\u003e@​thetric\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.11.0\u003c/h2\u003e\n\u003cp\u003eTime formats support two digit and colon-less variants of timezone offset (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/1061\"\u003e#1061\u003c/a\u003e , \u003ca href=\"https://github.com/cjpillsbury\"\u003e\u003ccode\u003e@​cjpillsbury\u003c/code\u003e\u003c/a\u003e)\nDocs: RegExp related security considerations\nTests: Disabled failing typescript test\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/184bc32745d9d33b2322949b9f3cb5f7609bf5ec\"\u003e\u003ccode\u003e184bc32\u003c/code\u003e\u003c/a\u003e 6.15.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/fea46afd1a76b12ff89493f6dc1bc46730c6d379\"\u003e\u003ccode\u003efea46af\u003c/code\u003e\u003c/a\u003e test/fix prototype pollution via $data ref with format keyword (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2606\"\u003e#2606\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/e3af0a723b4b7ad86eff43be355c706d31e0e915\"\u003e\u003ccode\u003ee3af0a7\u003c/code\u003e\u003c/a\u003e 6.14.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/b552ed66191eb338498df3196065c777e3bb71f2\"\u003e\u003ccode\u003eb552ed6\u003c/code\u003e\u003c/a\u003e add regExp option to address $data exploit via a regular expression (CVE-2025...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/72f228665859eed5e2be3a66f8c4a7aff6b34dcf\"\u003e\u003ccode\u003e72f2286\u003c/code\u003e\u003c/a\u003e docs: update v7 info\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/231e52b3bca62559202b95e5fb5cee02145b226a\"\u003e\u003ccode\u003e231e52b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/1320\"\u003e#1320\u003c/a\u003e from philsturgeon/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/d3475fc20416c33fe030c8aa3b09fa411f325bbd\"\u003e\u003ccode\u003ed3475fc\u003c/code\u003e\u003c/a\u003e Add spectral, an AJV util from a sponsor\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/413afe01f518ea74d1740a7cb211df787c585544\"\u003e\u003ccode\u003e413afe0\u003c/code\u003e\u003c/a\u003e docs: v7.0.0-beta.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/11e997bda2f3eecb445c1e5a07d96ef7e81c5f5d\"\u003e\u003ccode\u003e11e997b\u003c/code\u003e\u003c/a\u003e update readme for v7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/fe591439f34e24030f69df9eb8d91e6d037a3af7\"\u003e\u003ccode\u003efe59143\u003c/code\u003e\u003c/a\u003e 6.12.6\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v6.10.2...v6.15.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `brace-expansion` from 1.1.11 to 1.1.14\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/juliangruber/brace-expansion/releases\"\u003ebrace-expansion's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.1.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003epkg: publish on tag 1.x  c460dbd\u003c/li\u003e\n\u003cli\u003efmt  ccb8ac6\u003c/li\u003e\n\u003cli\u003eFix potential ReDoS Vulnerability or Inefficient Regular Expression (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/65\"\u003e#65\u003c/a\u003e)  c3c73c8\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v1.1.11...v1.1.12\"\u003ehttps://github.com/juliangruber/brace-expansion/compare/v1.1.11...v1.1.12\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/10c05fcf3699b1a29ef5e611c011af3d3c97e6e3\"\u003e\u003ccode\u003e10c05fc\u003c/code\u003e\u003c/a\u003e 1.1.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/1afa1b22ead12f6a7a02f25bf0f7d64c2439b007\"\u003e\u003ccode\u003e1afa1b2\u003c/code\u003e\u003c/a\u003e Add opt-in { max } mitigation to v1 legacy line (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/2fbb6a2aa0f984bb2fb5f60252ca6cba3e1368ec\"\u003e\u003ccode\u003e2fbb6a2\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/0d7652e3093d3273151729812f9b0b79a17ecba6\"\u003e\u003ccode\u003e0d7652e\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/6c353caf23beb9644f858eb3fe38d43a68b82898\"\u003e\u003ccode\u003e6c353ca\u003c/code\u003e\u003c/a\u003e 1.1.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2\"\u003e\u003ccode\u003e7fd684f\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-f886-m6hf-6m8v (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/95\"\u003e#95\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/44f33b47c5c6a965d507421af43e86cf5971d711\"\u003e\u003ccode\u003e44f33b4\u003c/code\u003e\u003c/a\u003e 1.1.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/c460dbd68e428d147b2080622d8ce126c7a08570\"\u003e\u003ccode\u003ec460dbd\u003c/code\u003e\u003c/a\u003e pkg: publish on tag 1.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/ccb8ac6d4292b7661b677fe048ba6690c877f51f\"\u003e\u003ccode\u003eccb8ac6\u003c/code\u003e\u003c/a\u003e fmt\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/c3c73c8b088defc70851843be88ccc3af08e7217\"\u003e\u003ccode\u003ec3c73c8\u003c/code\u003e\u003c/a\u003e Fix potential ReDoS Vulnerability or Inefficient Regular Expression (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/65\"\u003e#65\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/1.1.11...v1.1.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `js-yaml` from 3.13.1 to 3.14.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md\"\u003ejs-yaml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[3.14.2] - 2025-11-15\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackported v4.1.1 fix to v3\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.1.1] - 2025-11-12\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix prototype pollution issue in yaml merge (\u0026lt;\u0026lt;) operator.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.1.0] - 2021-04-15\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eTypes are now exported as \u003ccode\u003eyaml.types.XXX\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eEvery type now has \u003ccode\u003eoptions\u003c/code\u003e property with original arguments kept as they were\n(see \u003ccode\u003eyaml.types.int.options\u003c/code\u003e as an example).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eSchema.extend()\u003c/code\u003e now keeps old type order in case of conflicts\n(e.g. Schema.extend([ a, b, c ]).extend([ b, a, d ]) is now ordered as \u003ccode\u003eabcd\u003c/code\u003e instead of \u003ccode\u003ecbad\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.0.0] - 2021-01-03\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCheck \u003ca href=\"https://github.com/nodeca/js-yaml/blob/master/migrate_v3_to_v4.md\"\u003emigration guide\u003c/a\u003e to see details for all breaking changes.\u003c/li\u003e\n\u003cli\u003eBreaking: \u0026quot;unsafe\u0026quot; tags \u003ccode\u003e!!js/function\u003c/code\u003e, \u003ccode\u003e!!js/regexp\u003c/code\u003e, \u003ccode\u003e!!js/undefined\u003c/code\u003e are\nmoved to \u003ca href=\"https://github.com/nodeca/js-yaml-js-types\"\u003ejs-yaml-js-types\u003c/a\u003e package.\u003c/li\u003e\n\u003cli\u003eBreaking: removed \u003ccode\u003esafe*\u003c/code\u003e functions. Use \u003ccode\u003eload\u003c/code\u003e, \u003ccode\u003eloadAll\u003c/code\u003e, \u003ccode\u003edump\u003c/code\u003e\ninstead which are all now safe by default.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eyaml.DEFAULT_SAFE_SCHEMA\u003c/code\u003e and \u003ccode\u003eyaml.DEFAULT_FULL_SCHEMA\u003c/code\u003e are removed, use\n\u003ccode\u003eyaml.DEFAULT_SCHEMA\u003c/code\u003e instead.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eyaml.Schema.create(schema, tags)\u003c/code\u003e is removed, use \u003ccode\u003eschema.extend(tags)\u003c/code\u003e instead.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e!!binary\u003c/code\u003e now always mapped to \u003ccode\u003eUint8Array\u003c/code\u003e on load.\u003c/li\u003e\n\u003cli\u003eReduced nesting of \u003ccode\u003e/lib\u003c/code\u003e folder.\u003c/li\u003e\n\u003cli\u003eParse numbers according to YAML 1.2 instead of YAML 1.1 (\u003ccode\u003e01234\u003c/code\u003e is now decimal,\n\u003ccode\u003e0o1234\u003c/code\u003e is octal, \u003ccode\u003e1:23\u003c/code\u003e is parsed as string instead of base60).\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edump()\u003c/code\u003e no longer quotes \u003ccode\u003e:\u003c/code\u003e, \u003ccode\u003e[\u003c/code\u003e, \u003ccode\u003e]\u003c/code\u003e, \u003ccode\u003e(\u003c/code\u003e, \u003ccode\u003e)\u003c/code\u003e except when necessary, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/470\"\u003e#470\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/557\"\u003e#557\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eLine and column in exceptions are now formatted as \u003ccode\u003e(X:Y)\u003c/code\u003e instead of\n\u003ccode\u003eat line X, column Y\u003c/code\u003e (also present in compact format), \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/332\"\u003e#332\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eCode snippet created in exceptions now contains multiple lines with line numbers.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edump()\u003c/code\u003e now serializes \u003ccode\u003eundefined\u003c/code\u003e as \u003ccode\u003enull\u003c/code\u003e in collections and removes keys with\n\u003ccode\u003eundefined\u003c/code\u003e in mappings, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/571\"\u003e#571\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edump()\u003c/code\u003e with \u003ccode\u003eskipInvalid=true\u003c/code\u003e now serializes invalid items in collections as null.\u003c/li\u003e\n\u003cli\u003eCustom tags starting with \u003ccode\u003e!\u003c/code\u003e are now dumped as \u003ccode\u003e!tag\u003c/code\u003e instead of \u003ccode\u003e!\u0026lt;!tag\u0026gt;\u003c/code\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/576\"\u003e#576\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eCustom tags starting with \u003ccode\u003etag:yaml.org,2002:\u003c/code\u003e are now shorthanded using \u003ccode\u003e!!\u003c/code\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/258\"\u003e#258\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003e.mjs\u003c/code\u003e (es modules) support.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003equotingType\u003c/code\u003e and \u003ccode\u003eforceQuotes\u003c/code\u003e options for dumper to configure\nstring literal style, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/290\"\u003e#290\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/529\"\u003e#529\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003estyles: { '!!null': 'empty' }\u003c/code\u003e option for dumper\n(serializes \u003ccode\u003e{ foo: null }\u003c/code\u003e as \u0026quot;\u003ccode\u003efoo: \u003c/code\u003e\u0026quot;), \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/570\"\u003e#570\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/9963d366dfbde0c69722452bcd40b41e7e4160a0\"\u003e\u003ccode\u003e9963d36\u003c/code\u003e\u003c/a\u003e 3.14.2 released\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/10d3c8e70a6888543f5cdb656bb39f73e0ea77c1\"\u003e\u003ccode\u003e10d3c8e\u003c/code\u003e\u003c/a\u003e dist rebuild\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/5278870a17454fe8621dbd8c445c412529525266\"\u003e\u003ccode\u003e5278870\u003c/code\u003e\u003c/a\u003e fix prototype pollution in merge (\u0026lt;\u0026lt;) (\u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/731\"\u003e#731\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/37caaad57dc37d350d9a4577a5da53f482bb2983\"\u003e\u003ccode\u003e37caaad\u003c/code\u003e\u003c/a\u003e 3.14.1 released\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/094c0f7a79e6ff9e2b4d50b22686d2586894b58f\"\u003e\u003ccode\u003e094c0f7\u003c/code\u003e\u003c/a\u003e dist rebuild\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/9586ebe23298427d26b3479979bd6499bf3a14c2\"\u003e\u003ccode\u003e9586ebe\u003c/code\u003e\u003c/a\u003e Avoid calling hasOwnProperty of user-controlled objects\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/34e5072f43fd36b08aaaad433da73c10d47c41e5\"\u003e\u003ccode\u003e34e5072\u003c/code\u003e\u003c/a\u003e 3.14.0 released\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/7b25c83a6dc77097c2bf14bf714e168f60ee199b\"\u003e\u003ccode\u003e7b25c83\u003c/code\u003e\u003c/a\u003e Browser files rebuild\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/6f7347396867b8dcfc042722c2aae810dfe4caae\"\u003e\u003ccode\u003e6f73473\u003c/code\u003e\u003c/a\u003e Dev deps bump\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/0c293491d903cddcd41b41c165bc45eeb9a8d720\"\u003e\u003ccode\u003e0c29349\u003c/code\u003e\u003c/a\u003e Travis-CI: drop old nodejs versions\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nodeca/js-yaml/compare/3.13.1...3.14.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jws` from 3.2.2 to 3.2.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/brianloveswords/node-jws/releases\"\u003ejws's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.2.3\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix advisory GHSA-869p-cjfg-cm3x: createSign and createVerify now require\nthat a non empty secret is provided (via opts.secret, opts.privateKey or opts.key)\nwhen using HMAC algorithms.\u003c/li\u003e\n\u003cli\u003eUpgrading JWA version to 1.4.2, addressing a compatibility issue for Node \u0026gt;= 25.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/auth0/node-jws/blob/master/CHANGELOG.md\"\u003ejws's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[3.2.3]\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix advisory GHSA-869p-cjfg-cm3x: createSign and createVerify now require\nthat a non empty secret is provided (via opts.secret, opts.privateKey or opts.key)\nwhen using HMAC algorithms.\u003c/li\u003e\n\u003cli\u003eUpgrading JWA version to 1.4.2, adressing a compatibility issue for Node \u0026gt;= 25.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.0.0]\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eBREAKING\u003c/strong\u003e: \u003ccode\u003ejwt.verify\u003c/code\u003e now requires an \u003ccode\u003ealgorithm\u003c/code\u003e parameter, and\n\u003ccode\u003ejws.createVerify\u003c/code\u003e requires an \u003ccode\u003ealgorithm\u003c/code\u003e option. The \u003ccode\u003e\u0026quot;alg\u0026quot;\u003c/code\u003e field\nsignature headers is ignored. This mitigates a critical security flaw\nin the library which would allow an attacker to generate signatures with\narbitrary contents that would be accepted by \u003ccode\u003ejwt.verify\u003c/code\u003e. See\n\u003ca href=\"https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/\"\u003ehttps://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/\u003c/a\u003e\nfor details.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/brianloveswords/node-jws/compare/v1.0.1...v2.0.0\"\u003e2.0.0\u003c/a\u003e - 2015-01-30\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eBREAKING\u003c/strong\u003e: Default payload encoding changed from \u003ccode\u003ebinary\u003c/code\u003e to\n\u003ccode\u003eutf8\u003c/code\u003e. \u003ccode\u003eutf8\u003c/code\u003e is a is a more sensible default than \u003ccode\u003ebinary\u003c/code\u003e because\nmany payloads, as far as I can tell, will contain user-facing\nstrings that could be in any language. (\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/brianloveswords/node-jws/commit/6b6de48\"\u003e6b6de48\u003c/a\u003e\u003c!-- raw HTML omitted --\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCode reorganization, thanks \u003ca href=\"https://github.com/fearphage\"\u003e\u003ccode\u003e@​fearphage\u003c/code\u003e\u003c/a\u003e! (\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/brianloveswords/node-jws/commit/7880050\"\u003e7880050\u003c/a\u003e\u003c!-- raw HTML omitted --\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eOption in all relevant methods for \u003ccode\u003eencoding\u003c/code\u003e. For those few users\nthat might be depending on a \u003ccode\u003ebinary\u003c/code\u003e encoding of the messages, this\nis for them. (\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/brianloveswords/node-jws/commit/6b6de48\"\u003e6b6de48\u003c/a\u003e\u003c!-- raw HTML omitted --\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/auth0/node-jws/commit/4f6e73f24df42f07d632dec6431ade8eda8d11a6\"\u003e\u003ccode\u003e4f6e73f\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/auth0/node-jws/commit/bd0fea57f35a97b6749a632b19ae5100d6d35729\"\u003e\u003ccode\u003ebd0fea5\u003c/code\u003e\u003c/a\u003e version 3.2.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/auth0/node-jws/commit/7c3b4b411004c206af8901fa3f8e644127bbf8d9\"\u003e\u003ccode\u003e7c3b4b4\u003c/code\u003e\u003c/a\u003e Enhance tests for HMAC streaming sign and verify\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/auth0/node-jws/commit/a9b8ed999de8f8fff486ac9167514577a0fae323\"\u003e\u003ccode\u003ea9b8ed9\u003c/code\u003e\u003c/a\u003e Improve secretOrKey initialization in VerifyStream\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/auth0/node-jws/commit/6707fde62cbae465a7f11e52760fb994dbc0e0dc\"\u003e\u003ccode\u003e6707fde\u003c/code\u003e\u003c/a\u003e Improve secret handling in SignStream\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/brianloveswords/node-jws/compare/v3.2.2...v3.2.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~julien.wollscheid\"\u003ejulien.wollscheid\u003c/a\u003e, a new releaser for jws since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 3.0.4 to 3.1.5\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7bba97888a27a6162983056bcce2a6e28f668712\"\u003e\u003ccode\u003e7bba978\u003c/code\u003e\u003c/a\u003e 3.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/bd259425b2ca17b42897997f93e890314155522d\"\u003e\u003ccode\u003ebd25942\u003c/code\u003e\u003c/a\u003e docs: add warning about ReDoS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a9c27c75725474dbde57db2995b6281b267756d\"\u003e\u003ccode\u003e1a9c27c\u003c/code\u003e\u003c/a\u003e fix partial matching of globstar patterns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a2e084af579731af66c221214e3ca8222c9bf23\"\u003e\u003ccode\u003e1a2e084\u003c/code\u003e\u003c/a\u003e 3.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/ae24656237c3d58067442f790ce17eff84463a47\"\u003e\u003ccode\u003eae24656\u003c/code\u003e\u003c/a\u003e update lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/b1003749228b2a79e1f237963a0d559ef7a0941e\"\u003e\u003ccode\u003eb100374\u003c/code\u003e\u003c/a\u003e limit recursion for **, improve perf considerably\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/26ffeaa091b9f660833e23f42e07165b33e85c13\"\u003e\u003ccode\u003e26ffeaa\u003c/code\u003e\u003c/a\u003e lockfile update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/9eca892a4e5dbb20534f9f30483b85cdeee6c2eb\"\u003e\u003ccode\u003e9eca892\u003c/code\u003e\u003c/a\u003e lock node version to 14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/00c323b188b704e5d4bc534ecec2268cfa70a32a\"\u003e\u003ccode\u003e00c323b\u003c/code\u003e\u003c/a\u003e 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/30486b2048929264f44d18822891cfffa02af78b\"\u003e\u003ccode\u003e30486b2\u003c/code\u003e\u003c/a\u003e update CI matrix and actions\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v3.0.4...v3.1.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `picomatch` from 2.1.1 to 2.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/releases\"\u003epicomatch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.3.2\u003c/h2\u003e\n\u003cp\u003eThis is a security release fixing several security relevant issues.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: exception when glob pattern contains constructor by \u003ca href=\"https://github.com/Jason3S\"\u003e\u003ccode\u003e@​Jason3S\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/micromatch/picomatch/pull/144\"\u003emicromatch/picomatch#144\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj\"\u003eCVE-2026-33671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p\"\u003eCVE-2026-33672\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ehttps://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e2.3.1\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixes bug when a pattern containing an expression after the closing parenthesis (\u003ccode\u003e/!(*.d).{ts,tsx}\u003c/code\u003e) was incorrectly converted to regexp (\u003ca href=\"https://github.com/micromatch/picomatch/commit/9f241ef\"\u003e9f241ef\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSome documentation improvements (\u003ca href=\"https://github.com/micromatch/picomatch/commit/f81d236\"\u003ef81d236\u003c/a\u003e, \u003ca href=\"https://github.com/micromatch/picomatch/commit/421e0e7\"\u003e421e0e7\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.3\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDo not skip pattern seperator for square brackets (\u003ca href=\"https://github.com/micromatch/picomatch/commit/fb08a30\"\u003efb08a30\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eSet negatedExtGlob also if it does not span the whole pattern (\u003ca href=\"https://github.com/micromatch/picomatch/commit/032e3f5\"\u003e032e3f5\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.2\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md\"\u003epicomatch's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eRelease history\u003c/h1\u003e\n\u003cp\u003e\u003cstrong\u003eAll notable changes to this project will be documented in this file.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"http://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e\nand this project adheres to \u003ca href=\"http://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003eChangelogs are for humans, not machines.\u003c/li\u003e\n\u003cli\u003eThere should be an entry for every single version.\u003c/li\u003e\n\u003cli\u003eThe same types of changes should be grouped.\u003c/li\u003e\n\u003cli\u003eVersions and sections should be linkable.\u003c/li\u003e\n\u003cli\u003eThe latest version comes first.\u003c/li\u003e\n\u003cli\u003eThe release date of each versions is displayed.\u003c/li\u003e\n\u003cli\u003eMention whether you follow Semantic Versioning.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003eChangelog entries are classified using the following labels \u003cem\u003e(from \u003ca href=\"http://keepachangelog.com/\"\u003ekeep-a-changelog\u003c/a\u003e\u003c/em\u003e):\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eAdded\u003c/code\u003e for new features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eChanged\u003c/code\u003e for changes in existing functionality.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eDeprecated\u003c/code\u003e for soon-to-be removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRemoved\u003c/code\u003e for now removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFixed\u003c/code\u003e for any bug fixes.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eSecurity\u003c/code\u003e in case of vulnerabilities.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003e4.0.0 (2024-02-07)\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bad text values in parse \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/126\"\u003e#126\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/connor4312\"\u003e\u003ccode\u003e@​connor4312\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRemove process global to work outside of node \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/129\"\u003e#129\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/styfle\"\u003e\u003ccode\u003e@​styfle\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd sideEffects to package.json \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/128\"\u003e#128\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/frandiox\"\u003e\u003ccode\u003e@​frandiox\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemoved \u003ccode\u003eos\u003c/code\u003e, make compatible browser environment. See \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/124\"\u003e#124\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/gwsbhqt\"\u003e\u003ccode\u003e@​gwsbhqt\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.1\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/81cba8d4b767cab3cb29d26eb4f691eed75b73b2\"\u003e\u003ccode\u003e81cba8d\u003c/code\u003e\u003c/a\u003e Publish 2.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/fc1f6b69006e9435caf8fb40d8aff378bc0b7bce\"\u003e\u003ccode\u003efc1f6b6\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/eec17aee5428a7249e9ca5adbb8a0d28fa29619b\"\u003e\u003ccode\u003eeec17ae\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/78f8ca4362d9e66cadea97b93e292f10096452ed\"\u003e\u003ccode\u003e78f8ca4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/156\"\u003e#156\u003c/a\u003e from micromatch/backport-144\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/3f4f10eaa65bf3a52e8f2999674cd27e11fa3c9b\"\u003e\u003ccode\u003e3f4f10e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/144\"\u003e#144\u003c/a\u003e from Jason3S/jdent-object-properties\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/5467a5a9638472610de4f30709991b9a56bb5613\"\u003e\u003ccode\u003e5467a5a\u003c/code\u003e\u003c/a\u003e 2.3.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/9f241efedc15a21bcec1edafd43ee773ceb4bc35\"\u003e\u003ccode\u003e9f241ef\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/102\"\u003e#102\u003c/a\u003e from micromatch/ISSUE-93_incorrect_extglob_expanding\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/ac3cb660ca76764627aa825676df59378dd60bcd\"\u003e\u003ccode\u003eac3cb66\u003c/code\u003e\u003c/a\u003e fix: support stars in negation extglobs with expression after closing parenth...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/719d348d8a01cf23c6c10568191c1ad5a3fc33e3\"\u003e\u003ccode\u003e719d348\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/85\"\u003e#85\u003c/a\u003e from XhmikosR/codeql\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/ac74e57b38a0d16de8e1752a62003e49c1622cec\"\u003e\u003ccode\u003eac74e57\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/91\"\u003e#91\u003c/a\u003e from XhmikosR/patch-1\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.1.1...2.3.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~danez\"\u003edanez\u003c/a\u003e, a new releaser for picomatch since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `postcss` from 7.0.21 to 8.4.31\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/releases\"\u003epostcss's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.4.31\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003e\\r\u003c/code\u003e parsing to fix CVE-2023-44270.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.4.30\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map performance (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.4.29\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eNode#source.offset\u003c/code\u003e (by \u003ca href=\"https://github.com/idoros\"\u003e\u003ccode\u003e@​idoros\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFixed docs (by \u003ca href=\"https://github.com/coliff\"\u003e\u003ccode\u003e@​coliff\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.4.28\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eRoot.source.end\u003c/code\u003e for better source map (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eResult.root\u003c/code\u003e types when \u003ccode\u003eprocess()\u003c/code\u003e has no parser.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.4.27\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eContainer\u003c/code\u003e clone methods types.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.4.26\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed clone methods types.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.4.25\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImprove stringify performance (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFixed docs (by \u003ca href=\"https://github.com/vikaskaliramna07\"\u003e\u003ccode\u003e@​vikaskaliramna07\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.4.24\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003ePlugin\u003c/code\u003e types.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.4.23\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed warnings in TypeDoc.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.4.22\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed TypeScript support with \u003ccode\u003enode16\u003c/code\u003e (by \u003ca href=\"https://github.com/remcohaszing\"\u003e\u003ccode\u003e@​remcohaszing\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.4.21\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eInput#error\u003c/code\u003e types (by \u003ca href=\"https://github.com/hudochenkov\"\u003e\u003ccode\u003e@​hudochenkov\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.4.20\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed source map generation for childless at-rules like \u003ccode\u003e@layer\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.4.19\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed whitespace preserving after AST transformations (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.4.18\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an error on \u003ccode\u003eabsolute: true\u003c/code\u003e with empty \u003ccode\u003esourceContent\u003c/code\u003e (by \u003ca href=\"https://github.com/KingSora\"\u003e\u003ccode\u003e@​KingSora\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.4.17\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eNode.before()\u003c/code\u003e unexpected behavior (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eAdded TOC to docs (by \u003ca href=\"https://github.com/muddv\"\u003e\u003ccode\u003e@​muddv\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.4.16\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/blob/main/CHANGELOG.md\"\u003epostcss's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.4.31\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003e\\r\u003c/code\u003e parsing to fix CVE-2023-44270.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.4.30\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map performance (by Romain Menke).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.4.29\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eNode#source.offset\u003c/code\u003e (by Ido Rosenthal).\u003c/li\u003e\n\u003cli\u003eFixed docs (by Christian Oliff).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.4.28\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eRoot.source.end\u003c/code\u003e for better source map (by Romain Menke).\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eResult.root\u003c/code\u003e types when \u003ccode\u003eprocess()\u003c/code\u003e has no parser.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.4.27\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eContainer\u003c/code\u003e clone methods types.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.4.26\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed clone methods types.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.4.25\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImprove stringify performance (by Romain Menke).\u003c/li\u003e\n\u003cli\u003eFixed docs (by \u003ca href=\"https://github.com/vikaskaliramna07\"\u003e\u003ccode\u003e@​vikaskaliramna07\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.4.24\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003ePlugin\u003c/code\u003e types.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.4.23\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed warnings in TypeDoc.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.4.22\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed TypeScript support with \u003ccode\u003enode16\u003c/code\u003e (by Remco Haszing).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.4.21\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eInput#error\u003c/code\u003e types (by Aleks Hudochenkov).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.4.20\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed source map generation for childless at-rules like \u003ccode\u003e@layer\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/90208de8805dd762596c0028b8637ffbed23e371\"\u003e\u003ccode\u003e90208de\u003c/code\u003e\u003c/a\u003e Release 8.4.31 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/58cc860b4c1707510c9cd1bc1fa30b423a9ad6c5\"\u003e\u003ccode\u003e58cc860\u003c/code\u003e\u003c/a\u003e Fix carrier return parsing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/4fff8e4cdc237619df1d73a444c0a8329701c1e2\"\u003e\u003ccode\u003e4fff8e4\u003c/code\u003e\u003c/a\u003e Improve pnpm test output\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/cd43ed123274a92ebc13a1e8cccf1d65b8198f84\"\u003e\u003ccode\u003ecd43ed1\u003c/code\u003e\u003c/a\u003e Update dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/caa916bdcbf66c51321574e2dde112ab13e8b306\"\u003e\u003ccode\u003ecaa916b\u003c/code\u003e\u003c/a\u003e Update dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/8972f76923e921a3c9655822382039b31b1c8e1a\"\u003e\u003ccode\u003e8972f76\u003c/code\u003e\u003c/a\u003e Typo\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/11a5286f781d2a637f2c545c5e9cd661055acaab\"\u003e\u003ccode\u003e11a5286\u003c/code\u003e\u003c/a\u003e Typo\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/45c55017776fc61f7815d1ea8e92d5291ca5d6c8\"\u003e\u003ccode\u003e45c5501\u003c/code\u003e\u003c/a\u003e Release 8.4.30 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/bc3c341f589f9c15f1b56838a33d908374e537e0\"\u003e\u003ccode\u003ebc3c341\u003c/code\u003e\u003c/a\u003e Update linter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/b2be58a2eb788d12474ee1335f8ecdb9fa6225aa\"\u003e\u003ccode\u003eb2be58a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/postcss/postcss/issues/1881\"\u003e#1881\u003c/a\u003e from romainmenke/improve-sourcemap-performance--phil...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/postcss/postcss/compare/7.0.21...8.4.31\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `protobufjs` from 6.8.8 to 6.11.6\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protobufjs/protobuf.js/blob/master/CHANGELOG.md\"\u003eprotobufjs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v8.3.0...protobufjs-v8.4.0\"\u003e8.4.0\u003c/a\u003e (2026-05-18)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport BigInt conversions (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2257\"\u003e#2257\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/36873e69285251a7b6db8d14c8858fc31ef521d8\"\u003e36873e6\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v8.2.1...protobufjs-v8.3.0\"\u003e8.3.0\u003c/a\u003e (2026-05-13)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImprove generated typings (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2244\"\u003e#2244\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/faa424e3837fe43f1f010b0ccdeb583d808a57cf\"\u003efaa424e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v8.2.0...protobufjs-v8.2.1\"\u003e8.2.1\u003c/a\u003e (2026-05-13)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eConsolidate depth limit checks (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2246\"\u003e#2246\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/9050289ad214ea351d3b030cbc74385e81e02d79\"\u003e9050289\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePreserve explicit enum zero if not the default (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2249\"\u003e#2249\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/9621b35eb1f6bbecf098f8f5ba59e8d02eca7524\"\u003e9621b35\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance Improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSlightly optimize generated code (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2242\"\u003e#2242\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/c41160cda6a5f65b0960b194e7f32dd7e7d5ed49\"\u003ec41160c\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v8.0.3...protobufjs-v8.2.0\"\u003e8.2.0\u003c/a\u003e (2026-05-09)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd finishInto() for zero-copy serialization into existing buffers (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2196\"\u003e#2196\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/657d6f1328fa9bb55c5be2b8055e68f8da4da98b\"\u003e657d6f1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd textformat extension (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2233\"\u003e#2233\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/4639e2960789f4cc58af1908934caaf14c1fadbc\"\u003e4639e29\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e Add optional protoc-gen-pbjs plugin (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2231\"\u003e#2231\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/c9b6a2d2a6f81dd78812a6ce177fa7a5f9de885d\"\u003ec9b6a2d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e Align json-module with static-module output (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2227\"\u003e#2227\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/a015091a5862bdae9eb213b6554ab7e5b36187cb\"\u003ea015091\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRoundtrip unknown fields (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2209\"\u003e#2209\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/76fa03c252542b607e4c81a4fe4db12aa1f948af\"\u003e76fa03c\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAccept URL-safe base64 input (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2207\"\u003e#2207\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/57a3821de0d2ffdac06973be49554dea0332bb7f\"\u003e57a3821\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAlso resolve common definitions by file name (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2218\"\u003e#2218\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/e533950dbdc1a5e31ca3611e711a9042019c18c3\"\u003ee533950\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eApply oneof last-value wins during decode (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2193\"\u003e#2193\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/cf35cdc23237c06e7de603fa8fe36e47b7c037e0\"\u003ecf35cdc\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eConsistently handle scalar map keys (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2186\"\u003e#2186\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/29b11834520bc4ab0bb377933e4efefbf95f93b2\"\u003e29b1183\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eConsistently reject truncated strings (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2205\"\u003e#2205\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/689e911efa3b7e81ea20f29ae2cd725566891c6a\"\u003e689e911\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCorrect parsedOptions TypeScript types (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2217\"\u003e#2217\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/dbe8d7775a46bebaf644461dce586fa29be242f6\"\u003edbe8d77\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDecode bool values from full varints (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2192\"\u003e#2192\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/7b8d5c111a5e517be219872fb36f4dcfe2b6d371\"\u003e7b8d5c1\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/869caf6a071d4412fc0dcee2f7ae25aa5d7b0474\"\u003e\u003ccode\u003e869caf6\u003c/code\u003e\u003c/a\u003e chore: rebuild and release 6.11.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/086916b4a52c9f73ce88956edbb38fc902e54bbf\"\u003e\u003ccode\u003e086916b\u003c/code\u003e\u003c/a\u003e fix: filter invalid characters from the type name (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2127\"\u003e#2127\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2221\"\u003e#2221\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/70544eed42e9c58fb70deedc5454ce1b1b61dbaf\"\u003e\u003ccode\u003e70544ee\u003c/code\u003e\u003c/a\u003e fix: rebuild and release 6.11.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/69464f77fa30704897bccce1be2b1f3cda034707\"\u003e\u003ccode\u003e69464f7\u003c/code\u003e\u003c/a\u003e build: release 6.11.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/d37819eea1e9d225727aeeb96c03d3ea2ac12982\"\u003e\u003ccode\u003ed37819e\u003c/code\u003e\u003c/a\u003e build: rebuild bundles and regen lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/315ba51a7ea8d13cf5ebb029e57759c4b24ef346\"\u003e\u003ccode\u003e315ba51\u003c/code\u003e\u003c/a\u003e fix: do not let setProperty change the prototype (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/1899\"\u003e#1899\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/83679692b34ffe373bdb2ffa685a6d8f5753a642\"\u003e\u003ccode\u003e8367969\u003c/code\u003e\u003c/a\u003e fix(deps): patch minimatch vulnerability\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/b130dfd4f06b642d4b7c3ccc9f3f9fb6a6e6ed0d\"\u003e\u003ccode\u003eb130dfd\u003c/code\u003e\u003c/a\u003e chore(6.x): release 6.11.3 (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/1737\"\u003e#1737\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/c2c17ae66810378fbad616964d80894794f1dad1\"\u003e\u003ccode\u003ec2c17ae\u003c/code\u003e\u003c/a\u003e build: publish to main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/b2c6a5c76eccd4bbe445d13e3a04b949f344dd63\"\u003e\u003ccode\u003eb2c6a5c\u003c/code\u003e\u003c/a\u003e build: run tests if ci label added (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/1734\"\u003e#1734\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/6.8.8...v6.11.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~fenster\"\u003efenster\u003c/a\u003e, a new releaser for protobufjs since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `yaml` from 1.7.2 to 1.10.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/eemeli/yaml/releases\"\u003eyaml's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.10.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eprettier/prettier#10510\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.10.1\u003c/h2\u003e\n\u003cp\u003eThis release backports the following non-breaking fixes made during the work on \u003ccode\u003eyaml@2\u003c/code\u003e on top of \u003ccode\u003eyaml@1.10.0\u003c/code\u003e:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for\u003ccode\u003e __proto__\u003c/code\u003e as mapping key \u0026amp; anchor identifier (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/192\"\u003e#192\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix broken TS type for BigInt toggle\u003c/li\u003e\n\u003cli\u003eDump long keys properly (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/195\"\u003e#195\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eWhen folding highly indented lines, require at least \u003ccode\u003eminContentWidth\u003c/code\u003e chars on the first line (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/196\"\u003e#196\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eYAML.stringify()\u003c/code\u003e for certain null values (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/197\"\u003e#197\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDo not break escaped chars with escaped newlines (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/237\"\u003e#237\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/awslabs/cdk8s/issues/8\"\u003eawslabs/cdk8s8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSet \u003ccode\u003etype: \u0026quot;module\u0026quot;\u003c/code\u003e within browser/dist/ (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/208\"\u003e#208\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse CommonJS for the browser endpoints \u003ccode\u003eyaml/types\u003c/code\u003e \u0026amp; \u003ccode\u003eyaml/util\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/208\"\u003e#208\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAlways stringify non-Node object keys using explicit notation (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/218\"\u003e#218\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSpecify node type of \u003ccode\u003eDocument.Parsed.contents\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/221\"\u003e#221\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd missing type for CST \u003ccode\u003eNode.rangeAsLinePos\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/222\"\u003e#222\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePrefer literal over folded block scalar when \u003ccode\u003elineWidth=0\u003c/code\u003e is set (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/232\"\u003e#232\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow for empty lines after node props (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/242\"\u003e#242\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate dev dependencies\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.10.0\u003c/h2\u003e\n\u003cp\u003eThis will probably be the last minor release of \u003ccode\u003eyaml@1\u003c/code\u003e. I'm aiming to release \u003ca href=\"https://github.com/eemeli/yaml/milestone/1\"\u003e\u003ccode\u003eyaml@2\u003c/code\u003e\u003c/a\u003e within a few months; prereleases of that will be published using the \u003ccode\u003enext\u003c/code\u003e dist-tag on npm. Patch releases for 1.10 may still happen, if necessary.\u003c/p\u003e\n\u003ch3\u003eNew Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse Rollup for Node.js \u0026amp; browser builds (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/165\"\u003e#165\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eThis removes most of the internal \u003ccode\u003edist/\u003c/code\u003e paths from the release. If you want/need to use a class or function that is no longer public, please file an issue and we can add it to the exports.\u003c/li\u003e\n\u003cli\u003eDrop dependency on \u003ccode\u003e@babel/runtime\u003c/code\u003e. After this, the package has 0 runtime dependencies. 🎉\u003c/li\u003e\n\u003cli\u003eAdd exports \u003ccode\u003e{ Alias, Collection, Merge, Node }\u003c/code\u003e to 'yaml/types'\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eDocument \u003ccode\u003eSchema.createPair()\u003c/code\u003e \u0026amp; make its \u003ccode\u003ectx\u003c/code\u003e arg optional (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/157\"\u003e#157\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAlways indent top-level scalars with lines starting with document markers or % directives (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/162\"\u003e#162\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse double-space when forcing top-level block scalar indent, for clarity (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/162\"\u003e#162\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003egetNodes(): string[]\u003c/code\u003e method to Anchors (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/166\"\u003e#166\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRefactor Jest config, adding tests for compiled \u003ccode\u003edist/\u003c/code\u003e endpoints\u003c/li\u003e\n\u003cli\u003eRename \u0026amp; refactor source files. This should have no effect on the results, but lots of stuff moved around\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eImproved Errors \u0026amp; Warnings\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThrow more helpful error when setting Pair.commentBefore incorrectly (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/157\"\u003e#157\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBetter errors for bad indents (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/169\"\u003e#169\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop incorrect error for flow mapping keys with length \u0026gt; 1024 chars\u003c/li\u003e\n\u003cli\u003eAdd errors for plain scalars that start with reserved indicators\u003c/li\u003e\n\u003cli\u003eAdd more explicit errors for block scalar values with bad indents\u003c/li\u003e\n\u003cli\u003eEnable log prints during \u003ccode\u003enpm start\u003c/code\u003e debugging\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eImproved TypeScript declarations\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix/simplify export mapping of 'yaml/types' and 'yaml/util'\u003c/li\u003e\n\u003cli\u003eFix types, dropping \u003ccode\u003eAST.{AstNode,ScalarNode,CollectionNode}\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/160\"\u003e#160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd missing \u003ccode\u003etoString()\u003c/code\u003e methods to AST nodes (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/159\"\u003e#159\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd directivesEndMarker to Document type (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/167\"\u003e#167\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/cfe8f0437054ff5fbfe6499894f55b3316a54959\"\u003e\u003ccode\u003ecfe8f04\u003c/code\u003e\u003c/a\u003e 1.10.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/7abcf45dd63f0bc626890ad9a8cdeb397f92be73\"\u003e\u003ccode\u003e7abcf45\u003c/code\u003e\u003c/a\u003e fix: Catch stack overflow during CST composition\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/a0252f8b056f49875d1b79edb8709cff7d7d0dc6\"\u003e\u003ccode\u003ea0252f8\u003c/code\u003e\u003c/a\u003e chore: Add rules avoiding processing of tests/json-test-suite\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/a5e83b05f7124c31b4784b613f0c669959a5ed48\"\u003e\u003ccode\u003ea5e83b0\u003c/code\u003e\u003c/a\u003e style: Apply updates Prettier rules\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/b8ddca0a5d4794a3c60f252d3513e6ff7068fdf0\"\u003e\u003ccode\u003eb8ddca0\u003c/code\u003e\u003c/a\u003e chore: Refresh lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/395f892ec9a26b9038c8db388b675c3281ab8cd3\"\u003e\u003ccode\u003e395f892\u003c/code\u003e\u003c/a\u003e ci: Use a different (working) submodule checkout\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/6fd272052751775e48196024d4bed639cc1e0350\"\u003e\u003ccode\u003e6fd2720\u003c/code\u003e\u003c/a\u003e test-events: Add {} and [] indicators to flow maps \u0026amp; sequences\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/4cdcde632ece71155f3108ec0120c1a0329a6914\"\u003e\u003ccode\u003e4cdcde6\u003c/code\u003e\u003c/a\u003e 1.10.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/7c0e08316d82f167ac0a054428627f6e1f20ac6e\"\u003e\u003ccode\u003e7c0e083\u003c/code\u003e\u003c/a\u003e Allow for unindented comment after node props (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/242\"\u003e#242\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/8ef015788b219a4b249736f4bb8968dafe68dcc4\"\u003e\u003ccode\u003e8ef0157\u003c/code\u003e\u003c/a\u003e 1.10.1\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/eemeli/yaml/compare/v1.7.2...v1.10.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Nichtkunst/brian-lovin-next/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/Nichtkunst/brian-lovin-next/pull/1","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Nichtkunst%2Fbrian-lovin-next/issues/1","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1/packages"}},{"old_version":"3.2.2","new_version":"3.2.3","update_type":"patch","path":null,"pr_created_at":"2026-05-17T04:05:34.000Z","version_change":"3.2.2 → 3.2.3","issue":{"uuid":"4462230916","node_id":"PR_kwDOMUnB387cURpS","number":2,"state":"closed","title":"Bump the npm_and_yarn group across 1 directory with 15 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":true,"comments_count":2,"pull_request":true,"closed_at":"2026-05-17T04:08:07.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-17T04:05:34.000Z","updated_at":"2026-05-17T04:08:09.000Z","time_to_close":153,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":15,"packages":[{"name":"axios","old_version":"1.7.9","new_version":"1.16.1","repository_url":"https://github.com/axios/axios"},{"name":"mongoose","old_version":"8.9.5","new_version":"8.22.1","repository_url":"https://github.com/Automattic/mongoose"},{"name":"next","old_version":"15.1.11","new_version":"15.5.18","repository_url":"https://github.com/vercel/next.js"},{"name":"next-auth","old_version":"5.0.0-beta.25","new_version":"5.0.0-beta.30","repository_url":"https://github.com/nextauthjs/next-auth"},{"name":"postcss","old_version":"8.4.49","new_version":"8.5.10","repository_url":"https://github.com/postcss/postcss"},{"name":"brace-expansion","old_version":"1.1.11","new_version":"2.1.0","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"minimatch","old_version":"3.1.2","new_version":"9.0.9","repository_url":"https://github.com/isaacs/minimatch"},{"name":"flatted","old_version":"3.3.2","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"js-yaml","old_version":"4.1.0","new_version":"4.1.1","repository_url":"https://github.com/nodeca/js-yaml"},{"name":"jws","old_version":"3.2.2","new_version":"3.2.3","repository_url":"https://github.com/brianloveswords/node-jws"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"qs","old_version":"6.13.1","new_version":"6.15.2","repository_url":"https://github.com/ljharb/qs"},{"name":"yaml","old_version":"2.6.1","new_version":"2.9.0","repository_url":"https://github.com/eemeli/yaml"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 13 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [axios](https://github.com/axios/axios) | `1.7.9` | `1.16.1` |\n| [mongoose](https://github.com/Automattic/mongoose) | `8.9.5` | `8.22.1` |\n| [next](https://github.com/vercel/next.js) | `15.1.11` | `15.5.18` |\n| [next-auth](https://github.com/nextauthjs/next-auth) | `5.0.0-beta.25` | `5.0.0-beta.30` |\n| [postcss](https://github.com/postcss/postcss) | `8.4.49` | `8.5.10` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `2.1.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `9.0.9` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.2` | `3.4.2` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `4.1.0` | `4.1.1` |\n| [jws](https://github.com/brianloveswords/node-jws) | `3.2.2` | `3.2.3` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [qs](https://github.com/ljharb/qs) | `6.13.1` | `6.15.2` |\n| [yaml](https://github.com/eemeli/yaml) | `2.6.1` | `2.9.0` |\n\n\nUpdates `axios` from 1.7.9 to 1.16.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/releases\"\u003eaxios's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.16.1 — May 13, 2026\u003c/h2\u003e\n\u003cp\u003eThis release ships a defence-in-depth fix for prototype pollution in \u003ccode\u003eformDataToJSON\u003c/code\u003e, hardens proxy and CI workflows, restores Webpack 4 compatibility for the fetch adapter, and includes several small bug fixes and maintenance improvements.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution Defence-in-Depth:\u003c/strong\u003e Hardened \u003ccode\u003eformDataToJSON\u003c/code\u003e against already-polluted \u003ccode\u003eObject.prototype\u003c/code\u003e by walking own properties only, so attacker-controlled keys inherited from a poisoned prototype cannot propagate through deserialization. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7413\"\u003e#7413\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProxy Cleartext Leak:\u003c/strong\u003e Fixed an issue where HTTPS request data could be transmitted in cleartext to an HTTP proxy under certain configurations. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10858\"\u003e#10858\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eCI Cache Removal:\u003c/strong\u003e Removed all GitHub Actions caches as a defence-in-depth measure against cache poisoning vectors in the build pipeline. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10882\"\u003e#10882\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eData URI Parsing:\u003c/strong\u003e Updated the \u003ccode\u003efromDataURI\u003c/code\u003e regex to match RFC 2397 more strictly, fixing edge cases in \u003ccode\u003edata:\u003c/code\u003e URL handling. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10829\"\u003e#10829\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUnicode Headers:\u003c/strong\u003e Preserved Unicode header values when running through request interceptors, so non-ASCII header content is no longer corrupted before dispatch. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10850\"\u003e#10850\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eXHR Upload Progress:\u003c/strong\u003e Guarded against malformed \u003ccode\u003eProgressEvent\u003c/code\u003e payloads emitted by some environments during XHR upload, preventing crashes when \u003ccode\u003eloaded\u003c/code\u003e / \u003ccode\u003etotal\u003c/code\u003e are missing or invalid. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10868\"\u003e#10868\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eWebpack 4 Fetch Adapter:\u003c/strong\u003e Fixed an \u0026quot;unexpected token\u0026quot; error caused by syntax in the fetch adapter that Webpack 4 could not parse, restoring compatibility for legacy bundler users. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10864\"\u003e#10864\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eType Definitions:\u003c/strong\u003e Made \u003ccode\u003eparseReviver\u003c/code\u003e \u003ccode\u003econtext.source\u003c/code\u003e optional in the type definitions to align with the ES2023 specification. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10837\"\u003e#10837\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eURL Object Support Reverted:\u003c/strong\u003e Reverted the change that allowed passing a \u003ccode\u003eURL\u003c/code\u003e object as \u003ccode\u003econfig.url\u003c/code\u003e (originally \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e\u003c/strong\u003e) due to regressions; this support will be reintroduced in a later release once the underlying issues are addressed. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10874\"\u003e#10874\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eCycle Detection Refactor:\u003c/strong\u003e Replaced the array-based cycle tracker in \u003ccode\u003etoJSONObject\u003c/code\u003e with a \u003ccode\u003eWeakSet\u003c/code\u003e, improving performance and memory behaviour on large nested structures. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10832\"\u003e#10832\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecomposeSignals Cleanup:\u003c/strong\u003e Refactored \u003ccode\u003ecomposeSignals\u003c/code\u003e to use a clearer early-return structure, simplifying the cancellation/abort composition path. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10844\"\u003e#10844\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eAI Readiness \u0026amp; Repo Docs:\u003c/strong\u003e Added \u003ccode\u003eAGENTS.md\u003c/code\u003e and related contributor-guide updates for both human and AI agents, plus post-release documentation improvements. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10835\"\u003e#10835\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10841\"\u003e#10841\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDocs Improvements:\u003c/strong\u003e Clarified the GET request example, fixed the interceptor \u003ccode\u003eeject\u003c/code\u003e example to reference the correct instance, and corrected the Buzzoid sponsor description in the README. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10836\"\u003e#10836\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10853\"\u003e#10853\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10856\"\u003e#10856\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSponsorship Tooling:\u003c/strong\u003e Fixed empty sponsor arrays in the sponsor processing script, added the ability to inject additional sponsors, updated the sponsorship link, and added a Twicsy advertisement entry. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10843\"\u003e#10843\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10859\"\u003e#10859\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10869\"\u003e#10869\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDependencies:\u003c/strong\u003e Bumped \u003ccode\u003e@commitlint/cli\u003c/code\u003e from 20.5.0 to 20.5.2. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10846\"\u003e#10846\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🌟 New Contributors\u003c/h2\u003e\n\u003cp\u003eWe are thrilled to welcome our new contributors. Thank you for helping improve axios:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/hpinmetaverse\"\u003e\u003ccode\u003e@​hpinmetaverse\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10836\"\u003e#10836\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/tommyhgunz14\"\u003e\u003ccode\u003e@​tommyhgunz14\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7413\"\u003e#7413\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/abhu85\"\u003e\u003ccode\u003e@​abhu85\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10829\"\u003e#10829\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/divyanshuraj1095\"\u003e\u003ccode\u003e@​divyanshuraj1095\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10853\"\u003e#10853\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/sagodi97\"\u003e\u003ccode\u003e@​sagodi97\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10856\"\u003e#10856\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/rkdfx\"\u003e\u003ccode\u003e@​rkdfx\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10868\"\u003e#10868\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/Liuwei1125\"\u003e\u003ccode\u003e@​Liuwei1125\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/axios/axios/compare/v1.16.0...v1.16.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.16.0 — May 2, 2026\u003c/h2\u003e\n\u003cp\u003eThis release adds support for the QUERY HTTP method and a new \u003ccode\u003eECONNREFUSED\u003c/code\u003e error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.\u003c/p\u003e\n\u003ch2\u003e⚠️ Notable Changes\u003c/h2\u003e\n\u003cp\u003eA handful of fixes in this release are either security-adjacent or change observable behaviour. Please review before upgrading:\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/blob/v1.x/CHANGELOG.md\"\u003eaxios's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003ev1.16.0 — May 2, 2026\u003c/h2\u003e\n\u003cp\u003eThis release adds support for the QUERY HTTP method and a new \u003ccode\u003eECONNREFUSED\u003c/code\u003e error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.\u003c/p\u003e\n\u003ch2\u003e⚠️ Notable Changes\u003c/h2\u003e\n\u003cp\u003eA handful of fixes in this release are either security-adjacent or change observable behaviour. Please review before upgrading:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFetch adapter now enforces \u003ccode\u003emaxBodyLength\u003c/code\u003e and \u003ccode\u003emaxContentLength\u003c/code\u003e.\u003c/strong\u003e These limits were silently ignored on the fetch adapter prior to 1.16.0 — anyone relying on them as a safety net (DoS protection, accidental large uploads) had no protection. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10795\"\u003e#10795\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProxy requests now preserve user-supplied \u003ccode\u003eHost\u003c/code\u003e headers.\u003c/strong\u003e Previously, the proxy path could overwrite a custom \u003ccode\u003eHost\u003c/code\u003e. Virtual-host-style routing through a proxy will now behave correctly. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10822\"\u003e#10822\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBasic auth credentials embedded in URLs are now URL-decoded.\u003c/strong\u003e If you have percent-encoded credentials in a URL (e.g. \u003ccode\u003ehttps://user:p%40ss@host\u003c/code\u003e), the decoded value is what now goes on the wire. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10825\"\u003e#10825\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eparseProtocol\u003c/code\u003e now strictly requires a colon in the protocol separator.\u003c/strong\u003e Strings that loosely parsed as protocols before may no longer match. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10729\"\u003e#10729\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDeprecated \u003ccode\u003eunescape()\u003c/code\u003e replaced with modern UTF-8 encoding.\u003c/strong\u003e Non-ASCII URL handling is now spec-correct; consumers depending on legacy \u003ccode\u003eunescape()\u003c/code\u003e quirks may see different output bytes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7378\"\u003e#7378\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003etransformRequest\u003c/code\u003e input typing change was reverted.\u003c/strong\u003e The typing change introduced in \u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e was reverted in \u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e after follow-up review — net behavior is unchanged from 1.15.2. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eQUERY HTTP Method:\u003c/strong\u003e Added support for the QUERY HTTP method across adapters and type definitions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10802\"\u003e#10802\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eECONNREFUSED Error Constant:\u003c/strong\u003e Exposed \u003ccode\u003eECONNREFUSED\u003c/code\u003e as a constant on \u003ccode\u003eAxiosError\u003c/code\u003e so callers can match connection-refused failures without comparing string literals (closes \u003ca href=\"https://redirect.github.com/axios/axios/issues/6485\"\u003e#6485\u003c/a\u003e). (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10680\"\u003e#10680\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eEncode Helper Export:\u003c/strong\u003e Exported the internal \u003ccode\u003eencode\u003c/code\u003e helper from \u003ccode\u003ebuildURL\u003c/code\u003e so userland param serializers can reuse the same encoding logic that axios uses internally. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6897\"\u003e#6897\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP Adapter — Redirects \u0026amp; Headers:\u003c/strong\u003e Cleared stale headers when a redirect targets a no-proxy host, fixed the redirect listener chain so listeners no longer stack across hops, restored the missing \u003ccode\u003erequestDetails\u003c/code\u003e argument on \u003ccode\u003ebeforeRedirect\u003c/code\u003e, preserved user-supplied \u003ccode\u003eHost\u003c/code\u003e headers when forwarding through a proxy, and properly URL-decoded basic auth credentials. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10794\"\u003e#10794\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10800\"\u003e#10800\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6241\"\u003e#6241\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10822\"\u003e#10822\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10825\"\u003e#10825\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP Adapter — Streams \u0026amp; Timeouts:\u003c/strong\u003e Preserved the partial response object on \u003ccode\u003eAxiosError\u003c/code\u003e when a stream is aborted after headers arrive, honoured the \u003ccode\u003etimeout\u003c/code\u003e option during the connect phase when redirects are disabled, and resolved an unsettled-promise hang when an aborted request was combined with compression and \u003ccode\u003emaxRedirects: 0\u003c/code\u003e. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10708\"\u003e#10708\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10819\"\u003e#10819\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7149\"\u003e#7149\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eFetch Adapter:\u003c/strong\u003e Enforced \u003ccode\u003emaxBodyLength\u003c/code\u003e / \u003ccode\u003emaxContentLength\u003c/code\u003e in the fetch adapter, set the \u003ccode\u003eUser-Agent\u003c/code\u003e header to match the HTTP adapter, preserved the original abort reason instead of replacing it with a generic error, and deferred global access so importing the module no longer throws a \u003ccode\u003eTypeError\u003c/code\u003e in restricted environments. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10795\"\u003e#10795\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10772\"\u003e#10772\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10806\"\u003e#10806\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7260\"\u003e#7260\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eXHR Adapter:\u003c/strong\u003e Unsubscribed the \u003ccode\u003ecancelToken\u003c/code\u003e and \u003ccode\u003eAbortSignal\u003c/code\u003e listeners on the error, timeout, and abort code paths to prevent leaked subscriptions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10787\"\u003e#10787\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eError Handling:\u003c/strong\u003e Attached the parsed response to \u003ccode\u003eAxiosError\u003c/code\u003e when \u003ccode\u003eJSON.parse\u003c/code\u003e fails inside \u003ccode\u003edispatchRequest\u003c/code\u003e, prevented \u003ccode\u003esettle\u003c/code\u003e from emitting \u003ccode\u003eundefined\u003c/code\u003e error codes, and tightened the \u003ccode\u003eparseProtocol\u003c/code\u003e regex to require a colon in the protocol separator. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10724\"\u003e#10724\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7276\"\u003e#7276\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10729\"\u003e#10729\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTypes \u0026amp; Exports:\u003c/strong\u003e Aligned the CommonJS \u003ccode\u003eCancelToken\u003c/code\u003e typings with the ESM build, fixed a compiler error caused by \u003ccode\u003eRawAxiosHeaders\u003c/code\u003e, and re-exported \u003ccode\u003ecreate\u003c/code\u003e from the package index. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7414\"\u003e#7414\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6389\"\u003e#6389\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6460\"\u003e#6460\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUTF-8 Encoding:\u003c/strong\u003e Replaced the deprecated \u003ccode\u003eunescape()\u003c/code\u003e call with a modern UTF-8 encoding implementation. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7378\"\u003e#7378\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eMisc Cleanup:\u003c/strong\u003e Resolved a batch of small inconsistencies and gadget-level issues across the codebase. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10833\"\u003e#10833\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRefactor — ES6 Modernisation:\u003c/strong\u003e Modernised the \u003ccode\u003eutils\u003c/code\u003e module and XHR adapter to use ES6 features, and tidied the multipart boundary error message. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10588\"\u003e#10588\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7419\"\u003e#7419\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTests:\u003c/strong\u003e Hardened the HTTP test server lifecycle to fix flaky \u003ccode\u003eFormData\u003c/code\u003e EPIPE failures, fixed Win32 platform support for the pipe tests, and corrected an incorrect test assumption. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10820\"\u003e#10820\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10791\"\u003e#10791\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10796\"\u003e#10796\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDocs:\u003c/strong\u003e Documented \u003ccode\u003eparamsSerializer.encode\u003c/code\u003e for strict RFC 3986 query encoding, updated the \u003ccode\u003eparseReviver\u003c/code\u003e TypeScript definitions and configuration docs for ES2023, added timeout guidance to the README's first async example, and expanded notes around the recent type changes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10821\"\u003e#10821\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10782\"\u003e#10782\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10759\"\u003e#10759\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10804\"\u003e#10804\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eReverted:\u003c/strong\u003e Reverted the \u003ccode\u003etransformRequest\u003c/code\u003e input typing change from \u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e after follow-up review. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDependencies:\u003c/strong\u003e Bumped \u003ccode\u003eactions/setup-node\u003c/code\u003e, the \u003ccode\u003egithub-actions\u003c/code\u003e group, and \u003ccode\u003epostcss\u003c/code\u003e (in \u003ccode\u003e/docs\u003c/code\u003e) to their latest versions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10785\"\u003e#10785\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10813\"\u003e#10813\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10814\"\u003e#10814\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRelease:\u003c/strong\u003e Updated changelog and packages, and prepared the 1.16.0 release. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10790\"\u003e#10790\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10834\"\u003e#10834\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🌟 New Contributors\u003c/h2\u003e\n\u003cp\u003eWe are thrilled to welcome our new contributors. Thank you for helping improve axios:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/singhankit001\"\u003e\u003ccode\u003e@​singhankit001\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10588\"\u003e#10588\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/cuiweixie\"\u003e\u003ccode\u003e@​cuiweixie\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7419\"\u003e#7419\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/iruizsalinas\"\u003e\u003ccode\u003e@​iruizsalinas\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10787\"\u003e#10787\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/1337d6b537afb2d3f501074c8ac4ef4308221197\"\u003e\u003ccode\u003e1337d6b\u003c/code\u003e\u003c/a\u003e chore(release): prepare release 1.16.1 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10877\"\u003e#10877\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/858a790cec06054547d0d3f941916d6fb2a4d18e\"\u003e\u003ccode\u003e858a790\u003c/code\u003e\u003c/a\u003e fix: remove all caches (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10882\"\u003e#10882\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/34adfd90efc9c145488399e1cf7fa96de67080fa\"\u003e\u003ccode\u003e34adfd9\u003c/code\u003e\u003c/a\u003e revert: \u0026quot;fix: support URL object as config.url input (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10874\"\u003e#10874\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/847d89b43654405d9a231e0b669832c2092b621f\"\u003e\u003ccode\u003e847d89b\u003c/code\u003e\u003c/a\u003e fix: support URL object as config.url input (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/40948863677bb793bfff0293cce7e7b4f8a1b212\"\u003e\u003ccode\u003e4094886\u003c/code\u003e\u003c/a\u003e fix(progress): guard malformed XHR upload events (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10868\"\u003e#10868\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/44f0c5bf73c45df6009365141faa394d73596bd7\"\u003e\u003ccode\u003e44f0c5b\u003c/code\u003e\u003c/a\u003e chore: change sponsorship link and add Twicsy advertisement (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10869\"\u003e#10869\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/64e1095efedc64c9fecf5176bd9cf2e5e93140d6\"\u003e\u003ccode\u003e64e1095\u003c/code\u003e\u003c/a\u003e chore: update PR and issue template to use h2 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10865\"\u003e#10865\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/3e6b4e1f311b43aa1dc77d78150a601d9fe4b280\"\u003e\u003ccode\u003e3e6b4e1\u003c/code\u003e\u003c/a\u003e fix: error unexpected token in fetch JS compatibility issue with Webpack 4 (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/c4453bab70f53575175903aee60810c821f72129\"\u003e\u003ccode\u003ec4453ba\u003c/code\u003e\u003c/a\u003e fix: add the ability to add additional sponsors to the process sponsors scrip...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/caa00a90b524bb67ed033474abcf4d8645ced793\"\u003e\u003ccode\u003ecaa00a9\u003c/code\u003e\u003c/a\u003e fix: https data in cleartext to proxy (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10858\"\u003e#10858\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/axios/axios/compare/v1.7.9...v1.16.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for axios since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `mongoose` from 8.9.5 to 8.22.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Automattic/mongoose/releases\"\u003emongoose's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e8.22.1 / 2025-02-04\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003efix: handle other top-level query operators in sanitizeFilter\u003c/li\u003e\n\u003cli\u003efix(document): when cloning a doc with subdocs, make sure the subdocs parent is the cloned doc \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15904\"\u003e#15904\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15901\"\u003e#15901\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etypes(models): support Mongoose query casting in AnyBulkWriteOperation filter property \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15910\"\u003e#15910\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etypes: add toBSON() to documents \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15927\"\u003e#15927\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e8.22.0 / 2026-01-27\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003efeat(model): allow passing strict option to hydrate() \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15944\"\u003e#15944\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15940\"\u003e#15940\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.21.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(clone): fix parent doc for map subdocuments and array subdocuments \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15958\"\u003e#15958\u003c/a\u003e \u003ca href=\"https://github.com/AbdelrahmanHafez\"\u003eAbdelrahmanHafez\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(document): when cloning a doc with subdocs, make sure the subdocs parent is the cloned doc \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15904\"\u003e#15904\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15901\"\u003e#15901\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: respect currentTime schema option in bulkWrite updates \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15976\"\u003e#15976\u003c/a\u003e \u003ca href=\"https://github.com/sderrow\"\u003esderrow\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etypes(models): support Mongoose query casting in AnyBulkWriteOperation filter property \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15910\"\u003e#15910\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etypes: add toBSON() to documents \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15927\"\u003e#15927\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e8.21.0 / 2025-12-29\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003efeat(document): add support for getAtomics() to allow custom container types to utilize atomics \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15817\"\u003e#15817\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(document+model): pass options to pre('deleteOne') and update+options to pre('updateOne') hooks \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15908\"\u003e#15908\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15870\"\u003e#15870\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: add support for typescript style enums \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15914\"\u003e#15914\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15913\"\u003e#15913\u003c/a\u003e \u003ca href=\"https://github.com/mjfwebb\"\u003emjfwebb\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e8.20.4 / 2025-12-18\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003efix(model): ensure $isDeleted is set after calling doc.deleteOne() successfully \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15898\"\u003e#15898\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(document): use bitwise OR to accumulate version mode flags \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15893\"\u003e#15893\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15888\"\u003e#15888\u003c/a\u003e \u003ca href=\"https://github.com/AbdelrahmanHafez\"\u003eAbdelrahmanHafez\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e8.20.3 / 2025-12-15\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eperf: use Object.hasOwn instead of Object#hasOwnProperty \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15875\"\u003e#15875\u003c/a\u003e \u003ca href=\"https://github.com/AbdelrahmanHafez\"\u003eAbdelrahmanHafez\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: improve error when calling Document.prototype.init() with null/undefined \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15812\"\u003e#15812\u003c/a\u003e \u003ca href=\"https://github.com/Vegapunk-debug\"\u003eVegapunk-debug\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etypes(schema): avoid treating paths with default: null as required \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15889\"\u003e#15889\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etypes(schema): allow partial statics to schema.statics() \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15780\"\u003e#15780\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e8.20.2 / 2025-12-05\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003efix(model): bump version if necessary after successful bulkSave() \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15809\"\u003e#15809\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15800\"\u003e#15800\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(bulkWrite): pass overwriteImmutable option to castUpdate fixes \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15789\"\u003e#15789\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15782\"\u003e#15782\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15781\"\u003e#15781\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etypes(schema): allow calling schema.static() with as TStatics \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15794\"\u003e#15794\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15780\"\u003e#15780\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e8.20.1 / 2025-11-20\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003etypes: correct Model.schema type and fix unknown check for this param type in schema.methods \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15750\"\u003e#15750\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15693\"\u003e#15693\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: add detailed loadClass() TypeScript usage guide \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15731\"\u003e#15731\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/12813\"\u003e#12813\u003c/a\u003e \u003ca href=\"https://github.com/Necro-Rohan\"\u003eNecro-Rohan\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: update version support documentation for Mongoose \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15761\"\u003e#15761\u003c/a\u003e \u003ca href=\"https://github.com/ManmathX\"\u003eManmathX\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: add copy-to-clipboard feature for code blocks in docs \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15759\"\u003e#15759\u003c/a\u003e \u003ca href=\"https://github.com/vedansha07\"\u003evedansha07\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e8.20.0 / 2025-11-17\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Automattic/mongoose/blob/master/CHANGELOG.md\"\u003emongoose's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e8.22.1 / 2026-02-04\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003efix: handle other top-level query operators in sanitizeFilter\u003c/li\u003e\n\u003cli\u003efix(document): when cloning a doc with subdocs, make sure the subdocs parent is the cloned doc \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15904\"\u003e#15904\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15901\"\u003e#15901\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etypes(models): support Mongoose query casting in AnyBulkWriteOperation filter property \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15910\"\u003e#15910\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etypes: add toBSON() to documents \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15927\"\u003e#15927\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e7.8.9 / 2026-02-04\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003efix: handle other top-level query operators in sanitizeFilter\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e8.22.0 / 2026-01-27\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003efeat(model): allow passing strict option to hydrate() \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15944\"\u003e#15944\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15940\"\u003e#15940\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e8.21.1 / 2026-01-23\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003efix(clone): fix parent doc for map subdocuments and array subdocuments \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15958\"\u003e#15958\u003c/a\u003e \u003ca href=\"https://github.com/AbdelrahmanHafez\"\u003eAbdelrahmanHafez\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(document): when cloning a doc with subdocs, make sure the subdocs parent is the cloned doc \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15904\"\u003e#15904\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15901\"\u003e#15901\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: respect currentTime schema option in bulkWrite updates \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15976\"\u003e#15976\u003c/a\u003e \u003ca href=\"https://github.com/sderrow\"\u003esderrow\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etypes(models): support Mongoose query casting in AnyBulkWriteOperation filter property \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15910\"\u003e#15910\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etypes: add toBSON() to documents \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15927\"\u003e#15927\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e9.1.5 / 2026-01-20\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003efix(map): validate map subdocument when loaded with init \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15960\"\u003e#15960\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15957\"\u003e#15957\u003c/a\u003e \u003ca href=\"https://github.com/AbdelrahmanHafez\"\u003eAbdelrahmanHafez\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(discriminator): prevent indexes and callQueue duplication with shared nested schemas \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15974\"\u003e#15974\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15966\"\u003e#15966\u003c/a\u003e \u003ca href=\"https://github.com/AbdelrahmanHafez\"\u003eAbdelrahmanHafez\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(subdocuments): do not pass parent path on init \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15970\"\u003e#15970\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15969\"\u003e#15969\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15682\"\u003e#15682\u003c/a\u003e \u003ca href=\"https://github.com/AbdelrahmanHafez\"\u003eAbdelrahmanHafez\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etypes(inferrawdoctype): correct handling for subdocs and doc arrays \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15967\"\u003e#15967\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/13772\"\u003e#13772\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: improve grammar and clarity in TypeScript schema comments \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15971\"\u003e#15971\u003c/a\u003e \u003ca href=\"https://github.com/harshsinghpujari\"\u003eharshsinghpujari\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e9.1.4 / 2026-01-15\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003efix: attach sessions to docs retrieved by cursor \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15953\"\u003e#15953\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15949\"\u003e#15949\u003c/a\u003e \u003ca href=\"https://github.com/mjfwalsh\"\u003emjfwalsh\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(model): make hydrate() handle nested schema arrays \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15964\"\u003e#15964\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15956\"\u003e#15956\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(clone): fix parent doc for map subdocuments and array subdocuments \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15958\"\u003e#15958\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15954\"\u003e#15954\u003c/a\u003e \u003ca href=\"https://github.com/AbdelrahmanHafez\"\u003eAbdelrahmanHafez\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: prevent crash when accessing nested paths on prototype \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15962\"\u003e#15962\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15961\"\u003e#15961\u003c/a\u003e \u003ca href=\"https://github.com/som14062005\"\u003esom14062005\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e9.1.3 / 2026-01-09\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003efix(model): support timestamps option to insertMany() as both boolean and QueryTimestampsConfig \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15941\"\u003e#15941\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15938\"\u003e#15938\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(query): include preview of current and incoming update in error when merging normal update with pipeline \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15939\"\u003e#15939\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15928\"\u003e#15928\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etypes(model): apply basic type casting to paths underneath subdocuments \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15948\"\u003e#15948\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15947\"\u003e#15947\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etypes(utility): make WithLevel1NestedPaths correctly handle PopulatedDoc and other TypeScript unions with Document members \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15942\"\u003e#15942\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15923\"\u003e#15923\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs(schema): expose \u0026quot;DocumentArrayElement\u0026quot; \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15590\"\u003e#15590\u003c/a\u003e \u003ca href=\"https://github.com/hasezoey\"\u003ehasezoey\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e9.1.2 / 2026-01-05\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003efix(subdocs): pass options to pre-save hooks for subdocs \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15921\"\u003e#15921\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15920\"\u003e#15920\u003c/a\u003e \u003ca href=\"https://github.com/AbdelrahmanHafez\"\u003eAbdelrahmanHafez\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eperf(model): select only _id when checking document existence during save() \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15919\"\u003e#15919\u003c/a\u003e \u003ca href=\"https://github.com/AbdelrahmanHafez\"\u003eAbdelrahmanHafez\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Automattic/mongoose/commit/472e7c7072e6696ead2cc06123b18a2068c1e04c\"\u003e\u003ccode\u003e472e7c7\u003c/code\u003e\u003c/a\u003e chore: release 8.22.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Automattic/mongoose/commit/17351494cd540ea60f24515f99e88506a95c5b8b\"\u003e\u003ccode\u003e1735149\u003c/code\u003e\u003c/a\u003e Merge branch '7.x' into 8.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Automattic/mongoose/commit/52278018019e8a331e1556bfc88c30c673404102\"\u003e\u003ccode\u003e5227801\u003c/code\u003e\u003c/a\u003e chore: release 7.8.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Automattic/mongoose/commit/b804e34e4d4cc670d7247fbd558c47412b4e5e01\"\u003e\u003ccode\u003eb804e34\u003c/code\u003e\u003c/a\u003e fix: handle other top-level query operators in sanitizeFilter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Automattic/mongoose/commit/8d9a81f54a9b9fa8ae5f5091dda5b082437ad69b\"\u003e\u003ccode\u003e8d9a81f\u003c/code\u003e\u003c/a\u003e chore: release 8.22.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Automattic/mongoose/commit/f752854cee2000df5ca46c6bd961df86fc2461e7\"\u003e\u003ccode\u003ef752854\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15985\"\u003e#15985\u003c/a\u003e from Automattic/8.22\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Automattic/mongoose/commit/e7a57ed33ad1a96c03716edb2ec69546a656fffa\"\u003e\u003ccode\u003ee7a57ed\u003c/code\u003e\u003c/a\u003e avoid hardcoding dbName\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Automattic/mongoose/commit/31adbb4587238a5d17423e7a6358d1eecacbb7a7\"\u003e\u003ccode\u003e31adbb4\u003c/code\u003e\u003c/a\u003e chore: release 8.21.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Automattic/mongoose/commit/62a5af713cea05399208c66f93f1abf099cc70cf\"\u003e\u003ccode\u003e62a5af7\u003c/code\u003e\u003c/a\u003e test: bring test cases from \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15958\"\u003e#15958\u003c/a\u003e into 8.x to ensure fixes are applied in 8.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Automattic/mongoose/commit/bc8cb23508bc034b38e94e8ec002770e22de9c58\"\u003e\u003ccode\u003ebc8cb23\u003c/code\u003e\u003c/a\u003e implement review suggestions\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Automattic/mongoose/compare/8.9.5...8.22.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for mongoose since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `next` from 15.1.11 to 15.5.18\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vercel/next.js/releases\"\u003enext's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev15.5.18\u003c/h2\u003e\n\u003cp\u003eThis release contains security fixes for the following advisories:\u003c/p\u003e\n\u003cp\u003eHigh:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-8h8q-6873-q5fj\"\u003eGHSA-8h8q-6873-q5fj: Denial of Service with Server Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-267c-6grr-h53f\"\u003eGHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-26hh-7cqf-hhc6\"\u003eGHSA-26hh-7cqf-hhc6: Middleware / Proxy bypass in App Router applications via segment-prefetch routes - Incomplete Fix Follow-Up\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-mg66-mrh9-m8jx\"\u003eGHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-492v-c6pp-mqqv\"\u003eGHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-c4j6-fc7j-m34r\"\u003eGHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-36qx-fr4f-26g5\"\u003eGHSA-36qx-fr4f-26g5: Middleware / Proxy bypass in Pages Router applications using i18n\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eModerate:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-ffhc-5mcf-pf4q\"\u003eGHSA-ffhc-5mcf-pf4q: Cross-site scripting in App Router applications using CSP nonces\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-gx5p-jg67-6x7h\"\u003eGHSA-gx5p-jg67-6x7h: Cross-site scripting in beforeInteractive scripts with untrusted input\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-h64f-5h5j-jqjh\"\u003eGHSA-h64f-5h5j-jqjh: Denial of Service in the Image Optimization API\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-wfc6-r584-vfw7\"\u003eGHSA-wfc6-r584-vfw7: Cache poisoning in React Server Component responses\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eLow:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-vfv6-92ff-j949\"\u003eGHSA-vfv6-92ff-j949: Cache poisoning via collisions in React Server Component cache-busting\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-3g8h-86w9-wvmq\"\u003eGHSA-3g8h-86w9-wvmq: Middleware / Proxy redirects can be cache-poisoned\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev15.5.16\u003c/h2\u003e\n\u003cp\u003eThis release contains security fixes for the following advisories:\u003c/p\u003e\n\u003cp\u003eHigh:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-8h8q-6873-q5fj\"\u003eGHSA-8h8q-6873-q5fj: Denial of Service with Server Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-267c-6grr-h53f\"\u003eGHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-mg66-mrh9-m8jx\"\u003eGHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-492v-c6pp-mqqv\"\u003eGHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-c4j6-fc7j-m34r\"\u003eGHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-36qx-fr4f-26g5\"\u003eGHSA-36qx-fr4f-26g5: Middleware / Proxy bypass in Pages Router applications using i18n\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eModerate:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-ffhc-5mcf-pf4q\"\u003eGHSA-ffhc-5mcf-pf4q: Cross-site scripting in App Router applications using CSP nonces\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-gx5p-jg67-6x7h\"\u003eGHSA-gx5p-jg67-6x7h: Cross-site scripting in beforeInteractive scripts with untrusted input\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-h64f-5h5j-jqjh\"\u003eGHSA-h64f-5h5j-jqjh: Denial of Service in the Image Optimization API\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-wfc6-r584-vfw7\"\u003eGHSA-wfc6-r584-vfw7: Cache poisoning in React Server Component responses\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eLow:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-vfv6-92ff-j949\"\u003eGHSA-vfv6-92ff-j949: Cache poisoning via collisions in React Server Component cache-busting\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-3g8h-86w9-wvmq\"\u003eGHSA-3g8h-86w9-wvmq: Middleware / Proxy redirects can be cache-poisoned\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev15.5.15\u003c/h2\u003e\n\u003cp\u003ePlease refer the following changelogs for more information about this security release:\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://vercel.com/changelog/summary-of-cve-2026-23869\"\u003ehttps://vercel.com/changelog/summary-of-cve-2026-23869\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev15.5.14\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/9ff92cebcaa6ba4e7463b6fd037a8510ba9b81ec\"\u003e\u003ccode\u003e9ff92ce\u003c/code\u003e\u003c/a\u003e v15.5.18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/00ebe23562bd7eb32dd78730984bfadb47138bcf\"\u003e\u003ccode\u003e00ebe23\u003c/code\u003e\u003c/a\u003e [backport] Disable build caches for production/staging/force-preview deploys ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/62c97ab0b5825e2cbc15f6b682d8286a8dd6a038\"\u003e\u003ccode\u003e62c97ab\u003c/code\u003e\u003c/a\u003e v15.5.17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/423623ae38c106273085b66946ee5bf9aab77f2c\"\u003e\u003ccode\u003e423623a\u003c/code\u003e\u003c/a\u003e Turbopack: Match proxy matchers with webpack implementation (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93594\"\u003e#93594\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/fa787399b38d9aa702118f9bd23a8315b9f0ecc6\"\u003e\u003ccode\u003efa78739\u003c/code\u003e\u003c/a\u003e Turbopack: Fix middleware matcher suffix (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93590\"\u003e#93590\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/36e62c6eb7813e42d409eb487f93b829f4ad77e8\"\u003e\u003ccode\u003e36e62c6\u003c/code\u003e\u003c/a\u003e [backport] Turbopack: more strict vergen setup (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93588\"\u003e#93588\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/36589b5db512b7704cdadd873cbe49b6dbcc9261\"\u003e\u003ccode\u003e36589b5\u003c/code\u003e\u003c/a\u003e [backport][test] Pin package manager to patch versions (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93596\"\u003e#93596\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/ad6fd4e50e5aba20b60d283c42b89273a3167ccd\"\u003e\u003ccode\u003ead6fd4e\u003c/code\u003e\u003c/a\u003e v15.5.16\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/79d7dff1448483f0c8f187f98887b31019f6e494\"\u003e\u003ccode\u003e79d7dff\u003c/code\u003e\u003c/a\u003e Ignore malformed CSP nonce headers (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/c4f69086cc8dcbd81b1dbc321c98ea874d90d6f8\"\u003e\u003ccode\u003ec4f6908\u003c/code\u003e\u003c/a\u003e router-server: guard upgrade proxy against absolute-url SSRF (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/77\"\u003e#77\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vercel/next.js/compare/v15.1.11...v15.5.18\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for next since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `next-auth` from 5.0.0-beta.25 to 5.0.0-beta.30\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nextauthjs/next-auth/releases\"\u003enext-auth's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003enext-auth@5.0.0-beta.29\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: always check typeof BroadcastChannel by \u003ca href=\"https://github.com/maiconcarraro\"\u003e\u003ccode\u003e@​maiconcarraro\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nextauthjs/next-auth/pull/12937\"\u003enextauthjs/next-auth#12937\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(providers): enable OIDC capabilities for Keycloak by \u003ca href=\"https://github.com/jvllmr\"\u003e\u003ccode\u003e@​jvllmr\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nextauthjs/next-auth/pull/12964\"\u003enextauthjs/next-auth#12964\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix typo: succesful -\u0026gt; successful by \u003ca href=\"https://github.com/changeworld\"\u003e\u003ccode\u003e@​changeworld\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nextauthjs/next-auth/pull/12973\"\u003enextauthjs/next-auth#12973\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix undefined providerId by \u003ca href=\"https://github.com/Regloom\"\u003e\u003ccode\u003e@​Regloom\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nextauthjs/next-auth/pull/12947\"\u003enextauthjs/next-auth#12947\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: fix typo profie -\u0026gt; profile by \u003ca href=\"https://github.com/changeworld\"\u003e\u003ccode\u003e@​changeworld\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nextauthjs/next-auth/pull/12987\"\u003enextauthjs/next-auth#12987\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: Fix typo initalization -\u0026gt; initialization by \u003ca href=\"https://github.com/changeworld\"\u003e\u003ccode\u003e@​changeworld\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nextauthjs/next-auth/pull/12989\"\u003enextauthjs/next-auth#12989\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: Fix typo depencies -\u0026gt; dependencies by \u003ca href=\"https://github.com/changeworld\"\u003e\u003ccode\u003e@​changeworld\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nextauthjs/next-auth/pull/12983\"\u003enextauthjs/next-auth#12983\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: add missing \u0026quot;key\u0026quot; prop for form element in providerMap iterator by \u003ca href=\"https://github.com/frshaad\"\u003e\u003ccode\u003e@​frshaad\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nextauthjs/next-auth/pull/13023\"\u003enextauthjs/next-auth#13023\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(docs): fix typo Minmum -\u0026gt; Minimum by \u003ca href=\"https://github.com/changeworld\"\u003e\u003ccode\u003e@​changeworld\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nextauthjs/next-auth/pull/13007\"\u003enextauthjs/next-auth#13007\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(docs): fix typo Avaliable Scopes -\u0026gt; Available Scopes by \u003ca href=\"https://github.com/changeworld\"\u003e\u003ccode\u003e@​changeworld\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nextauthjs/next-auth/pull/13009\"\u003enextauthjs/next-auth#13009\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(adapter): transistion to surrealdb@^1.0.0 by \u003ca href=\"https://github.com/dvanmali\"\u003e\u003ccode\u003e@​dvanmali\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nextauthjs/next-auth/pull/11911\"\u003enextauthjs/next-auth#11911\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix(provider): Mailgun region selection by \u003ca href=\"https://github.com/benhovinga\"\u003e\u003ccode\u003e@​benhovinga\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nextauthjs/next-auth/pull/13027\"\u003enextauthjs/next-auth#13027\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(next-auth): add missing middleware wrapper type to auth function by \u003ca href=\"https://github.com/k-taro56\"\u003e\u003ccode\u003e@​k-taro56\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nextauthjs/next-auth/pull/13026\"\u003enextauthjs/next-auth#13026\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate extending-the-session.mdx by \u003ca href=\"https://github.com/adriancuadrado\"\u003e\u003ccode\u003e@​adriancuadrado\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nextauthjs/next-auth/pull/13064\"\u003enextauthjs/next-auth#13064\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(adapters): handle P2025 errors without importing Prisma namespace by \u003ca href=\"https://github.com/karl-barbour\"\u003e\u003ccode\u003e@​karl-barbour\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nextauthjs/next-auth/pull/13061\"\u003enextauthjs/next-auth#13061\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(docs): Fix syntax error in RBAC guide by \u003ca href=\"https://github.com/benhovinga\"\u003e\u003ccode\u003e@​benhovinga\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nextauthjs/next-auth/pull/12733\"\u003enextauthjs/next-auth#12733\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(provider): Microsoft Entra ID by \u003ca href=\"https://github.com/benhovinga\"\u003e\u003ccode\u003e@​benhovinga\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nextauthjs/next-auth/pull/12616\"\u003enextauthjs/next-auth#12616\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate index.ts by \u003ca href=\"https://github.com/adriancuadrado\"\u003e\u003ccode\u003e@​adriancuadrado\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nextauthjs/next-auth/pull/13066\"\u003enextauthjs/next-auth#13066\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/maiconcarraro\"\u003e\u003ccode\u003e@​maiconcarraro\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/nextauthjs/next-auth/pull/12937\"\u003enextauthjs/next-auth#12937\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jvllmr\"\u003e\u003ccode\u003e@​jvllmr\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/nextauthjs/next-auth/pull/12964\"\u003enextauthjs/next-auth#12964\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Regloom\"\u003e\u003ccode\u003e@​Regloom\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/nextauthjs/next-auth/pull/12947\"\u003enextauthjs/next-auth#12947\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/frshaad\"\u003e\u003ccode\u003e@​frshaad\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/nextauthjs/next-auth/pull/13023\"\u003enextauthjs/next-auth#13023\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dvanmali\"\u003e\u003ccode\u003e@​dvanmali\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/nextauthjs/next-auth/pull/11911\"\u003enextauthjs/next-auth#11911\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/adriancuadrado\"\u003e\u003ccode\u003e@​adriancuadrado\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/nextauthjs/next-auth/pull/13064\"\u003enextauthjs/next-auth#13064\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/karl-barbour\"\u003e\u003ccode\u003e@​karl-barbour\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/nextauthjs/next-auth/pull/13061\"\u003enextauthjs/next-auth#13061\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nextauthjs/next-auth/compare/next-auth@5.0.0-beta.28...next-auth@5.0.0-beta.29\"\u003ehttps://github.com/nextauthjs/next-auth/compare/next-auth@5.0.0-beta.28...next-auth@5.0.0-beta.29\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/nextauthjs/next-auth/commits/next-auth@5.0.0-beta.30\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~himself_65\"\u003ehimself_65\u003c/a\u003e, a new releaser for next-auth since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `postcss` from 8.4.49 to 8.5.10\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/releases\"\u003epostcss's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcessor#version\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map annotation cleaning performance (by CodeAnt AI).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eContainerWithChildren\u003c/code\u003e type discriminating (by \u003ca href=\"https://github.com/Goodwine\"\u003e\u003ccode\u003e@​Goodwine\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epackage.json\u003c/code\u003e→\u003ccode\u003eexports\u003c/code\u003e compatibility with some tools (by \u003ca href=\"https://github.com/JounQin\"\u003e\u003ccode\u003e@​JounQin\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed Parcel compatibility issue (by \u003ca href=\"https://github.com/git-sumitchaudhary\"\u003e\u003ccode\u003e@​git-sumitchaudhary\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded more details to \u003ccode\u003eUnknown word\u003c/code\u003e error (by \u003ca href=\"https://github.com/hiepxanh\"\u003e\u003ccode\u003e@​hiepxanh\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFixed types (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFixed docs (by \u003ca href=\"https://github.com/catnipan\"\u003e\u003ccode\u003e@​catnipan\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed end position of rules with semicolon (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed backwards compatibility for complex cases (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5 “Duke Alloces”\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003ePostCSS 8.5 brought API to work better with non-CSS sources like HTML, Vue.js/Svelte sources or CSS-in-JS.\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e during \u003ca href=\"https://redirect.github.com/postcss/postcss/issues/1995\"\u003ehis work\u003c/a\u003e on \u003ca href=\"https://stylelint.io\"\u003eStylelint\u003c/a\u003e added \u003ccode\u003eInput#document\u003c/code\u003e in additional to \u003ccode\u003eInput#css\u003c/code\u003e.\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003eroot.source.input.document //=\u0026gt; \u0026quot;\u0026lt;p\u0026gt;Hello\u0026lt;/p\u0026gt;\r\n                           //    \u0026lt;style\u0026gt;\r\n                           //    p {\r\n                           //      color: green;\r\n                           //    }\r\n                           //    \u0026lt;/style\u0026gt;\u0026quot;\r\nroot.source.input.css      //=\u0026gt; \u0026quot;p {\r\n                           //      color: green;\r\n                           //    }\u0026quot;\r\n\u003cp\u003e\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt;\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/blob/main/CHANGELOG.md\"\u003epostcss's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcessor#version\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map annotation cleaning performance (by CodeAnt AI).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eContainerWithChildren\u003c/code\u003e type discriminating (by \u003ca href=\"https://github.com/Goodwine\"\u003e\u003ccode\u003e@​Goodwine\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epackage.json\u003c/code\u003e→\u003ccode\u003eexports\u003c/code\u003e compatibility with some tools (by \u003ca href=\"https://github.com/JounQin\"\u003e\u003ccode\u003e@​JounQin\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed Parcel compatibility issue (by \u003ca href=\"https://github.com/git-sumitchaudhary\"\u003e\u003ccode\u003e@​git-sumitchaudhary\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded more details to \u003ccode\u003eUnknown word\u003c/code\u003e error (by \u003ca href=\"https://github.com/hiepxanh\"\u003e\u003ccode\u003e@​hiepxanh\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFixed types (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFixed docs (by \u003ca href=\"https://github.com/catnipan\"\u003e\u003ccode\u003e@​catnipan\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed end position of rules with semicolon (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed backwards compatibility for complex cases (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5 “Duke Alloces”\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003eInput#document\u003c/code\u003e for sources like CSS-in-JS or HTML (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/33b9790263dc1562a46ce45d9532bd63e95b7986\"\u003e\u003ccode\u003e33b9790\u003c/code\u003e\u003c/a\u003e Release 8.5.10 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/536c79e4b01e58a3a56b09c3c0cf2323f4b9a28b\"\u003e\u003ccode\u003e536c79e\u003c/code\u003e\u003c/a\u003e Escape \u0026lt;/style\u0026gt; in CSS output (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2074\"\u003e#2074\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/afa96b2a139ce625c4d27973313479c7c85f39d4\"\u003e\u003ccode\u003eafa96b2\u003c/code\u003e\u003c/a\u003e Update dependencies (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2073\"\u003e#2073\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/effe88bb87cabdc1876e02adbdd30f392f19f40d\"\u003e\u003ccode\u003eeffe88b\u003c/code\u003e\u003c/a\u003e Typo (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2072\"\u003e#2072\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/3ee79a2c4a11e41d52db50b444eebe38299495ad\"\u003e\u003ccode\u003e3ee79a2\u003c/code\u003e\u003c/a\u003e Thread model (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2071\"\u003e#2071\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/2e0683daca4dc2919211b03774f6b2d137136c01\"\u003e\u003ccode\u003e2e0683d\u003c/code\u003e\u003c/a\u003e Create incident response docs (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/fe88ac29c06b7b218be32994cdc6ca1525bdf2c9\"\u003e\u003ccode\u003efe88ac2\u003c/code\u003e\u003c/a\u003e Release 8.5.9 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/c551632496b87ab3f1965bfda5dc386b6c71963e\"\u003e\u003ccode\u003ec551632\u003c/code\u003e\u003c/a\u003e Avoid RegExp when we can use simple JS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/89a6b744060eb8dee743351c785a9fbe37d4525a\"\u003e\u003ccode\u003e89a6b74\u003c/code\u003e\u003c/a\u003e Move SECURITY.txt for docs folder to keep GitHub page cleaner\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/6ceb8a46af9f9de821faee98f861bdf84617347b\"\u003e\u003ccode\u003e6ceb8a4\u003c/code\u003e\u003c/a\u003e Create SECURITY.md\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/postcss/postcss/compare/8.4.49...8.5.10\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `brace-expansion` from 1.1.11 to 2.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/juliangruber/brace-expansion/releases\"\u003ebrace-expansion's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003epkg: publish on tag 2.x  14f1d91\u003c/li\u003e\n\u003cli\u003efmt  ed7780a\u003c/li\u003e\n\u003cli\u003eFix potential ReDoS Vulnerability or Inefficient Regular Expression (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/65\"\u003e#65\u003c/a\u003e)  36603d5\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v2.0.1...v2.0.2\"\u003ehttps://github.com/juliangruber/brace-expansion/compare/v2.0.1...v2.0.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.1.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003epkg: publish on tag 1.x  c460dbd\u003c/li\u003e\n\u003cli\u003efmt  ccb8ac6\u003c/li\u003e\n\u003cli\u003eFix potential ReDoS Vulnerability or Inefficient Regular Expression (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/65\"\u003e#65\u003c/a\u003e)  c3c73c8\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v1.1.11...v1.1.12\"\u003ehttps://github.com/juliangruber/brace-expansion/compare/v1.1.11...v1.1.12\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/1ee4a9069c69a51bd502aab289c0c6629c8920ca\"\u003e\u003ccode\u003e1ee4a90\u003c/code\u003e\u003c/a\u003e 2.1.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/b0302ac153ecfaad66752aac79bf30d2895db8f1\"\u003e\u003ccode\u003eb0302ac\u003c/code\u003e\u003c/a\u003e Add opt-in { max } mitigation to v2 legacy line (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/100\"\u003e#100\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/73b5459d2ab973c984d01324769d306f66440c7e\"\u003e\u003ccode\u003e73b5459\u003c/code\u003e\u003c/a\u003e 2.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/311ac0d54994158c0a384e286a7d6cbb17ee8ed5\"\u003e\u003ccode\u003e311ac0d\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-f886-m6hf-6m8v to v2 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/96\"\u003e#96\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/a3efcee659ef0fb381e2b50d759c720900580a15\"\u003e\u003ccode\u003ea3efcee\u003c/code\u003e\u003c/a\u003e 2.0.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/14f1d91b0523ffb0c8bbe6a28dc98ddc56ae53bc\"\u003e\u003ccode\u003e14f1d91\u003c/code\u003e\u003c/a\u003e pkg: publish on tag 2.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/ed7780ab1cb8a7696f1813b5a945fcc70d8d1990\"\u003e\u003ccode\u003eed7780a\u003c/code\u003e\u003c/a\u003e fmt\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/36603d5f3599a37af9e85eda30acd7d28599c36e\"\u003e\u003ccode\u003e36603d5\u003c/code\u003e\u003c/a\u003e Fix potential ReDoS Vulnerability or Inefficient Regular Expression (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/65\"\u003e#65\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/b9c0e57027317a8d0a56a7ccee28fc478d847da2\"\u003e\u003ccode\u003eb9c0e57\u003c/code\u003e\u003c/a\u003e 2.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/4d96d7dbca632806263efb0da8d1e9d8a2143cc2\"\u003e\u003ccode\u003e4d96d7d\u003c/code\u003e\u003c/a\u003e switch to fork of matcha that works on node\u0026gt;12\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/1.1.11...v2.1.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 3.1.2 to 9.0.9\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/isaacs/minimatch/blob/main/changelog.md\"\u003eminimatch's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003echange log\u003c/h1\u003e\n\u003ch2\u003e10.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003ebraceExpandMax\u003c/code\u003e option\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e10.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003emagicalBraces\u003c/code\u003e option for \u003ccode\u003eescape\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003emakeRe\u003c/code\u003e when \u003ccode\u003epartial: true\u003c/code\u003e is set.\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003emakeRe\u003c/code\u003e when pattern ends in a final \u003ccode\u003e**\u003c/code\u003e path part.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e10.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRequire node 20 or 22 and higher\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e9.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo default export, only named exports.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRecursive descent parser for extglob, allowing correct support\nfor arbitrarily nested extglob expressions\u003c/li\u003e\n\u003cli\u003eBump required Node.js version\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eescape()\u003c/code\u003e method\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eunescape()\u003c/code\u003e method\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eMinimatch.hasMagic()\u003c/code\u003e method\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for posix character classes in a unicode-aware way.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003ewindowsNoMagicRoot\u003c/code\u003e option\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eoptimizationLevel\u003c/code\u003e configuration option, and revert the\ndefault back to the 6.2 style minimal optimizations, making the\nadvanced transforms introduced in 7.0 opt-in. Also, process\nprovided file paths in the same way in optimizationLevel:2\nmode, so \u003cem\u003emost\u003c/em\u003e things that matched with optimizationLevel 1 or\n0 \u003cem\u003eshould\u003c/em\u003e match with level 2 as well. However, level 1 is the\ndefault, out of an abundance of caution.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/s...\n\n_Description has been truncated_","html_url":"https://github.com/reddevilprasun/webplus/pull/2","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/reddevilprasun%2Fwebplus/issues/2","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2/packages"}},{"old_version":"3.2.2","new_version":"3.2.3","update_type":"patch","path":null,"pr_created_at":"2026-05-16T11:49:54.000Z","version_change":"3.2.2 → 3.2.3","issue":{"uuid":"4459767226","node_id":"PR_kwDOSPVOwc7cNBBu","number":10,"state":"closed","title":"Bump the npm_and_yarn group across 21 directories with 28 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-16T11:57:02.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-16T11:49:54.000Z","updated_at":"2026-05-16T11:57:04.000Z","time_to_close":428,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":28,"packages":[{"name":"axios","old_version":"0.21.4","new_version":"1.16.1","repository_url":"https://github.com/axios/axios"},{"name":"express","old_version":"4.21.2","new_version":"4.22.0","repository_url":"https://github.com/expressjs/express"},{"name":"esbuild","old_version":"0.18.20","new_version":"0.25.0","repository_url":"https://github.com/evanw/esbuild"},{"name":"jws","old_version":"3.2.2","new_version":"3.2.3","repository_url":"https://github.com/brianloveswords/node-jws"},{"name":"brace-expansion","old_version":"1.1.11","new_version":"1.1.14","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"flatted","old_version":"3.3.3","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"js-yaml","old_version":"3.14.1","new_version":"3.14.2","repository_url":"https://github.com/nodeca/js-yaml"},{"name":"lodash","old_version":"4.17.21","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"minimatch","old_version":"3.1.2","new_version":"3.1.5","repository_url":"https://github.com/isaacs/minimatch"},{"name":"path-to-regexp","old_version":"0.1.12","new_version":"0.1.13","repository_url":"https://github.com/pillarjs/path-to-regexp"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 11 updates in the /samples/TeamsJS/app-sso/nodejs directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [axios](https://github.com/axios/axios) | `0.21.4` | `1.16.1` |\n| [express](https://github.com/expressjs/express) | `4.21.2` | `4.22.0` |\n| [esbuild](https://github.com/evanw/esbuild) | `0.18.20` | `0.25.0` |\n| [jws](https://github.com/brianloveswords/node-jws) | `3.2.2` | `3.2.3` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.14` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `0.1.12` | `0.1.13` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n\nBumps the npm_and_yarn group with 6 updates in the /samples/TeamsJS/connector-github-notification/nodejs directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [express](https://github.com/expressjs/express) | `4.18.2` | `4.22.0` |\n| [esbuild](https://github.com/evanw/esbuild) | `0.18.5` | `0.25.0` |\n| [cookie](https://github.com/jshttp/cookie) | `0.4.1` | `0.7.2` |\n| [semver](https://github.com/npm/node-semver) | `5.7.1` | `5.7.2` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [mongoose](https://github.com/Automattic/mongoose) | `4.13.21` | `6.13.9` |\n\nBumps the npm_and_yarn group with 9 updates in the /samples/TeamsJS/graph-activity-feed/nodejs directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [axios](https://github.com/axios/axios) | `0.21.4` | `0.31.1` |\n| [express](https://github.com/expressjs/express) | `4.21.2` | `4.22.0` |\n| [esbuild](https://github.com/evanw/esbuild) | `0.18.20` | `0.25.0` |\n| [jws](https://github.com/brianloveswords/node-jws) | `3.2.2` | `3.2.3` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `2.0.1` | `2.1.0` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.14` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `2.0.2` | `2.1.0` |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.9` | `1.16.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `5.1.6` | `5.1.9` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `0.1.12` | `0.1.13` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n\nBumps the npm_and_yarn group with 11 updates in the /samples/TeamsJS/graph-bulk-meetings/csharp/EventMeeting/ClientApp directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [axios](https://github.com/axios/axios) | `0.21.4` | `0.31.1` |\n| [express](https://github.com/expressjs/express) | `4.18.2` | `4.22.2` |\n| [@babel/runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-runtime) | `7.20.1` | `7.29.2` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.14` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.2.7` | `3.4.2` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [json5](https://github.com/json5/json5) | `1.0.1` | `2.2.3` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.5` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [ejs](https://github.com/mde/ejs) | `2.7.4` | `3.1.10` |\n\nBumps the npm_and_yarn group with 9 updates in the /samples/TeamsJS/graph-bulk-meetings/nodejs directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [axios](https://github.com/axios/axios) | `0.21.4` | `0.31.1` |\n| [express](https://github.com/expressjs/express) | `4.21.2` | `4.22.0` |\n| [esbuild](https://github.com/evanw/esbuild) | `0.18.20` | `0.25.0` |\n| [jws](https://github.com/brianloveswords/node-jws) | `3.2.2` | `3.2.3` |\n| [jws](https://github.com/brianloveswords/node-jws) | `4.0.0` | `4.0.1` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `2.0.1` | `2.1.0` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.14` |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.9` | `1.16.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `5.1.6` | `5.1.9` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `0.1.12` | `0.1.13` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n\nBumps the npm_and_yarn group with 6 updates in the /samples/TeamsJS/graph-bulk-meetings/nodejs/client directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [axios](https://github.com/axios/axios) | `0.21.4` | `0.31.1` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `2.1.0` |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.9` | `1.16.0` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `4.1.1` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `4.0.4` |\n\nBumps the npm_and_yarn group with 9 updates in the /samples/TeamsJS/graph-pinned-messages/nodejs directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [axios](https://github.com/axios/axios) | `0.21.4` | `0.31.1` |\n| [express](https://github.com/expressjs/express) | `4.21.2` | `4.22.0` |\n| [esbuild](https://github.com/evanw/esbuild) | `0.18.20` | `0.25.0` |\n| [jws](https://github.com/brianloveswords/node-jws) | `3.2.2` | `3.2.3` |\n| [jws](https://github.com/brianloveswords/node-jws) | `4.0.0` | `4.0.1` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `2.0.1` | `2.1.0` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.14` |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.9` | `1.16.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `5.1.6` | `5.1.9` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `0.1.12` | `0.1.13` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n\nBumps the npm_and_yarn group with 9 updates in the /samples/TeamsJS/graph-teams-tag/nodejs directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [axios](https://github.com/axios/axios) | `0.21.4` | `0.31.1` |\n| [express](https://github.com/expressjs/express) | `4.21.2` | `4.22.0` |\n| [esbuild](https://github.com/evanw/esbuild) | `0.18.20` | `0.25.0` |\n| [jws](https://github.com/brianloveswords/node-jws) | `3.2.2` | `3.2.3` |\n| [jws](https://github.com/brianloveswords/node-jws) | `4.0.0` | `4.0.1` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `2.0.1` | `2.1.0` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.14` |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.9` | `1.16.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `5.1.6` | `5.1.9` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `0.1.12` | `0.1.13` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n\nBumps the npm_and_yarn group with 10 updates in the /samples/TeamsJS/graph-teams-tag/nodejs/client directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [axios](https://github.com/axios/axios) | `0.21.4` | `0.31.1` |\n| [express](https://github.com/expressjs/express) | `4.18.1` | `4.22.2` |\n| [@babel/runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-runtime) | `7.18.9` | `7.29.2` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.14` |\n| [braces](https://github.com/micromatch/braces) | `2.3.2` | `3.0.3` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.2.6` | `3.4.2` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [json5](https://github.com/json5/json5) | `1.0.1` | `2.2.3` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.5` |\n\nBumps the npm_and_yarn group with 12 updates in the /samples/TeamsJS/meeting-tabs/nodejs directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [axios](https://github.com/axios/axios) | `0.21.4` | `0.31.1` |\n| [express](https://github.com/expressjs/express) | `4.18.2` | `4.22.2` |\n| [@babel/runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-runtime) | `7.22.6` | `7.29.2` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.14` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `2.0.1` | `2.1.0` |\n| [braces](https://github.com/micromatch/braces) | `3.0.2` | `3.0.3` |\n| [semver](https://github.com/npm/node-semver) | `6.3.0` | `6.3.1` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.2.7` | `3.4.2` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `4.1.1` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [minimatch](https://github.com/isaacs/minimatch) | `5.1.6` | `5.1.9` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [ejs](https://github.com/mde/ejs) | `3.1.9` | `3.1.10` |\n\nBumps the npm_and_yarn group with 10 updates in the /samples/TeamsJS/meetings-audio-state/nodejs directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [axios](https://github.com/axios/axios) | `0.21.4` | `0.31.1` |\n| [express](https://github.com/expressjs/express) | `4.18.1` | `4.22.2` |\n| [@babel/runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-runtime) | `7.18.9` | `7.29.2` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.14` |\n| [braces](https://github.com/micromatch/braces) | `2.3.2` | `3.0.3` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.2.6` | `3.4.2` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [json5](https://github.com/json5/json5) | `1.0.1` | `2.2.3` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.5` |\n\nBumps the npm_and_yarn group with 7 updates in the /samples/TeamsJS/meetings-stage-view/nodejs directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [axios](https://github.com/axios/axios) | `0.21.4` | `0.31.1` |\n| [express](https://github.com/expressjs/express) | `4.21.2` | `4.22.0` |\n| [esbuild](https://github.com/evanw/esbuild) | `0.18.20` | `0.25.0` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `2.0.1` | `2.1.0` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.14` |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.9` | `1.16.0` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `0.1.12` | `0.1.13` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n\nBumps the npm_and_yarn group with 5 updates in the /samples/TeamsJS/tab-external-auth/nodejs/api-server directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [axios](https://github.com/axios/axios) | `0.21.1` | `0.31.1` |\n| [express](https://github.com/expressjs/express) | `4.18.2` | `4.22.0` |\n| [jws](https://github.com/brianloveswords/node-jws) | `3.2.2` | `3.2.3` |\n| [semver](https://github.com/npm/node-semver) | `5.7.1` | `5.7.2` |\n| [jsonwebtoken](https://github.com/auth0/node-jsonwebtoken) | `8.5.1` | `9.0.3` |\n\nBumps the npm_and_yarn group with 9 updates in the /samples/TeamsJS/tab-people-picker/nodejs directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [axios](https://github.com/axios/axios) | `0.21.4` | `0.31.1` |\n| [express](https://github.com/expressjs/express) | `4.21.2` | `4.22.0` |\n| [esbuild](https://github.com/evanw/esbuild) | `0.18.20` | `0.25.0` |\n| [jws](https://github.com/brianloveswords/node-jws) | `3.2.2` | `3.2.3` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `2.0.1` | `2.1.0` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.14` |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.9` | `1.16.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `5.1.6` | `5.1.9` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `0.1.12` | `0.1.13` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n\nBumps the npm_and_yarn group with 8 updates in the /samples/TeamsJS/tab-request-approval/nodejs directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [axios](https://github.com/axios/axios) | `0.21.4` | `0.31.1` |\n| [express](https://github.com/expressjs/express) | `4.21.2` | `4.22.0` |\n| [esbuild](https://github.com/evanw/esbuild) | `0.18.20` | `0.25.0` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `2.0.1` | `2.1.0` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.14` |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.9` | `1.16.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `5.1.6` | `5.1.9` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `0.1.12` | `0.1.13` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n\nBumps the npm_and_yarn group with 2 updates in the /samples/app-complete-sample/nodejs directory: [axios](https://github.com/axios/axios) and [minimatch](https://github.com/isaacs/minimatch).\nBumps the npm_and_yarn group with 1 update in the /samples/bot-release-management/nodejs directory: [axios](https://github.com/axios/axios).\nBumps the npm_and_yarn group with 10 updates in the /samples/graph-appcatalog-lifecycle/nodejs directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [axios](https://github.com/axios/axios) | `0.21.1` | `1.16.1` |\n| [esbuild](https://github.com/evanw/esbuild) | `0.18.11` | `0.25.0` |\n| [@babel/runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-runtime) | `7.14.0` | `7.29.2` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.14` |\n| [braces](https://github.com/micromatch/braces) | `3.0.2` | `3.0.3` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.1.1` | `3.4.2` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n\nBumps the npm_and_yarn group with 3 updates in the /samples/graph-proactive-installation/nodejs directory: [axios](https://github.com/axios/axios), [express](https://github.com/expressjs/express) and [esbuild](https://github.com/evanw/esbuild).\nBumps the npm_and_yarn group with 14 updates in the /samples/tab-stage-view/nodejs directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [axios](https://github.com/axios/axios) | `0.21.4` | `1.16.1` |\n| [express](https://github.com/expressjs/express) | `4.17.1` | `4.22.0` |\n| [esbuild](https://github.com/evanw/esbuild) | `0.18.14` | `0.25.0` |\n| [@babel/runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-runtime) | `7.14.8` | `7.29.2` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `2.0.1` | `2.1.0` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.14` |\n| [braces](https://github.com/micromatch/braces) | `3.0.2` | `3.0.3` |\n| [semver](https://github.com/npm/node-semver) | `5.7.1` | `5.7.2` |\n| [semver](https://github.com/npm/node-semver) | `6.3.0` | `6.3.1` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.2.2` | `3.4.2` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [json5](https://github.com/json5/json5) | `2.2.0` | `2.2.3` |\n| [minimatch](https://github.com/isaacs/minimatch) | `5.1.6` | `5.1.9` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [minimist](https://github.com/minimistjs/minimist) | `1.2.5` | `1.2.8` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [ejs](https://github.com/mde/ejs) | `3.1.9` | `3.1.10` |\n\nBumps the npm_and_yarn group with 16 updates in the /samples/tab-staggered-permission/nodejs directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [axios](https://github.com/axios/axios) | `0.21.4` | `removed` |\n| [express](https://github.com/expressjs/express) | `4.17.2` | `4.22.0` |\n| [esbuild](https://github.com/evanw/esbuild) | `0.18.13` | `0.25.0` |\n| [@babel/runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-runtime) | `7.12.13` | `7.29.2` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.14` |\n| [braces](https://github.com/micromatch/braces) | `3.0.2` | `3.0.3` |\n| [semver](https://github.com/npm/node-semver) | `7.3.5` | `7.8.0` |\n| [semver](https://github.com/npm/node-semver) | `6.3.0` | `6.3.1` |\n| [semver](https://github.com/npm/node-semver) | `5.7.1` | `5.7.2` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.2.5` | `3.4.2` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [json5](https://github.com/json5/json5) | `1.0.1` | `1.0.2` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.5` |\n| [minimist](https://github.com/minimistjs/minimist) | `1.2.5` | `1.2.8` |\n| [node-fetch](https://github.com/node-fetch/node-fetch) | `2.6.1` | `2.7.0` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [ejs](https://github.com/mde/ejs) | `3.1.6` | `3.1.10` |\n| [got](https://github.com/sindresorhus/got) | `9.6.0` | `removed` |\n\n\nUpdates `axios` from 0.21.4 to 1.16.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/releases\"\u003eaxios's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.16.1 — May 13, 2026\u003c/h2\u003e\n\u003cp\u003eThis release ships a defence-in-depth fix for prototype pollution in \u003ccode\u003eformDataToJSON\u003c/code\u003e, hardens proxy and CI workflows, restores Webpack 4 compatibility for the fetch adapter, and includes several small bug fixes and maintenance improvements.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution Defence-in-Depth:\u003c/strong\u003e Hardened \u003ccode\u003eformDataToJSON\u003c/code\u003e against already-polluted \u003ccode\u003eObject.prototype\u003c/code\u003e by walking own properties only, so attacker-controlled keys inherited from a poisoned prototype cannot propagate through deserialization. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7413\"\u003e#7413\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProxy Cleartext Leak:\u003c/strong\u003e Fixed an issue where HTTPS request data could be transmitted in cleartext to an HTTP proxy under certain configurations. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10858\"\u003e#10858\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eCI Cache Removal:\u003c/strong\u003e Removed all GitHub Actions caches as a defence-in-depth measure against cache poisoning vectors in the build pipeline. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10882\"\u003e#10882\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eData URI Parsing:\u003c/strong\u003e Updated the \u003ccode\u003efromDataURI\u003c/code\u003e regex to match RFC 2397 more strictly, fixing edge cases in \u003ccode\u003edata:\u003c/code\u003e URL handling. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10829\"\u003e#10829\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUnicode Headers:\u003c/strong\u003e Preserved Unicode header values when running through request interceptors, so non-ASCII header content is no longer corrupted before dispatch. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10850\"\u003e#10850\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eXHR Upload Progress:\u003c/strong\u003e Guarded against malformed \u003ccode\u003eProgressEvent\u003c/code\u003e payloads emitted by some environments during XHR upload, preventing crashes when \u003ccode\u003eloaded\u003c/code\u003e / \u003ccode\u003etotal\u003c/code\u003e are missing or invalid. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10868\"\u003e#10868\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eWebpack 4 Fetch Adapter:\u003c/strong\u003e Fixed an \u0026quot;unexpected token\u0026quot; error caused by syntax in the fetch adapter that Webpack 4 could not parse, restoring compatibility for legacy bundler users. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10864\"\u003e#10864\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eType Definitions:\u003c/strong\u003e Made \u003ccode\u003eparseReviver\u003c/code\u003e \u003ccode\u003econtext.source\u003c/code\u003e optional in the type definitions to align with the ES2023 specification. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10837\"\u003e#10837\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eURL Object Support Reverted:\u003c/strong\u003e Reverted the change that allowed passing a \u003ccode\u003eURL\u003c/code\u003e object as \u003ccode\u003econfig.url\u003c/code\u003e (originally \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e\u003c/strong\u003e) due to regressions; this support will be reintroduced in a later release once the underlying issues are addressed. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10874\"\u003e#10874\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eCycle Detection Refactor:\u003c/strong\u003e Replaced the array-based cycle tracker in \u003ccode\u003etoJSONObject\u003c/code\u003e with a \u003ccode\u003eWeakSet\u003c/code\u003e, improving performance and memory behaviour on large nested structures. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10832\"\u003e#10832\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecomposeSignals Cleanup:\u003c/strong\u003e Refactored \u003ccode\u003ecomposeSignals\u003c/code\u003e to use a clearer early-return structure, simplifying the cancellation/abort composition path. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10844\"\u003e#10844\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eAI Readiness \u0026amp; Repo Docs:\u003c/strong\u003e Added \u003ccode\u003eAGENTS.md\u003c/code\u003e and related contributor-guide updates for both human and AI agents, plus post-release documentation improvements. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10835\"\u003e#10835\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10841\"\u003e#10841\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDocs Improvements:\u003c/strong\u003e Clarified the GET request example, fixed the interceptor \u003ccode\u003eeject\u003c/code\u003e example to reference the correct instance, and corrected the Buzzoid sponsor description in the README. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10836\"\u003e#10836\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10853\"\u003e#10853\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10856\"\u003e#10856\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSponsorship Tooling:\u003c/strong\u003e Fixed empty sponsor arrays in the sponsor processing script, added the ability to inject additional sponsors, updated the sponsorship link, and added a Twicsy advertisement entry. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10843\"\u003e#10843\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10859\"\u003e#10859\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10869\"\u003e#10869\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDependencies:\u003c/strong\u003e Bumped \u003ccode\u003e@commitlint/cli\u003c/code\u003e from 20.5.0 to 20.5.2. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10846\"\u003e#10846\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🌟 New Contributors\u003c/h2\u003e\n\u003cp\u003eWe are thrilled to welcome our new contributors. Thank you for helping improve axios:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/hpinmetaverse\"\u003e\u003ccode\u003e@​hpinmetaverse\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10836\"\u003e#10836\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/tommyhgunz14\"\u003e\u003ccode\u003e@​tommyhgunz14\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7413\"\u003e#7413\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/abhu85\"\u003e\u003ccode\u003e@​abhu85\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10829\"\u003e#10829\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/divyanshuraj1095\"\u003e\u003ccode\u003e@​divyanshuraj1095\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10853\"\u003e#10853\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/sagodi97\"\u003e\u003ccode\u003e@​sagodi97\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10856\"\u003e#10856\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/rkdfx\"\u003e\u003ccode\u003e@​rkdfx\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10868\"\u003e#10868\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/Liuwei1125\"\u003e\u003ccode\u003e@​Liuwei1125\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/axios/axios/compare/v1.16.0...v1.16.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.16.0 — May 2, 2026\u003c/h2\u003e\n\u003cp\u003eThis release adds support for the QUERY HTTP method and a new \u003ccode\u003eECONNREFUSED\u003c/code\u003e error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.\u003c/p\u003e\n\u003ch2\u003e⚠️ Notable Changes\u003c/h2\u003e\n\u003cp\u003eA handful of fixes in this release are either security-adjacent or change observable behaviour. Please review before upgrading:\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/blob/v1.x/CHANGELOG.md\"\u003eaxios's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003ev1.16.0 — May 2, 2026\u003c/h2\u003e\n\u003cp\u003eThis release adds support for the QUERY HTTP method and a new \u003ccode\u003eECONNREFUSED\u003c/code\u003e error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.\u003c/p\u003e\n\u003ch2\u003e⚠️ Notable Changes\u003c/h2\u003e\n\u003cp\u003eA handful of fixes in this release are either security-adjacent or change observable behaviour. Please review before upgrading:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFetch adapter now enforces \u003ccode\u003emaxBodyLength\u003c/code\u003e and \u003ccode\u003emaxContentLength\u003c/code\u003e.\u003c/strong\u003e These limits were silently ignored on the fetch adapter prior to 1.16.0 — anyone relying on them as a safety net (DoS protection, accidental large uploads) had no protection. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10795\"\u003e#10795\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProxy requests now preserve user-supplied \u003ccode\u003eHost\u003c/code\u003e headers.\u003c/strong\u003e Previously, the proxy path could overwrite a custom \u003ccode\u003eHost\u003c/code\u003e. Virtual-host-style routing through a proxy will now behave correctly. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10822\"\u003e#10822\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBasic auth credentials embedded in URLs are now URL-decoded.\u003c/strong\u003e If you have percent-encoded credentials in a URL (e.g. \u003ccode\u003ehttps://user:p%40ss@host\u003c/code\u003e), the decoded value is what now goes on the wire. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10825\"\u003e#10825\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eparseProtocol\u003c/code\u003e now strictly requires a colon in the protocol separator.\u003c/strong\u003e Strings that loosely parsed as protocols before may no longer match. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10729\"\u003e#10729\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDeprecated \u003ccode\u003eunescape()\u003c/code\u003e replaced with modern UTF-8 encoding.\u003c/strong\u003e Non-ASCII URL handling is now spec-correct; consumers depending on legacy \u003ccode\u003eunescape()\u003c/code\u003e quirks may see different output bytes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7378\"\u003e#7378\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003etransformRequest\u003c/code\u003e input typing change was reverted.\u003c/strong\u003e The typing change introduced in \u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e was reverted in \u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e after follow-up review — net behavior is unchanged from 1.15.2. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eQUERY HTTP Method:\u003c/strong\u003e Added support for the QUERY HTTP method across adapters and type definitions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10802\"\u003e#10802\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eECONNREFUSED Error Constant:\u003c/strong\u003e Exposed \u003ccode\u003eECONNREFUSED\u003c/code\u003e as a constant on \u003ccode\u003eAxiosError\u003c/code\u003e so callers can match connection-refused failures without comparing string literals (closes \u003ca href=\"https://redirect.github.com/axios/axios/issues/6485\"\u003e#6485\u003c/a\u003e). (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10680\"\u003e#10680\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eEncode Helper Export:\u003c/strong\u003e Exported the internal \u003ccode\u003eencode\u003c/code\u003e helper from \u003ccode\u003ebuildURL\u003c/code\u003e so userland param serializers can reuse the same encoding logic that axios uses internally. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6897\"\u003e#6897\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP Adapter — Redirects \u0026amp; Headers:\u003c/strong\u003e Cleared stale headers when a redirect targets a no-proxy host, fixed the redirect listener chain so listeners no longer stack across hops, restored the missing \u003ccode\u003erequestDetails\u003c/code\u003e argument on \u003ccode\u003ebeforeRedirect\u003c/code\u003e, preserved user-supplied \u003ccode\u003eHost\u003c/code\u003e headers when forwarding through a proxy, and properly URL-decoded basic auth credentials. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10794\"\u003e#10794\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10800\"\u003e#10800\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6241\"\u003e#6241\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10822\"\u003e#10822\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10825\"\u003e#10825\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP Adapter — Streams \u0026amp; Timeouts:\u003c/strong\u003e Preserved the partial response object on \u003ccode\u003eAxiosError\u003c/code\u003e when a stream is aborted after headers arrive, honoured the \u003ccode\u003etimeout\u003c/code\u003e option during the connect phase when redirects are disabled, and resolved an unsettled-promise hang when an aborted request was combined with compression and \u003ccode\u003emaxRedirects: 0\u003c/code\u003e. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10708\"\u003e#10708\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10819\"\u003e#10819\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7149\"\u003e#7149\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eFetch Adapter:\u003c/strong\u003e Enforced \u003ccode\u003emaxBodyLength\u003c/code\u003e / \u003ccode\u003emaxContentLength\u003c/code\u003e in the fetch adapter, set the \u003ccode\u003eUser-Agent\u003c/code\u003e header to match the HTTP adapter, preserved the original abort reason instead of replacing it with a generic error, and deferred global access so importing the module no longer throws a \u003ccode\u003eTypeError\u003c/code\u003e in restricted environments. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10795\"\u003e#10795\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10772\"\u003e#10772\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10806\"\u003e#10806\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7260\"\u003e#7260\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eXHR Adapter:\u003c/strong\u003e Unsubscribed the \u003ccode\u003ecancelToken\u003c/code\u003e and \u003ccode\u003eAbortSignal\u003c/code\u003e listeners on the error, timeout, and abort code paths to prevent leaked subscriptions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10787\"\u003e#10787\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eError Handling:\u003c/strong\u003e Attached the parsed response to \u003ccode\u003eAxiosError\u003c/code\u003e when \u003ccode\u003eJSON.parse\u003c/code\u003e fails inside \u003ccode\u003edispatchRequest\u003c/code\u003e, prevented \u003ccode\u003esettle\u003c/code\u003e from emitting \u003ccode\u003eundefined\u003c/code\u003e error codes, and tightened the \u003ccode\u003eparseProtocol\u003c/code\u003e regex to require a colon in the protocol separator. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10724\"\u003e#10724\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7276\"\u003e#7276\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10729\"\u003e#10729\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTypes \u0026amp; Exports:\u003c/strong\u003e Aligned the CommonJS \u003ccode\u003eCancelToken\u003c/code\u003e typings with the ESM build, fixed a compiler error caused by \u003ccode\u003eRawAxiosHeaders\u003c/code\u003e, and re-exported \u003ccode\u003ecreate\u003c/code\u003e from the package index. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7414\"\u003e#7414\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6389\"\u003e#6389\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6460\"\u003e#6460\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUTF-8 Encoding:\u003c/strong\u003e Replaced the deprecated \u003ccode\u003eunescape()\u003c/code\u003e call with a modern UTF-8 encoding implementation. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7378\"\u003e#7378\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eMisc Cleanup:\u003c/strong\u003e Resolved a batch of small inconsistencies and gadget-level issues across the codebase. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10833\"\u003e#10833\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRefactor — ES6 Modernisation:\u003c/strong\u003e Modernised the \u003ccode\u003eutils\u003c/code\u003e module and XHR adapter to use ES6 features, and tidied the multipart boundary error message. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10588\"\u003e#10588\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7419\"\u003e#7419\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTests:\u003c/strong\u003e Hardened the HTTP test server lifecycle to fix flaky \u003ccode\u003eFormData\u003c/code\u003e EPIPE failures, fixed Win32 platform support for the pipe tests, and corrected an incorrect test assumption. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10820\"\u003e#10820\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10791\"\u003e#10791\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10796\"\u003e#10796\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDocs:\u003c/strong\u003e Documented \u003ccode\u003eparamsSerializer.encode\u003c/code\u003e for strict RFC 3986 query encoding, updated the \u003ccode\u003eparseReviver\u003c/code\u003e TypeScript definitions and configuration docs for ES2023, added timeout guidance to the README's first async example, and expanded notes around the recent type changes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10821\"\u003e#10821\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10782\"\u003e#10782\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10759\"\u003e#10759\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10804\"\u003e#10804\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eReverted:\u003c/strong\u003e Reverted the \u003ccode\u003etransformRequest\u003c/code\u003e input typing change from \u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e after follow-up review. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDependencies:\u003c/strong\u003e Bumped \u003ccode\u003eactions/setup-node\u003c/code\u003e, the \u003ccode\u003egithub-actions\u003c/code\u003e group, and \u003ccode\u003epostcss\u003c/code\u003e (in \u003ccode\u003e/docs\u003c/code\u003e) to their latest versions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10785\"\u003e#10785\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10813\"\u003e#10813\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10814\"\u003e#10814\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRelease:\u003c/strong\u003e Updated changelog and packages, and prepared the 1.16.0 release. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10790\"\u003e#10790\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10834\"\u003e#10834\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🌟 New Contributors\u003c/h2\u003e\n\u003cp\u003eWe are thrilled to welcome our new contributors. Thank you for helping improve axios:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/singhankit001\"\u003e\u003ccode\u003e@​singhankit001\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10588\"\u003e#10588\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/cuiweixie\"\u003e\u003ccode\u003e@​cuiweixie\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7419\"\u003e#7419\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/iruizsalinas\"\u003e\u003ccode\u003e@​iruizsalinas\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10787\"\u003e#10787\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/1337d6b537afb2d3f501074c8ac4ef4308221197\"\u003e\u003ccode\u003e1337d6b\u003c/code\u003e\u003c/a\u003e chore(release): prepare release 1.16.1 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10877\"\u003e#10877\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/858a790cec06054547d0d3f941916d6fb2a4d18e\"\u003e\u003ccode\u003e858a790\u003c/code\u003e\u003c/a\u003e fix: remove all caches (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10882\"\u003e#10882\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/34adfd90efc9c145488399e1cf7fa96de67080fa\"\u003e\u003ccode\u003e34adfd9\u003c/code\u003e\u003c/a\u003e revert: \u0026quot;fix: support URL object as config.url input (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10874\"\u003e#10874\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/847d89b43654405d9a231e0b669832c2092b621f\"\u003e\u003ccode\u003e847d89b\u003c/code\u003e\u003c/a\u003e fix: support URL object as config.url input (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/40948863677bb793bfff0293cce7e7b4f8a1b212\"\u003e\u003ccode\u003e4094886\u003c/code\u003e\u003c/a\u003e fix(progress): guard malformed XHR upload events (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10868\"\u003e#10868\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/44f0c5bf73c45df6009365141faa394d73596bd7\"\u003e\u003ccode\u003e44f0c5b\u003c/code\u003e\u003c/a\u003e chore: change sponsorship link and add Twicsy advertisement (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10869\"\u003e#10869\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/64e1095efedc64c9fecf5176bd9cf2e5e93140d6\"\u003e\u003ccode\u003e64e1095\u003c/code\u003e\u003c/a\u003e chore: update PR and issue template to use h2 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10865\"\u003e#10865\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/3e6b4e1f311b43aa1dc77d78150a601d9fe4b280\"\u003e\u003ccode\u003e3e6b4e1\u003c/code\u003e\u003c/a\u003e fix: error unexpected token in fetch JS compatibility issue with Webpack 4 (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/c4453bab70f53575175903aee60810c821f72129\"\u003e\u003ccode\u003ec4453ba\u003c/code\u003e\u003c/a\u003e fix: add the ability to add additional sponsors to the process sponsors scrip...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/caa00a90b524bb67ed033474abcf4d8645ced793\"\u003e\u003ccode\u003ecaa00a9\u003c/code\u003e\u003c/a\u003e fix: https data in cleartext to proxy (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10858\"\u003e#10858\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/axios/axios/compare/v0.21.4...v1.16.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for axios since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `express` from 4.21.2 to 4.22.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/expressjs/express/releases\"\u003eexpress's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.22.0\u003c/h2\u003e\n\u003ch2\u003eImportant: Security\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity fix for \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2024-51999\"\u003eCVE-2024-51999\u003c/a\u003e (\u003ca href=\"https://github.com/expressjs/express/security/advisories/GHSA-pj86-cfqh-vqx6\"\u003eGHSA-pj86-cfqh-vqx6\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRefactor: improve readability by \u003ca href=\"https://github.com/sazk07\"\u003e\u003ccode\u003e@​sazk07\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6190\"\u003eexpressjs/express#6190\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add support for Node.js@23.0 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6080\"\u003eexpressjs/express#6080\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMethod functions with no path should error by \u003ca href=\"https://github.com/wesleytodd\"\u003e\u003ccode\u003e@​wesleytodd\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/5957\"\u003eexpressjs/express#5957\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: updated github actions ci workflow by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6323\"\u003eexpressjs/express#6323\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: reorder \u003ccode\u003enpm i\u003c/code\u003e steps to fix ci for older node versions by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6336\"\u003eexpressjs/express#6336\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBackport: ci: add node.js 24 to test matrix by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6506\"\u003eexpressjs/express#6506\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(4.x): wider range for query test skip by \u003ca href=\"https://github.com/jonchurch\"\u003e\u003ccode\u003e@​jonchurch\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6513\"\u003eexpressjs/express#6513\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003euse tilde notation for certain dependencies by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6905\"\u003eexpressjs/express#6905\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeps: qs@6.14.0 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6909\"\u003eexpressjs/express#6909\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeps: use tilde notation for \u003ccode\u003eqs\u003c/code\u003e by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6919\"\u003eexpressjs/express#6919\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelease: 4.22.0 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6921\"\u003eexpressjs/express#6921\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/expressjs/express/compare/4.21.2...4.22.0\"\u003ehttps://github.com/expressjs/express/compare/4.21.2...4.22.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/expressjs/express/blob/4.22.0/History.md\"\u003eexpress's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e4.22.0 / 2025-12-01\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity fix for \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2024-51999\"\u003eCVE-2024-51999\u003c/a\u003e (\u003ca href=\"https://github.com/expressjs/express/security/advisories/GHSA-pj86-cfqh-vqx6\"\u003eGHSA-pj86-cfqh-vqx6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edeps: use tilde notation for dependencies\u003c/li\u003e\n\u003cli\u003edeps: qs@6.14.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/49744abd1120484fe64d7bde1cd3197c32523b6e\"\u003e\u003ccode\u003e49744ab\u003c/code\u003e\u003c/a\u003e 4.22.0 (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6921\"\u003e#6921\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/6e97452f600a3b01719fbc5517d833c7646b0bb7\"\u003e\u003ccode\u003e6e97452\u003c/code\u003e\u003c/a\u003e sec: security patch for CVE-2024-51999\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/6a23d34d652b9e69a4486d2a2a0dea54b9685fa5\"\u003e\u003ccode\u003e6a23d34\u003c/code\u003e\u003c/a\u003e deps: use tilde notation for \u003ccode\u003eqs\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6919\"\u003e#6919\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/8c12cdf93b89a4628b59179e3cc0722fc517d6b3\"\u003e\u003ccode\u003e8c12cdf\u003c/code\u003e\u003c/a\u003e deps: qs@6.14.0 (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6909\"\u003e#6909\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/7fea74fcf02764580f38f2a7f1932dfa54cddd90\"\u003e\u003ccode\u003e7fea74f\u003c/code\u003e\u003c/a\u003e deps: use tilde notation for certain dependencies (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6905\"\u003e#6905\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/dac7a0475a99e9dfc57b3b8e6d5bdf52813f1944\"\u003e\u003ccode\u003edac7a04\u003c/code\u003e\u003c/a\u003e chore: wider range for query test skip (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6513\"\u003e#6513\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/997919b48879bbd53171c3b4e5dd1b04ad139241\"\u003e\u003ccode\u003e997919b\u003c/code\u003e\u003c/a\u003e ci: add node.js 24 to test matrix (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6506\"\u003e#6506\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/36fb59c6c7d9dfca0b08dfeafb5b6e4a249234a1\"\u003e\u003ccode\u003e36fb59c\u003c/code\u003e\u003c/a\u003e fix(ci): reorder \u003ccode\u003enpm i\u003c/code\u003e steps to fix ci for older node versions (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6336\"\u003e#6336\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/3a5edfaff06f1a2c7079b08d0635108b371eddfd\"\u003e\u003ccode\u003e3a5edfa\u003c/code\u003e\u003c/a\u003e fix(ci): updated github actions ci workflow (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6323\"\u003e#6323\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/52d978119a7af27667cce5d99ac0739dc269d818\"\u003e\u003ccode\u003e52d9781\u003c/code\u003e\u003c/a\u003e fix(test): add test for method routes without paths \u003ca href=\"https://redirect.github.com/expressjs/express/issues/5955\"\u003e#5955\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/expressjs/express/compare/4.21.2...4.22.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `esbuild` from 0.18.20 to 0.25.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/evanw/esbuild/releases\"\u003eesbuild's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.25.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eThis release deliberately contains backwards-incompatible changes.\u003c/strong\u003e To avoid automatically picking up releases like this, you should either be pinning the exact version of \u003ccode\u003eesbuild\u003c/code\u003e in your \u003ccode\u003epackage.json\u003c/code\u003e file (recommended) or be using a version range syntax that only accepts patch upgrades such as \u003ccode\u003e^0.24.0\u003c/code\u003e or \u003ccode\u003e~0.24.0\u003c/code\u003e. See npm's documentation about \u003ca href=\"https://docs.npmjs.com/cli/v6/using-npm/semver/\"\u003esemver\u003c/a\u003e for more information.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eRestrict access to esbuild's development server (\u003ca href=\"https://github.com/evanw/esbuild/security/advisories/GHSA-67mh-4wv8-2f99\"\u003eGHSA-67mh-4wv8-2f99\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThis change addresses esbuild's first security vulnerability report. Previously esbuild set the \u003ccode\u003eAccess-Control-Allow-Origin\u003c/code\u003e header to \u003ccode\u003e*\u003c/code\u003e to allow esbuild's development server to be flexible in how it's used for development. However, this allows the websites you visit to make HTTP requests to esbuild's local development server, which gives read-only access to your source code if the website were to fetch your source code's specific URL. You can read more information in \u003ca href=\"https://github.com/evanw/esbuild/security/advisories/GHSA-67mh-4wv8-2f99\"\u003ethe report\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eStarting with this release, \u003ca href=\"https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS\"\u003eCORS\u003c/a\u003e will now be disabled, and requests will now be denied if the host does not match the one provided to \u003ccode\u003e--serve=\u003c/code\u003e. The default host is \u003ccode\u003e0.0.0.0\u003c/code\u003e, which refers to all of the IP addresses that represent the local machine (e.g. both \u003ccode\u003e127.0.0.1\u003c/code\u003e and \u003ccode\u003e192.168.0.1\u003c/code\u003e). If you want to customize anything about esbuild's development server, you can \u003ca href=\"https://esbuild.github.io/api/#serve-proxy\"\u003eput a proxy in front of esbuild\u003c/a\u003e and modify the incoming and/or outgoing requests.\u003c/p\u003e\n\u003cp\u003eIn addition, the \u003ccode\u003eserve()\u003c/code\u003e API call has been changed to return an array of \u003ccode\u003ehosts\u003c/code\u003e instead of a single \u003ccode\u003ehost\u003c/code\u003e string. This makes it possible to determine all of the hosts that esbuild's development server will accept.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/sapphi-red\"\u003e\u003ccode\u003e@​sapphi-red\u003c/code\u003e\u003c/a\u003e for reporting this issue.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDelete output files when a build fails in watch mode (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/3643\"\u003e#3643\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eIt has been requested for esbuild to delete files when a build fails in watch mode. Previously esbuild left the old files in place, which could cause people to not immediately realize that the most recent build failed. With this release, esbuild will now delete all output files if a rebuild fails. Fixing the build error and triggering another rebuild will restore all output files again.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix correctness issues with the CSS nesting transform (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/3620\"\u003e#3620\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/3877\"\u003e#3877\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/3933\"\u003e#3933\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/3997\"\u003e#3997\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4005\"\u003e#4005\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/evanw/esbuild/pull/4037\"\u003e#4037\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/evanw/esbuild/pull/4038\"\u003e#4038\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThis release fixes the following problems:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eNaive expansion of CSS nesting can result in an exponential blow-up of generated CSS if each nesting level has multiple selectors. Previously esbuild sometimes collapsed individual nesting levels using \u003ccode\u003e:is()\u003c/code\u003e to limit expansion. However, this collapsing wasn't correct in some cases, so it has been removed to fix correctness issues.\u003c/p\u003e\n\u003cpre lang=\"css\"\u003e\u003ccode\u003e/* Original code */\r\n.parent {\r\n  \u0026gt; .a,\r\n  \u0026gt; .b1 \u0026gt; .b2 {\r\n    color: red;\r\n  }\r\n}\r\n\u003cp\u003e/* Old output (with --supported:nesting=false) */\u003cbr /\u003e\n.parent \u0026gt; :is(.a, .b1 \u0026gt; .b2) {\u003cbr /\u003e\ncolor: red;\u003cbr /\u003e\n}\u003c/p\u003e\n\u003cp\u003e/* New output (with --supported:nesting=false) */\u003cbr /\u003e\n.parent \u0026gt; .a,\u003cbr /\u003e\n.parent \u0026gt; .b1 \u0026gt; .b2 {\u003cbr /\u003e\ncolor: red;\u003cbr /\u003e\n}\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/tim-we\"\u003e\u003ccode\u003e@​tim-we\u003c/code\u003e\u003c/a\u003e for working on a fix.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ccode\u003e\u0026amp;\u003c/code\u003e CSS nesting selector can be repeated multiple times to increase CSS specificity. Previously esbuild ignored this possibility and incorrectly considered \u003ccode\u003e\u0026amp;\u0026amp;\u003c/code\u003e to have the same specificity as \u003ccode\u003e\u0026amp;\u003c/code\u003e. With this release, this should now work correctly:\u003c/p\u003e\n\u003cpre lang=\"css\"\u003e\u003ccode\u003e/* Original code (color should be red) */\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/evanw/esbuild/blob/main/CHANGELOG-2023.md\"\u003eesbuild's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog: 2023\u003c/h1\u003e\n\u003cp\u003eThis changelog documents all esbuild versions published in the year 2023 (versions 0.16.13 through 0.19.11).\u003c/p\u003e\n\u003ch2\u003e0.19.11\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix TypeScript-specific class transform edge case (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/3559\"\u003e#3559\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThe previous release introduced an optimization that avoided transforming \u003ccode\u003esuper()\u003c/code\u003e in the class constructor for TypeScript code compiled with \u003ccode\u003euseDefineForClassFields\u003c/code\u003e set to \u003ccode\u003efalse\u003c/code\u003e if all class instance fields have no initializers. The rationale was that in this case, all class instance fields are omitted in the output so no changes to the constructor are needed. However, if all of this is the case \u003cem\u003eand\u003c/em\u003e there are \u003ccode\u003e#private\u003c/code\u003e instance fields with initializers, those private instance field initializers were still being moved into the constructor. This was problematic because they were being inserted before the call to \u003ccode\u003esuper()\u003c/code\u003e (since \u003ccode\u003esuper()\u003c/code\u003e is now no longer transformed in that case). This release introduces an additional optimization that avoids moving the private instance field initializers into the constructor in this edge case, which generates smaller code, matches the TypeScript compiler's output more closely, and avoids this bug:\u003c/p\u003e\n\u003cpre lang=\"ts\"\u003e\u003ccode\u003e// Original code\nclass Foo extends Bar {\n  #private = 1;\n  public: any;\n  constructor() {\n    super();\n  }\n}\n\u003cp\u003e// Old output (with esbuild v0.19.9)\u003cbr /\u003e\nclass Foo extends Bar {\u003cbr /\u003e\nconstructor() {\u003cbr /\u003e\nsuper();\u003cbr /\u003e\nthis.#private = 1;\u003cbr /\u003e\n}\u003cbr /\u003e\n#private;\u003cbr /\u003e\n}\u003c/p\u003e\n\u003cp\u003e// Old output (with esbuild v0.19.10)\u003cbr /\u003e\nclass Foo extends Bar {\u003cbr /\u003e\nconstructor() {\u003cbr /\u003e\nthis.#private = 1;\u003cbr /\u003e\nsuper();\u003cbr /\u003e\n}\u003cbr /\u003e\n#private;\u003cbr /\u003e\n}\u003c/p\u003e\n\u003cp\u003e// New output\u003cbr /\u003e\nclass Foo extends Bar {\u003cbr /\u003e\n#private = 1;\u003cbr /\u003e\nconstructor() {\u003cbr /\u003e\nsuper();\u003cbr /\u003e\n}\u003cbr /\u003e\n}\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMinifier: allow reording a primitive past a side-effect (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/3568\"\u003e#3568\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThe minifier previously allowed reordering a side-effect past a primitive, but didn't handle the case of reordering a primitive past a side-effect. This additional case is now handled:\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/e9174d671b1882758cd32ac5e146200f5bee3e45\"\u003e\u003ccode\u003ee9174d6\u003c/code\u003e\u003c/a\u003e publish 0.25.0 to npm\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/c27dbebb9e7a55dd9a084dd151dddd840787490e\"\u003e\u003ccode\u003ec27dbeb\u003c/code\u003e\u003c/a\u003e fix \u003ccode\u003ehosts\u003c/code\u003e in \u003ccode\u003eplugin-tests.js\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/6794f602a453cf0255bcae245871de120a89a559\"\u003e\u003ccode\u003e6794f60\u003c/code\u003e\u003c/a\u003e fix \u003ccode\u003ehosts\u003c/code\u003e in \u003ccode\u003enode-unref-tests.js\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/de85afd65edec9ebc44a11e245fd9e9a2e99760d\"\u003e\u003ccode\u003ede85afd\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/da1de1bf77a65f06654b49878d9ec4747ddaa21f\"\u003e\u003ccode\u003eda1de1b\u003c/code\u003e\u003c/a\u003e fix \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4065\"\u003e#4065\u003c/a\u003e: bitwise operators can return bigints\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/f4e9d19fb20095a98bf40634f0380f6a16be91e7\"\u003e\u003ccode\u003ef4e9d19\u003c/code\u003e\u003c/a\u003e switch case liveness: \u003ccode\u003edefault\u003c/code\u003e is always last\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/7aa47c3e778ea04849f97f18dd9959df88fa0886\"\u003e\u003ccode\u003e7aa47c3\u003c/code\u003e\u003c/a\u003e fix \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4028\"\u003e#4028\u003c/a\u003e: minify live/dead \u003ccode\u003eswitch\u003c/code\u003e cases better\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/22ecd306190b8971ec4474b5485266c20350e266\"\u003e\u003ccode\u003e22ecd30\u003c/code\u003e\u003c/a\u003e minify: more constant folding for strict equality\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/4cdf03c03697128044fa8fb76e5c478e9765b353\"\u003e\u003ccode\u003e4cdf03c\u003c/code\u003e\u003c/a\u003e fix \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4053\"\u003e#4053\u003c/a\u003e: reordering of \u003ccode\u003e.tsx\u003c/code\u003e in \u003ccode\u003enode_modules\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/dc719775b7140120916bd9e6777ca1cb8a1cdc0e\"\u003e\u003ccode\u003edc71977\u003c/code\u003e\u003c/a\u003e fix \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/3692\"\u003e#3692\u003c/a\u003e: \u003ccode\u003e0\u003c/code\u003e now picks a random ephemeral port\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/evanw/esbuild/compare/v0.18.20...v0.25.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jws` from 3.2.2 to 3.2.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/brianloveswords/node-jws/releases\"\u003ejws's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.2.3\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix advisory GHSA-869p-cjfg-cm3x: createSign and createVerify now require\nthat a non empty secret is provided (via opts.secret, opts.privateKey or opts.key)\nwhen using HMAC algorithms.\u003c/li\u003e\n\u003cli\u003eUpgrading JWA version to 1.4.2, addressing a compatibility issue for Node \u0026gt;= 25.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/auth0/node-jws/blob/master/CHANGELOG.md\"\u003ejws's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[3.2.3]\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix advisory GHSA-869p-cjfg-cm3x: createSign and createVerify now require\nthat a non empty secret is provided (via opts.secret, opts.privateKey or opts.key)\nwhen using HMAC algorithms.\u003c/li\u003e\n\u003cli\u003eUpgrading JWA version to 1.4.2, adressing a compatibility issue for Node \u0026gt;= 25.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.0.0]\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eBREAKING\u003c/strong\u003e: \u003ccode\u003ejwt.verify\u003c/code\u003e now requires an \u003ccode\u003ealgorithm\u003c/code\u003e parameter, and\n\u003ccode\u003ejws.createVerify\u003c/code\u003e requires an \u003ccode\u003ealgorithm\u003c/code\u003e option. The \u003ccode\u003e\u0026quot;alg\u0026quot;\u003c/code\u003e field\nsignature headers is ignored. This mitigates a critical security flaw\nin the library which would allow an attacker to generate signatures with\narbitrary contents that would be accepted by \u003ccode\u003ejwt.verify\u003c/code\u003e. See\n\u003ca href=\"https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/\"\u003ehttps://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/\u003c/a\u003e\nfor details.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/brianloveswords/node-jws/compare/v1.0.1...v2.0.0\"\u003e2.0.0\u003c/a\u003e - 2015-01-30\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eBREAKING\u003c/strong\u003e: Default payload encoding changed from \u003ccode\u003ebinary\u003c/code\u003e to\n\u003ccode\u003eutf8\u003c/code\u003e. \u003ccode\u003eutf8\u003c/code\u003e is a is a more sensible default than \u003ccode\u003ebinary\u003c/code\u003e because\nmany payloads, as far as I can tell, will contain user-facing\nstrings that could be in any language. (\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/brianloveswords/node-jws/commit/6b6de48\"\u003e6b6de48\u003c/a\u003e\u003c!-- raw HTML omitted --\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCode reorganization, thanks \u003ca href=\"https://github.com/fearphage\"\u003e\u003ccode\u003e@​fearphage\u003c/code\u003e\u003c/a\u003e! (\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/brianloveswords/node-jws/commit/7880050\"\u003e7880050\u003c/a\u003e\u003c!-- raw HTML omitted --\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eOption in all relevant methods for \u003ccode\u003eencoding\u003c/code\u003e. For those few users\nthat might be depending on a \u003ccode\u003ebinary\u003c/code\u003e encoding of the messages, this\nis for them. (\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/brianloveswords/node-jws/commit/6b6de48\"\u003e6b6de48\u003c/a\u003e\u003c!-- raw HTML omitted --\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/auth0/node-jws/commit/4f6e73f24df42f07d632dec6431ade8eda8d11a6\"\u003e\u003ccode\u003e4f6e73f\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/auth0/node-jws/commit/bd0fea57f35a97b6749a632b19ae5100d6d35729\"\u003e\u003ccode\u003ebd0fea5\u003c/code\u003e\u003c/a\u003e version 3.2.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/auth0/node-jws/commit/7c3b4b411004c206af8901fa3f8e644127bbf8d9\"\u003e\u003ccode\u003e7c3b4b4\u003c/code\u003e\u003c/a\u003e Enhance tests for HMAC streaming sign and verify\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/auth0/node-jws/commit/a9b8ed999de8f8fff486ac9167514577a0fae323\"\u003e\u003ccode\u003ea9b8ed9\u003c/code\u003e\u003c/a\u003e Improve secretOrKey initialization in VerifyStream\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/auth0/node-jws/commit/6707fde62cbae465a7f11e52760fb994dbc0e0dc\"\u003e\u003ccode\u003e6707fde\u003c/code\u003e\u003c/a\u003e Improve secret handling in SignStream\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/brianloveswords/node-jws/compare/v3.2.2...v3.2.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~julien.wollscheid\"\u003ejulien.wollscheid\u003c/a\u003e, a new releaser for jws since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `brace-expansion` from 1.1.11 to 1.1.14\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/juliangruber/brace-expansion/releases\"\u003ebrace-expansion's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.1.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003epkg: publish on tag 1.x  c460dbd\u003c/li\u003e\n\u003cli\u003efmt  ccb8ac6\u003c/li\u003e\n\u003cli\u003eFix potential ReDoS Vulnerability or Inefficient Regular Expression (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/65\"\u003e#65\u003c/a\u003e)  c3c73c8\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v1.1.11...v1.1.12\"\u003ehttps://github.com/juliangruber/brace-expansion/compare/v1.1.11...v1.1.12\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/10c05fcf3699b1a29ef5e611c011af3d3c97e6e3\"\u003e\u003ccode\u003e10c05fc\u003c/code\u003e\u003c/a\u003e 1.1.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/1afa1b22ead12f6a7a02f25bf0f7d64c2439b007\"\u003e\u003ccode\u003e1afa1b2\u003c/code\u003e\u003c/a\u003e Add opt-in { max } mitigation to v1 legacy line (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/2fbb6a2aa0f984bb2fb5f60252ca6cba3e1368ec\"\u003e\u003ccode\u003e2fbb6a2\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/0d7652e3093d3273151729812f9b0b79a17ecba6\"\u003e\u003ccode\u003e0d7652e\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/6c353caf23beb9644f858eb3fe38d43a68b82898\"\u003e\u003ccode\u003e6c353ca\u003c/code\u003e\u003c/a\u003e 1.1.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2\"\u003e\u003ccode\u003e7fd684f\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-f886-m6hf-6m8v (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/95\"\u003e#95\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/44f33b47c5c6a965d507421af43e86cf5971d711\"\u003e\u003ccode\u003e44f33b4\u003c/code\u003e\u003c/a\u003e 1.1.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/c460dbd68e428d147b2080622d8ce126c7a08570\"\u003e\u003ccode\u003ec460dbd\u003c/code\u003e\u003c/a\u003e pkg: publish on tag 1.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/ccb8ac6d4292b7661b677fe048ba6690c877f51f\"\u003e\u003ccode\u003eccb8ac6\u003c/code\u003e\u003c/a\u003e fmt\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/c3c73c8b088defc70851843be88ccc3af08e7217\"\u003e\u003ccode\u003ec3c73c8\u003c/code\u003e\u003c/a\u003e Fix potential ReDoS Vulnerability or Inefficient Regular Expression (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/65\"\u003e#65\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/1.1.11...v1.1.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `flatted` from 3.3.3 to 3.4.2\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/3bf09091c3562e17a0647bc06710dd6097079cf7\"\u003e\u003ccode\u003e3bf0909\u003c/code\u003e\u003c/a\u003e 3.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/885ddcc33cf9657caf38c57c7be45ae1c5272802\"\u003e\u003ccode\u003e885ddcc\u003c/code\u003e\u003c/a\u003e fix CWE-1321\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/0bdba705d130f00892b1b8fcc80cf4cdea0631e3\"\u003e\u003ccode\u003e0bdba70\u003c/code\u003e\u003c/a\u003e added flatted-view to the benchmark\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/2a02dce7c641dec31194c67663f9b0b12e62da20\"\u003e\u003ccode\u003e2a02dce\u003c/code\u003e\u003c/a\u003e 3.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/fba4e8f2e113665da275b19cd0f695f3d98e9416\"\u003e\u003ccode\u003efba4e8f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/WebReflection/flatted/issues/89\"\u003e#89\u003c/a\u003e from WebReflection/python-fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/5fe86485e6df7f7f34a07a2a85498bd3e17384e7\"\u003e\u003ccode\u003e5fe8648\u003c/code\u003e\u003c/a\u003e added \u0026quot;when in Rome\u0026quot; also a test for PHP\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/53517adbefe724fe472b2f9ebcdb01910d0ae3f0\"\u003e\u003ccode\u003e53517ad\u003c/code\u003e\u003c/a\u003e some minor improvement\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/b3e2a0c387bf446435fec45ad7f05299f012346f\"\u003e\u003ccode\u003eb3e2a0c\u003c/code\u003e\u003c/a\u003e Fixing recursion issue in Python too\u003c/li\u003e\n\u003cli...\n\n_Description has been truncated_","html_url":"https://github.com/shaneslo/Microsoft-Teams-Samples/pull/10","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/shaneslo%2FMicrosoft-Teams-Samples/issues/10","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/10/packages"}},{"old_version":"3.2.2","new_version":"3.2.3","update_type":"patch","path":null,"pr_created_at":"2026-05-14T18:11:08.000Z","version_change":"3.2.2 → 3.2.3","issue":{"uuid":"4448199263","node_id":"PR_kwDOE6qmMc7boNQo","number":12,"state":"closed","title":"Bump the npm_and_yarn group across 7 directories with 20 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-15T01:43:31.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-14T18:11:08.000Z","updated_at":"2026-05-15T01:43:33.000Z","time_to_close":27143,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":20,"packages":[{"name":"browserstack-local","old_version":"1.4.0","new_version":"1.5.9","repository_url":"https://github.com/browserstack/browserstack-local-nodejs"},{"name":"express","old_version":"4.17.0","new_version":"4.22.0","repository_url":"https://github.com/expressjs/express"},{"name":"minimatch","old_version":"3.0.4","new_version":"3.1.4","repository_url":"https://github.com/isaacs/minimatch"},{"name":"pnpm","old_version":"5.14.3","new_version":"10.28.2","repository_url":"https://github.com/pnpm/pnpm"},{"name":"tar","old_version":"4.4.10","new_version":"7.5.11","repository_url":"https://github.com/isaacs/node-tar"},{"name":"devalue","old_version":"2.0.1","new_version":"5.6.4","repository_url":"https://github.com/sveltejs/devalue"},{"name":"@babel/plugin-transform-modules-systemjs","old_version":"7.12.1","new_version":"7.29.4","repository_url":"https://github.com/babel/babel"},{"name":"bn.js","old_version":"4.11.9","new_version":"5.2.3","repository_url":"https://github.com/indutny/bn.js"},{"name":"cipher-base","old_version":"1.0.4","new_version":"1.0.7","repository_url":"https://github.com/crypto-browserify/cipher-base"},{"name":"follow-redirects","old_version":"1.9.0","new_version":"1.16.0","repository_url":"https://github.com/follow-redirects/follow-redirects"},{"name":"handlebars","old_version":"4.5.3","new_version":"4.7.9","repository_url":"https://github.com/handlebars-lang/handlebars.js"},{"name":"js-yaml","old_version":"3.13.1","new_version":"3.14.2","repository_url":"https://github.com/nodeca/js-yaml"},{"name":"jws","old_version":"3.2.2","new_version":"3.2.3","repository_url":"https://github.com/brianloveswords/node-jws"},{"name":"picomatch","old_version":"2.2.2","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"rollup","old_version":"2.35.1","new_version":"2.80.0","repository_url":"https://github.com/rollup/rollup"},{"name":"sha.js","old_version":"2.4.11","new_version":"2.4.12","repository_url":"https://github.com/crypto-browserify/sha.js"},{"name":"tar-fs","old_version":"2.0.0","new_version":"2.1.4","repository_url":"https://github.com/mafintosh/tar-fs"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 17 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [browserstack-local](https://github.com/browserstack/browserstack-local-nodejs) | `1.4.0` | `1.5.9` |\n| [express](https://github.com/expressjs/express) | `4.17.0` | `4.22.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.4` |\n| [pnpm](https://github.com/pnpm/pnpm/tree/HEAD/pnpm) | `5.14.3` | `10.28.2` |\n| [tar](https://github.com/isaacs/node-tar) | `4.4.10` | `7.5.11` |\n| [devalue](https://github.com/sveltejs/devalue) | `2.0.1` | `5.6.4` |\n| [@babel/plugin-transform-modules-systemjs](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs) | `7.12.1` | `7.29.4` |\n| [bn.js](https://github.com/indutny/bn.js) | `4.11.9` | `5.2.3` |\n| [cipher-base](https://github.com/crypto-browserify/cipher-base) | `1.0.4` | `1.0.7` |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.9.0` | `1.16.0` |\n| [handlebars](https://github.com/handlebars-lang/handlebars.js) | `4.5.3` | `4.7.9` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.13.1` | `3.14.2` |\n| [jws](https://github.com/brianloveswords/node-jws) | `3.2.2` | `3.2.3` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.2.2` | `2.3.2` |\n| [rollup](https://github.com/rollup/rollup) | `2.35.1` | `2.80.0` |\n| [sha.js](https://github.com/crypto-browserify/sha.js) | `2.4.11` | `2.4.12` |\n| [tar-fs](https://github.com/mafintosh/tar-fs) | `2.0.0` | `2.1.4` |\n\nBumps the npm_and_yarn group with 1 update in the /examples/api-routes-rate-limit directory: [next](https://github.com/vercel/next.js).\nBumps the npm_and_yarn group with 1 update in the /examples/using-preact directory: [next](https://github.com/vercel/next.js).\nBumps the npm_and_yarn group with 1 update in the /examples/with-mongodb-mongoose directory: [mongoose](https://github.com/Automattic/mongoose).\nBumps the npm_and_yarn group with 1 update in the /examples/with-next-translate directory: [next](https://github.com/vercel/next.js).\nBumps the npm_and_yarn group with 1 update in the /examples/with-paste-typescript directory: [next](https://github.com/vercel/next.js).\nBumps the npm_and_yarn group with 1 update in the /examples/with-storybook-styled-jsx-scss directory: [next](https://github.com/vercel/next.js).\n\nUpdates `browserstack-local` from 1.4.0 to 1.5.9\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/browserstack/browserstack-local-nodejs/releases\"\u003ebrowserstack-local's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eChanged local binary paths to support LocalBinary 7.3. Fixed folder argument.\u003c/h2\u003e\n\u003cp\u003eChanged local binary paths to support LocalBinary 7.3.\nFixed folder argument when building browserstack local arguments.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserstack/browserstack-local-nodejs/commit/f11c8ea6af74397e113bee17a170d2a62c8bce08\"\u003e\u003ccode\u003ef11c8ea\u003c/code\u003e\u003c/a\u003e 1.5.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserstack/browserstack-local-nodejs/commit/8c461a517ef8b274e28ae008d15ccc738ce8db83\"\u003e\u003ccode\u003e8c461a5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/browserstack/browserstack-local-nodejs/issues/169\"\u003e#169\u003c/a\u003e from browserstack/LOC-6480\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserstack/browserstack-local-nodejs/commit/ee24820b591123c5ebde347639da4b2f54841e5a\"\u003e\u003ccode\u003eee24820\u003c/code\u003e\u003c/a\u003e use writeFileSync instead of echo to clear the logfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserstack/browserstack-local-nodejs/commit/440aa806810347033b641a09cc24704f115e7448\"\u003e\u003ccode\u003e440aa80\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/browserstack/browserstack-local-nodejs/issues/163\"\u003e#163\u003c/a\u003e from browserstack/release_1.5.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserstack/browserstack-local-nodejs/commit/125b8f1d3b946d23c686d38e60e365d2200992b6\"\u003e\u003ccode\u003e125b8f1\u003c/code\u003e\u003c/a\u003e 1.5.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserstack/browserstack-local-nodejs/commit/3eeca3f1e505032c7cacc691684432c1348006d0\"\u003e\u003ccode\u003e3eeca3f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/browserstack/browserstack-local-nodejs/issues/162\"\u003e#162\u003c/a\u003e from browserstack/download_source_from_specified_host\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserstack/browserstack-local-nodejs/commit/17a583ae8ccddce15d48150b5bb134614913e0bf\"\u003e\u003ccode\u003e17a583a\u003c/code\u003e\u003c/a\u003e refactor into utility methods\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserstack/browserstack-local-nodejs/commit/4c0de9ded45228b163573a8a1293576bbfc2afc3\"\u003e\u003ccode\u003e4c0de9d\u003c/code\u003e\u003c/a\u003e Request download source from specified host\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserstack/browserstack-local-nodejs/commit/3b190ed2033a0ddaa1580d1289ef6fbc72f09842\"\u003e\u003ccode\u003e3b190ed\u003c/code\u003e\u003c/a\u003e 1.5.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserstack/browserstack-local-nodejs/commit/56d7b62e8a1e5b2a4eb121b3ebad0eb1e9ce976f\"\u003e\u003ccode\u003e56d7b62\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/browserstack/browserstack-local-nodejs/issues/161\"\u003e#161\u003c/a\u003e from browserstack/Change_Binary_Download_Distribution\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/browserstack/browserstack-local-nodejs/compare/v1.4.0...v1.5.9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~browserstack-admin\"\u003ebrowserstack-admin\u003c/a\u003e, a new releaser for browserstack-local since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `express` from 4.17.0 to 4.22.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/expressjs/express/releases\"\u003eexpress's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.22.0\u003c/h2\u003e\n\u003ch2\u003eImportant: Security\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity fix for \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2024-51999\"\u003eCVE-2024-51999\u003c/a\u003e (\u003ca href=\"https://github.com/expressjs/express/security/advisories/GHSA-pj86-cfqh-vqx6\"\u003eGHSA-pj86-cfqh-vqx6\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRefactor: improve readability by \u003ca href=\"https://github.com/sazk07\"\u003e\u003ccode\u003e@​sazk07\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6190\"\u003eexpressjs/express#6190\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add support for Node.js@23.0 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6080\"\u003eexpressjs/express#6080\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMethod functions with no path should error by \u003ca href=\"https://github.com/wesleytodd\"\u003e\u003ccode\u003e@​wesleytodd\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/5957\"\u003eexpressjs/express#5957\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: updated github actions ci workflow by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6323\"\u003eexpressjs/express#6323\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: reorder \u003ccode\u003enpm i\u003c/code\u003e steps to fix ci for older node versions by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6336\"\u003eexpressjs/express#6336\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBackport: ci: add node.js 24 to test matrix by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6506\"\u003eexpressjs/express#6506\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(4.x): wider range for query test skip by \u003ca href=\"https://github.com/jonchurch\"\u003e\u003ccode\u003e@​jonchurch\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6513\"\u003eexpressjs/express#6513\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003euse tilde notation for certain dependencies by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6905\"\u003eexpressjs/express#6905\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeps: qs@6.14.0 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6909\"\u003eexpressjs/express#6909\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeps: use tilde notation for \u003ccode\u003eqs\u003c/code\u003e by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6919\"\u003eexpressjs/express#6919\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelease: 4.22.0 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6921\"\u003eexpressjs/express#6921\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/expressjs/express/compare/4.21.2...4.22.0\"\u003ehttps://github.com/expressjs/express/compare/4.21.2...4.22.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e4.21.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd funding field (v4) by \u003ca href=\"https://github.com/bjohansebas\"\u003e\u003ccode\u003e@​bjohansebas\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6065\"\u003eexpressjs/express#6065\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeps: path-to-regexp@0.1.11 by \u003ca href=\"https://github.com/blakeembrey\"\u003e\u003ccode\u003e@​blakeembrey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/5956\"\u003eexpressjs/express#5956\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeps: bump path-to-regexp@0.1.12 by \u003ca href=\"https://github.com/jonchurch\"\u003e\u003ccode\u003e@​jonchurch\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6209\"\u003eexpressjs/express#6209\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelease: 4.21.2 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6094\"\u003eexpressjs/express#6094\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/expressjs/express/compare/4.21.1...4.21.2\"\u003ehttps://github.com/expressjs/express/compare/4.21.1...4.21.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e4.21.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBackport a fix for CVE-2024-47764 to the 4.x branch by \u003ca href=\"https://github.com/joshbuker\"\u003e\u003ccode\u003e@​joshbuker\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6029\"\u003eexpressjs/express#6029\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelease: 4.21.1 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6031\"\u003eexpressjs/express#6031\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/expressjs/express/compare/4.21.0...4.21.1\"\u003ehttps://github.com/expressjs/express/compare/4.21.0...4.21.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e4.21.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate \u003ccode\u003e\u0026quot;back\u0026quot;\u003c/code\u003e magic string in redirects by \u003ca href=\"https://github.com/blakeembrey\"\u003e\u003ccode\u003e@​blakeembrey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/5935\"\u003eexpressjs/express#5935\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efinalhandler@1.3.1 by \u003ca href=\"https://github.com/wesleytodd\"\u003e\u003ccode\u003e@​wesleytodd\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/5954\"\u003eexpressjs/express#5954\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(deps): serve-static@1.16.2 by \u003ca href=\"https://github.com/wesleytodd\"\u003e\u003ccode\u003e@​wesleytodd\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/5951\"\u003eexpressjs/express#5951\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgraded dependency qs to 6.13.0 to match qs in body-parser by \u003ca href=\"https://github.com/agadzinski93\"\u003e\u003ccode\u003e@​agadzinski93\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/5946\"\u003eexpressjs/express#5946\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agadzinski93\"\u003e\u003ccode\u003e@​agadzinski93\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/5946\"\u003eexpressjs/express#5946\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/expressjs/express/blob/4.22.0/History.md\"\u003eexpress's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e4.22.0 / 2025-12-01\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity fix for \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2024-51999\"\u003eCVE-2024-51999\u003c/a\u003e (\u003ca href=\"https://github.com/expressjs/express/security/advisories/GHSA-pj86-cfqh-vqx6\"\u003eGHSA-pj86-cfqh-vqx6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edeps: use tilde notation for dependencies\u003c/li\u003e\n\u003cli\u003edeps: qs@6.14.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e4.21.2 / 2024-11-06\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003edeps: path-to-regexp@0.1.12\n\u003cul\u003e\n\u003cli\u003eFix backtracking protection\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003edeps: path-to-regexp@0.1.11\n\u003cul\u003e\n\u003cli\u003eThrows an error on invalid path values\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e4.21.1 / 2024-10-08\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eBackported a fix for \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2024-47764\"\u003eCVE-2024-47764\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e4.21.0 / 2024-09-11\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate \u003ccode\u003eres.location(\u0026quot;back\u0026quot;)\u003c/code\u003e and \u003ccode\u003eres.redirect(\u0026quot;back\u0026quot;)\u003c/code\u003e magic string\u003c/li\u003e\n\u003cli\u003edeps: serve-static@1.16.2\n\u003cul\u003e\n\u003cli\u003eincludes send@0.19.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003edeps: finalhandler@1.3.1\u003c/li\u003e\n\u003cli\u003edeps: qs@6.13.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e4.20.0 / 2024-09-10\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003edeps: serve-static@0.16.0\n\u003cul\u003e\n\u003cli\u003eRemove link renderization in html while redirecting\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003edeps: send@0.19.0\n\u003cul\u003e\n\u003cli\u003eRemove link renderization in html while redirecting\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003edeps: body-parser@0.6.0\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003edepth\u003c/code\u003e option to customize the depth level in the parser\u003c/li\u003e\n\u003cli\u003eIMPORTANT: The default \u003ccode\u003edepth\u003c/code\u003e level for parsing URL-encoded data is now \u003ccode\u003e32\u003c/code\u003e (previously was \u003ccode\u003eInfinity\u003c/code\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eRemove link renderization in html while using \u003ccode\u003eres.redirect\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003edeps: path-to-regexp@0.1.10\n\u003cul\u003e\n\u003cli\u003eAdds support for named matching groups in the routes using a regex\u003c/li\u003e\n\u003cli\u003eAdds backtracking protection to parameters without regexes defined\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003edeps: encodeurl@~2.0.0\n\u003cul\u003e\n\u003cli\u003eRemoves encoding of \u003ccode\u003e\\\u003c/code\u003e, \u003ccode\u003e|\u003c/code\u003e, and \u003ccode\u003e^\u003c/code\u003e to align better with URL spec\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eDeprecate passing \u003ccode\u003eoptions.maxAge\u003c/code\u003e and \u003ccode\u003eoptions.expires\u003c/code\u003e to \u003ccode\u003eres.clearCookie\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003eWill be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e4.19.2 / 2024-03-25\u003c/h1\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/49744abd1120484fe64d7bde1cd3197c32523b6e\"\u003e\u003ccode\u003e49744ab\u003c/code\u003e\u003c/a\u003e 4.22.0 (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6921\"\u003e#6921\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/6e97452f600a3b01719fbc5517d833c7646b0bb7\"\u003e\u003ccode\u003e6e97452\u003c/code\u003e\u003c/a\u003e sec: security patch for CVE-2024-51999\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/6a23d34d652b9e69a4486d2a2a0dea54b9685fa5\"\u003e\u003ccode\u003e6a23d34\u003c/code\u003e\u003c/a\u003e deps: use tilde notation for \u003ccode\u003eqs\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6919\"\u003e#6919\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/8c12cdf93b89a4628b59179e3cc0722fc517d6b3\"\u003e\u003ccode\u003e8c12cdf\u003c/code\u003e\u003c/a\u003e deps: qs@6.14.0 (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6909\"\u003e#6909\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/7fea74fcf02764580f38f2a7f1932dfa54cddd90\"\u003e\u003ccode\u003e7fea74f\u003c/code\u003e\u003c/a\u003e deps: use tilde notation for certain dependencies (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6905\"\u003e#6905\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/dac7a0475a99e9dfc57b3b8e6d5bdf52813f1944\"\u003e\u003ccode\u003edac7a04\u003c/code\u003e\u003c/a\u003e chore: wider range for query test skip (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6513\"\u003e#6513\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/997919b48879bbd53171c3b4e5dd1b04ad139241\"\u003e\u003ccode\u003e997919b\u003c/code\u003e\u003c/a\u003e ci: add node.js 24 to test matrix (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6506\"\u003e#6506\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/36fb59c6c7d9dfca0b08dfeafb5b6e4a249234a1\"\u003e\u003ccode\u003e36fb59c\u003c/code\u003e\u003c/a\u003e fix(ci): reorder \u003ccode\u003enpm i\u003c/code\u003e steps to fix ci for older node versions (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6336\"\u003e#6336\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/3a5edfaff06f1a2c7079b08d0635108b371eddfd\"\u003e\u003ccode\u003e3a5edfa\u003c/code\u003e\u003c/a\u003e fix(ci): updated github actions ci workflow (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6323\"\u003e#6323\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/52d978119a7af27667cce5d99ac0739dc269d818\"\u003e\u003ccode\u003e52d9781\u003c/code\u003e\u003c/a\u003e fix(test): add test for method routes without paths \u003ca href=\"https://redirect.github.com/expressjs/express/issues/5955\"\u003e#5955\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/expressjs/express/compare/4.17.0...4.22.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~ulisesgascon\"\u003eulisesgascon\u003c/a\u003e, a new releaser for express since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 3.0.4 to 3.1.4\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a2e084af579731af66c221214e3ca8222c9bf23\"\u003e\u003ccode\u003e1a2e084\u003c/code\u003e\u003c/a\u003e 3.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/ae24656237c3d58067442f790ce17eff84463a47\"\u003e\u003ccode\u003eae24656\u003c/code\u003e\u003c/a\u003e update lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/b1003749228b2a79e1f237963a0d559ef7a0941e\"\u003e\u003ccode\u003eb100374\u003c/code\u003e\u003c/a\u003e limit recursion for **, improve perf considerably\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/26ffeaa091b9f660833e23f42e07165b33e85c13\"\u003e\u003ccode\u003e26ffeaa\u003c/code\u003e\u003c/a\u003e lockfile update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/9eca892a4e5dbb20534f9f30483b85cdeee6c2eb\"\u003e\u003ccode\u003e9eca892\u003c/code\u003e\u003c/a\u003e lock node version to 14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/00c323b188b704e5d4bc534ecec2268cfa70a32a\"\u003e\u003ccode\u003e00c323b\u003c/code\u003e\u003c/a\u003e 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/30486b2048929264f44d18822891cfffa02af78b\"\u003e\u003ccode\u003e30486b2\u003c/code\u003e\u003c/a\u003e update CI matrix and actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/9c31b2d4e0af72a6c2d2d62c5dbc2247da669802\"\u003e\u003ccode\u003e9c31b2d\u003c/code\u003e\u003c/a\u003e update test expectations for coalesced consecutive stars\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/46fe687857cf02f6cf45469cc593b97e11b10c96\"\u003e\u003ccode\u003e46fe687\u003c/code\u003e\u003c/a\u003e coalesce consecutive non-globstar * characters\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/5a9ccbda64befc5d94b965534dbea2853c92aebd\"\u003e\u003ccode\u003e5a9ccbd\u003c/code\u003e\u003c/a\u003e [meta] update publishConfig.tag to legacy-v3\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v3.0.4...v3.1.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pnpm` from 5.14.3 to 10.28.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pnpm/pnpm/releases\"\u003epnpm's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003epnpm 10.28.2\u003c/h2\u003e\n\u003ch2\u003ePatch Changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eSecurity fix: prevent path traversal in \u003ccode\u003edirectories.bin\u003c/code\u003e field.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eWhen pnpm installs a \u003ccode\u003efile:\u003c/code\u003e or \u003ccode\u003egit:\u003c/code\u003e dependency, it now validates that symlinks point within the package directory. Symlinks to paths outside the package root are skipped to prevent local data from being leaked into \u003ccode\u003enode_modules\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003eThis fixes a security issue where a malicious package could create symlinks to sensitive files (e.g., \u003ccode\u003e/etc/passwd\u003c/code\u003e, \u003ccode\u003e~/.ssh/id_rsa\u003c/code\u003e) and have their contents copied when the package is installed.\u003c/p\u003e\n\u003cp\u003eNote: This only affects \u003ccode\u003efile:\u003c/code\u003e and \u003ccode\u003egit:\u003c/code\u003e dependencies. Registry packages (npm) have symlinks stripped during publish and are not affected.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed optional dependencies to request full metadata from the registry to get the \u003ccode\u003elibc\u003c/code\u003e field, which is required for proper platform compatibility checks \u003ca href=\"https://redirect.github.com/pnpm/pnpm/issues/9950\"\u003e#9950\u003c/a\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ePlatinum Sponsors\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eGold Sponsors\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pnpm/pnpm/blob/v10.28.2/pnpm/CHANGELOG.md\"\u003epnpm's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e10.28.2\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eSecurity fix: prevent path traversal in \u003ccode\u003edirectories.bin\u003c/code\u003e field.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eWhen pnpm installs a \u003ccode\u003efile:\u003c/code\u003e or \u003ccode\u003egit:\u003c/code\u003e dependency, it now validates that symlinks point within the package directory. Symlinks to paths outside the package root are skipped to prevent local data from being leaked into \u003ccode\u003enode_modules\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003eThis fixes a security issue where a malicious package could create symlinks to sensitive files (e.g., \u003ccode\u003e/etc/passwd\u003c/code\u003e, \u003ccode\u003e~/.ssh/id_rsa\u003c/code\u003e) and have their contents copied when the package is installed.\u003c/p\u003e\n\u003cp\u003eNote: This only affects \u003ccode\u003efile:\u003c/code\u003e and \u003ccode\u003egit:\u003c/code\u003e dependencies. Registry packages (npm) have symlinks stripped during publish and are not affected.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed optional dependencies to request full metadata from the registry to get the \u003ccode\u003elibc\u003c/code\u003e field, which is required for proper platform compatibility checks \u003ca href=\"https://redirect.github.com/pnpm/pnpm/issues/9950\"\u003e#9950\u003c/a\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e10.28.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFixed installation of config dependencies from private registries.\u003c/p\u003e\n\u003cp\u003eAdded support for object type in \u003ccode\u003econfigDependencies\u003c/code\u003e when the tarball URL returned from package metadata differs from the computed URL \u003ca href=\"https://redirect.github.com/pnpm/pnpm/pull/10431\"\u003e#10431\u003c/a\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix path traversal vulnerability in binary fetcher ZIP extraction\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eValidate ZIP entry paths before extraction to prevent writing files outside target directory\u003c/li\u003e\n\u003cli\u003eValidate BinaryResolution.prefix (basename) to prevent directory escape via crafted prefix\u003c/li\u003e\n\u003cli\u003eBoth attack vectors now throw \u003ccode\u003eERR_PNPM_PATH_TRAVERSAL\u003c/code\u003e error\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSupport plain \u003ccode\u003ehttp://\u003c/code\u003e and \u003ccode\u003ehttps://\u003c/code\u003e URLs ending with \u003ccode\u003e.git\u003c/code\u003e as git repository dependencies.\u003c/p\u003e\n\u003cp\u003ePreviously, URLs like \u003ccode\u003ehttps://gitea.example.org/user/repo.git#commit\u003c/code\u003e were not recognized as git repositories because they lacked the \u003ccode\u003egit+\u003c/code\u003e prefix (e.g., \u003ccode\u003egit+https://\u003c/code\u003e). This caused issues when installing dependencies from self-hosted git servers like Gitea or Forgejo that don't provide tarball downloads.\u003c/p\u003e\n\u003cp\u003eChanges:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe git resolver now runs before the tarball resolver, ensuring git URLs are handled by the correct resolver\u003c/li\u003e\n\u003cli\u003eThe git resolver now recognizes plain \u003ccode\u003ehttp://\u003c/code\u003e and \u003ccode\u003ehttps://\u003c/code\u003e URLs ending in \u003ccode\u003e.git\u003c/code\u003e as git repositories\u003c/li\u003e\n\u003cli\u003eRemoved the \u003ccode\u003eisRepository\u003c/code\u003e check from the tarball resolver since it's no longer needed with the new resolver order\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFixes \u003ca href=\"https://github.com/pnpm/pnpm/tree/HEAD/pnpm/issues/10468\"\u003e#10468\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003epnpm run -r\u003c/code\u003e and \u003ccode\u003epnpm run --filter\u003c/code\u003e now fail with a non-zero exit code when no packages have the specified script. Previously, this only failed when all packages were selected. Use \u003ccode\u003e--if-present\u003c/code\u003e to suppress this error \u003ca href=\"https://redirect.github.com/pnpm/pnpm/issues/6844\"\u003e#6844\u003c/a\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a path traversal vulnerability in tarball extraction on Windows. The path normalization was only checking for \u003ccode\u003e./\u003c/code\u003e but not \u003ccode\u003e.\\\u003c/code\u003e. Since backslashes are directory separators on Windows, malicious packages could use paths like \u003ccode\u003efoo\\..\\..\\.npmrc\u003c/code\u003e to write files outside the package directory.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eWhen running \u0026quot;pnpm exec\u0026quot; from a subdirectory of a project, don't change the current working directory to the root of the project \u003ca href=\"https://redirect.github.com/pnpm/pnpm/issues/5759\"\u003e#5759\u003c/a\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a path traversal vulnerability in pnpm's bin linking. Bin names starting with \u003ccode\u003e@\u003c/code\u003e bypassed validation, and after scope normalization, path traversal sequences like \u003ccode\u003e../../\u003c/code\u003e remained intact.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRevert Try to avoid making network calls with preferOffline \u003ca href=\"https://redirect.github.com/pnpm/pnpm/pull/10334\"\u003e#10334\u003c/a\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003e--save-peer\u003c/code\u003e to write valid semver ranges to \u003ccode\u003epeerDependencies\u003c/code\u003e for protocol-based installs (e.g. \u003ccode\u003ejsr:\u003c/code\u003e) by deriving from resolved versions when available and falling back to \u003ccode\u003e*\u003c/code\u003e if none is available \u003ca href=\"https://redirect.github.com/pnpm/pnpm/issues/10417\"\u003e#10417\u003c/a\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDo not exclude the root workspace project, when it is explicitly selected via a filter \u003ca href=\"https://redirect.github.com/pnpm/pnpm/pull/10465\"\u003e#10465\u003c/a\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e10.28.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pnpm/pnpm/commit/89a2c4ec38735945ccc7a208221e696fae655e3f\"\u003e\u003ccode\u003e89a2c4e\u003c/code\u003e\u003c/a\u003e chore(release): 10.28.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pnpm/pnpm/commit/a484cea3f2564a80ce8c3171d433f3d8c3e714ef\"\u003e\u003ccode\u003ea484cea\u003c/code\u003e\u003c/a\u003e fix(npm-resolver): request full metadata for optional dependencies (\u003ca href=\"https://github.com/pnpm/pnpm/tree/HEAD/pnpm/issues/10455\"\u003e#10455\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pnpm/pnpm/commit/c90837083c28949364627d02a47238f17eea25db\"\u003e\u003ccode\u003ec908370\u003c/code\u003e\u003c/a\u003e test: fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pnpm/pnpm/commit/0b5a56aaec74a51d796adc1828c399ad6319c5be\"\u003e\u003ccode\u003e0b5a56a\u003c/code\u003e\u003c/a\u003e chore(release): 10.28.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pnpm/pnpm/commit/916b26b63ce92e3357698aef311c2deaa8a077c8\"\u003e\u003ccode\u003e916b26b\u003c/code\u003e\u003c/a\u003e fix: prevent implicit root exclusion when user filters are provided (\u003ca href=\"https://github.com/pnpm/pnpm/tree/HEAD/pnpm/issues/10465\"\u003e#10465\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pnpm/pnpm/commit/9cbba288fc49a428615db5a5d3ad8a5ef973cc71\"\u003e\u003ccode\u003e9cbba28\u003c/code\u003e\u003c/a\u003e fix(exec): preserve user execution cwd (\u003ca href=\"https://github.com/pnpm/pnpm/tree/HEAD/pnpm/issues/10445\"\u003e#10445\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pnpm/pnpm/commit/91a241e692de524a974460f69c35a309769d3045\"\u003e\u003ccode\u003e91a241e\u003c/code\u003e\u003c/a\u003e chore(release): 10.28.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pnpm/pnpm/commit/a9784fb3df170e16d9627a262cce0255cf3e41ed\"\u003e\u003ccode\u003ea9784fb\u003c/code\u003e\u003c/a\u003e revert: \u0026quot;chore: upgrade qs to 6.14.1 (\u003ca href=\"https://github.com/pnpm/pnpm/tree/HEAD/pnpm/issues/10389\"\u003e#10389\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pnpm/pnpm/commit/787ed46577c0e477f47587d2d968e8350be55f8b\"\u003e\u003ccode\u003e787ed46\u003c/code\u003e\u003c/a\u003e chore: upgrade qs to 6.14.1 (\u003ca href=\"https://github.com/pnpm/pnpm/tree/HEAD/pnpm/issues/10389\"\u003e#10389\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pnpm/pnpm/commit/6bdba72ad31e4d6b79821405e09c6bdcc93894ee\"\u003e\u003ccode\u003e6bdba72\u003c/code\u003e\u003c/a\u003e chore(release): 10.27.0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pnpm/pnpm/commits/v10.28.2/pnpm\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for pnpm since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `tar` from 4.4.10 to 7.5.11\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/isaacs/node-tar/releases\"\u003etar's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.1.13\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/npm/node-tar/compare/v6.1.12...v6.1.13\"\u003e6.1.13\u003c/a\u003e (2022-12-07)\u003c/h2\u003e\n\u003ch3\u003eDependencies\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-tar/commit/cc4e0ddfe523a0bce383846a67442c637a65d486\"\u003e\u003ccode\u003ecc4e0dd\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-tar/pull/343\"\u003e#343\u003c/a\u003e bump minipass from 3.3.6 to 4.0.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.1.12\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/npm/node-tar/compare/v6.1.11...v6.1.12\"\u003e6.1.12\u003c/a\u003e (2022-10-31)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-tar/commit/57493ee66ece50d62114e02914282fc37be3a91a\"\u003e\u003ccode\u003e57493ee\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-tar/pull/332\"\u003e#332\u003c/a\u003e ensuring close event is emited after stream has ended (\u003ca href=\"https://github.com/webark\"\u003e\u003ccode\u003e@​webark\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-tar/commit/b003c64f624332e24e19b30dc011069bb6708680\"\u003e\u003ccode\u003eb003c64\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-tar/pull/314\"\u003e#314\u003c/a\u003e replace deprecated String.prototype.substr() (\u003ca href=\"https://redirect.github.com/isaacs/node-tar/issues/314\"\u003e#314\u003c/a\u003e) (\u003ca href=\"https://github.com/CommanderRoot\"\u003e\u003ccode\u003e@​CommanderRoot\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/lukekarrys\"\u003e\u003ccode\u003e@​lukekarrys\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-tar/commit/f12992932f171ea248b27fad95e7d489a56d31ed\"\u003e\u003ccode\u003ef129929\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-tar/pull/313\"\u003e#313\u003c/a\u003e remove dead link to benchmarks (\u003ca href=\"https://redirect.github.com/isaacs/node-tar/issues/313\"\u003e#313\u003c/a\u003e) (\u003ca href=\"https://github.com/yetzt\"\u003e\u003ccode\u003e@​yetzt\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-tar/commit/c1faa9f44001dfb0bc7638b2850eb6058bd56a4a\"\u003e\u003ccode\u003ec1faa9f\u003c/code\u003e\u003c/a\u003e add examples/explanation of using tar.t (\u003ca href=\"https://github.com/isaacs\"\u003e\u003ccode\u003e@​isaacs\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md\"\u003etar's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003e7.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003ezstd\u003c/code\u003e compression support.\u003c/li\u003e\n\u003cli\u003eConsistent TOCTOU behavior in sync t.list\u003c/li\u003e\n\u003cli\u003eOnly read from ustar block if not specified in Pax\u003c/li\u003e\n\u003cli\u003eFix sync tar.list when file size reduces while reading\u003c/li\u003e\n\u003cli\u003eSanitize absolute linkpaths properly\u003c/li\u003e\n\u003cli\u003ePrevent writing hardlink entries to the archive ahead of their\nfile target\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate \u003ccode\u003eonentry\u003c/code\u003e in favor of \u003ccode\u003eonReadEntry\u003c/code\u003e for clarity.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eonWriteEntry\u003c/code\u003e option\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDRY the command definitions into a single \u003ccode\u003emakeCommand\u003c/code\u003e method,\nand update the type signatures to more appropriately infer the\nreturn type from the options and arguments provided.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate minipass to v7.1.0\u003c/li\u003e\n\u003cli\u003eUpdate the type definitions of \u003ccode\u003ewrite()\u003c/code\u003e and \u003ccode\u003eend()\u003c/code\u003e methods on\n\u003ccode\u003eUnpack\u003c/code\u003e and \u003ccode\u003eParser\u003c/code\u003e classes to be compatible with the\nNodeJS.WritableStream type in the latest versions of\n\u003ccode\u003e@types/node\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for node \u0026lt;18\u003c/li\u003e\n\u003cli\u003eRewrite in TypeScript, provide ESM and CommonJS hybrid\ninterface\u003c/li\u003e\n\u003cli\u003eAdd tree-shake friendly exports, like \u003ccode\u003eimport('tar/create')\u003c/code\u003e\nand \u003ccode\u003eimport('tar/read-entry')\u003c/code\u003e to get individual functions or\nclasses.\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003echmod\u003c/code\u003e option that defaults to false, and deprecate\n\u003ccode\u003enoChmod\u003c/code\u003e. That is, reverse the default option regarding\nexplicitly setting file system modes to match tar entry\nsettings.\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eprocessUmask\u003c/code\u003e option to avoid having to call\n\u003ccode\u003eprocess.umask()\u003c/code\u003e when \u003ccode\u003echmod: true\u003c/code\u003e (or \u003ccode\u003enoChmod: false\u003c/code\u003e) is\nset.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/bf776f673164215074b62749e0fe80e5834588f4\"\u003e\u003ccode\u003ebf776f6\u003c/code\u003e\u003c/a\u003e 7.5.11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/f48b5fa3b7985ddab96dc0f2125a4ffc9911b6ad\"\u003e\u003ccode\u003ef48b5fa\u003c/code\u003e\u003c/a\u003e prevent escaping symlinks with drive-relative paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/97cff15d3539a37a4095eb3d287147d9d77c2dc3\"\u003e\u003ccode\u003e97cff15\u003c/code\u003e\u003c/a\u003e docs: more security info\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/2b72abc1d47c3570e1ad95c9ab557fc4c2e6e4b1\"\u003e\u003ccode\u003e2b72abc\u003c/code\u003e\u003c/a\u003e 7.5.10\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/7bc755dd85e623c0279e08eb3784909e6d7e4b9f\"\u003e\u003ccode\u003e7bc755d\u003c/code\u003e\u003c/a\u003e parse root off paths before sanitizing .. parts\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/c8cb84629dee649feedde03f2f4ea48f2e44e778\"\u003e\u003ccode\u003ec8cb846\u003c/code\u003e\u003c/a\u003e update deps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/1f0c2c9006b10199cf2686f8ef43e79a1773e1aa\"\u003e\u003ccode\u003e1f0c2c9\u003c/code\u003e\u003c/a\u003e 7.5.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/fbb08518bf290733b68ca4d4135f75becf73fd75\"\u003e\u003ccode\u003efbb0851\u003c/code\u003e\u003c/a\u003e build minified version as default export\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/6b8eba0ef367ac937e703238daa6df94ae6f823f\"\u003e\u003ccode\u003e6b8eba0\u003c/code\u003e\u003c/a\u003e 7.5.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/2cb1120bcefe28d7ecc719b41441ade59c52e384\"\u003e\u003ccode\u003e2cb1120\u003c/code\u003e\u003c/a\u003e fix(unpack): improve UnpackSync symlink error \u0026quot;into\u0026quot; path accuracy\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/node-tar/compare/v4.4.10...v7.5.11\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~isaacs\"\u003eisaacs\u003c/a\u003e, a new releaser for tar since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `devalue` from 2.0.1 to 5.6.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sveltejs/devalue/releases\"\u003edevalue's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.6.4\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e87c1f3c: fix: reject \u003ccode\u003e__proto__\u003c/code\u003e keys in malformed \u003ccode\u003eObject\u003c/code\u003e wrapper payloads\u003c/p\u003e\n\u003cp\u003eThis validates the \u003ccode\u003e\u0026quot;Object\u0026quot;\u003c/code\u003e parse path and throws when the wrapped value has an own \u003ccode\u003e__proto__\u003c/code\u003e key.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e40f1db1: fix: ensure sparse array indices are integers\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e87c1f3c: fix: disallow \u003ccode\u003e__proto__\u003c/code\u003e keys in null-prototype object parsing\u003c/p\u003e\n\u003cp\u003eThis disallows \u003ccode\u003e__proto__\u003c/code\u003e keys in the \u003ccode\u003e\u0026quot;null\u0026quot;\u003c/code\u003e parse path so null-prototype object hydration cannot carry that key through parse/unflatten.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.6.3\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e0f04d4d: fix: Properly handle \u003ccode\u003e__proto__\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e819f1ac: fix: better encoding for sparse arrays\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.6.2\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e1175584: fix: validate input for \u003ccode\u003eArrayBuffer\u003c/code\u003e parsing\u003c/li\u003e\n\u003cli\u003ee46afa6: fix: validate input for typed arrays\u003c/li\u003e\n\u003cli\u003e1175584: fix: more helpful errors for inputs causing stack overflows\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.6.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e2161d44: fix: add hasOwn check before calling reviver\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.6.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ea3d09d4: feat: expose \u003ccode\u003eDevalueError\u003c/code\u003e for \u003ccode\u003einstanceof\u003c/code\u003e checks in \u003ccode\u003ecatch\u003c/code\u003e clauses\u003c/li\u003e\n\u003cli\u003ea3d09d4: feat: add \u003ccode\u003evalue\u003c/code\u003e and \u003ccode\u003eroot\u003c/code\u003e properties in \u003ccode\u003eDevalueError\u003c/code\u003e instances\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.5.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e828fa1c: Enable support for custom reducer/reviver for \u0026quot;function\u0026quot; values\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.4.2\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e5c26c0d: fix: allow custom revivers to revive things serialized by builtin reducers\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.4.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sveltejs/devalue/blob/main/CHANGELOG.md\"\u003edevalue's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.6.4\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e87c1f3c: fix: reject \u003ccode\u003e__proto__\u003c/code\u003e keys in malformed \u003ccode\u003eObject\u003c/code\u003e wrapper payloads\u003c/p\u003e\n\u003cp\u003eThis validates the \u003ccode\u003e\u0026quot;Object\u0026quot;\u003c/code\u003e parse path and throws when the wrapped value has an own \u003ccode\u003e__proto__\u003c/code\u003e key.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e40f1db1: fix: ensure sparse array indices are integers\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e87c1f3c: fix: disallow \u003ccode\u003e__proto__\u003c/code\u003e keys in null-prototype object parsing\u003c/p\u003e\n\u003cp\u003eThis disallows \u003ccode\u003e__proto__\u003c/code\u003e keys in the \u003ccode\u003e\u0026quot;null\u0026quot;\u003c/code\u003e parse path so null-prototype object hydration cannot carry that key through parse/unflatten.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.6.3\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e0f04d4d: fix: Properly handle \u003ccode\u003e__proto__\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e819f1ac: fix: better encoding for sparse arrays\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.6.2\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e1175584: fix: validate input for \u003ccode\u003eArrayBuffer\u003c/code\u003e parsing\u003c/li\u003e\n\u003cli\u003ee46afa6: fix: validate input for typed arrays\u003c/li\u003e\n\u003cli\u003e1175584: fix: more helpful errors for inputs causing stack overflows\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.6.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e2161d44: fix: add hasOwn check before calling reviver\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.6.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ea3d09d4: feat: expose \u003ccode\u003eDevalueError\u003c/code\u003e for \u003ccode\u003einstanceof\u003c/code\u003e checks in \u003ccode\u003ecatch\u003c/code\u003e clauses\u003c/li\u003e\n\u003cli\u003ea3d09d4: feat: add \u003ccode\u003evalue\u003c/code\u003e and \u003ccode\u003eroot\u003c/code\u003e properties in \u003ccode\u003eDevalueError\u003c/code\u003e instances\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.5.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e828fa1c: Enable support for custom reducer/reviver for \u0026quot;function\u0026quot; values\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.4.2\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/devalue/commit/6cbb3f51258e01d7769e2b3d77b6ce9ed060804b\"\u003e\u003ccode\u003e6cbb3f5\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://redirect.github.com/sveltejs/devalue/issues/133\"\u003e#133\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/devalue/commit/40f1db13afdd65c8e2ebd02f684276c273ef81b0\"\u003e\u003ccode\u003e40f1db1\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/devalue/commit/87c1f3ce3759765a061cfe34843ecc4b0711ba8d\"\u003e\u003ccode\u003e87c1f3c\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/devalue/commit/a4a37d208a4d1bdd0d58c82e5644c87cab855259\"\u003e\u003ccode\u003ea4a37d2\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://redirect.github.com/sveltejs/devalue/issues/132\"\u003e#132\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/devalue/commit/819f1ac7475ab37547645cfb09bf2f678a799cf0\"\u003e\u003ccode\u003e819f1ac\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/devalue/commit/0f04d4d678eac39ad5d7a07d1956275d7874e81c\"\u003e\u003ccode\u003e0f04d4d\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/devalue/commit/fcf4e88275f2e2e45b9ea70ffaa5247c8f55f057\"\u003e\u003ccode\u003efcf4e88\u003c/code\u003e\u003c/a\u003e fix tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/devalue/commit/1d8a5ea5863bcd9992755ce5a3842265753cb4ab\"\u003e\u003ccode\u003e1d8a5ea\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://redirect.github.com/sveltejs/devalue/issues/131\"\u003e#131\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/devalue/commit/11755849fa0634ae294a15ec0aef2f43efcad7c4\"\u003e\u003ccode\u003e1175584\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/devalue/commit/e46afa64dd2b25aa35fb905ba5d20cea63aabbf7\"\u003e\u003ccode\u003ee46afa6\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sveltejs/devalue/compare/v2.0.1...v5.6.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for devalue since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@babel/plugin-transform-modules-systemjs` from 7.12.1 to 7.29.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/babel/babel/releases\"\u003e@​babel/plugin-transform-modules-systemjs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.29.4 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-plugin-transform-modules-systemjs\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17974\"\u003e#17974\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 1\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.3 (2026-04-30)\u003c/h2\u003e\n\u003ch4\u003e:eyeglasses: Spec Compliance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17923\"\u003e#17923\u003c/a\u003e Support flow extends bound (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helper-create-class-features-plugin\u003c/code\u003e, \u003ccode\u003ebabel-plugin-proposal-decorators\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17931\"\u003e#17931\u003c/a\u003e fix(decorators): replace super within all removed static elements (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-register\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17915\"\u003e#17915\u003c/a\u003e Fix thread synchronization issues in \u003ccode\u003e@babel/register\u003c/code\u003e (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-compat-data\u003c/code\u003e, \u003ccode\u003ebabel-plugin-bugfix-safari-rest-destructuring-rhs-array\u003c/code\u003e, \u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17788\"\u003e#17788\u003c/a\u003e Add bugfix plugin for Safari array rest destructuring bug (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:nail_care: Polish\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17782\"\u003e#17782\u003c/a\u003e Improve trailing comma comment handling (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:memo: Documentation\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17847\"\u003e#17847\u003c/a\u003e Replace npmjs.com links with npmx.dev (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:running_woman: Performance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helper-import-to-platform-api\u003c/code\u003e, \u003ccode\u003ebabel-plugin-proposal-import-wasm-source\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-json-modules\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17818\"\u003e#17818\u003c/a\u003e Load async Wasm and JSON imports in parallel (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 4\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eBabel Bot (\u003ca href=\"https://github.com/babel-bot\"\u003e\u003ccode\u003e@​babel-bot\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNicolò Ribaudo (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.2 (2026-03-16)\u003c/h2\u003e\n\u003ch4\u003e:eyeglasses: Spec Compliance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17840\"\u003e#17840\u003c/a\u003e [7.x backport] async x =\u0026gt; {} must be in leading pos (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helpers\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-async-generator-functions\u003c/code\u003e, \u003ccode\u003ebabel-preset-env\u003c/code\u003e, \u003ccode\u003ebabel-runtime-corejs3\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17805\"\u003e#17805\u003c/a\u003e [7.x backport] fix: Properly handle await in finally (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-preset-env\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/a458f66074b97d54773db8159af673d23b26079b\"\u003e\u003ccode\u003ea458f66\u003c/code\u003e\u003c/a\u003e v7.29.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/32ebd5aaf2526ddd176fd6a3d1e3dc594abdc8d9\"\u003e\u003ccode\u003e32ebd5a\u003c/code\u003e\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17974\"\u003e#17974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/aa8394e454337d118ac3d40bfa3ee1a3cb3f3ed2\"\u003e\u003ccode\u003eaa8394e\u003c/code\u003e\u003c/a\u003e v7.29.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/0053db620c05acf0036f593b5aaf4e372daa79d0\"\u003e\u003ccode\u003e0053db6\u003c/code\u003e\u003c/a\u003e Update polyfill packages (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17727\"\u003e#17727\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/61647ae2397c82c3c71f077b5ab109106a5cac0f\"\u003e\u003ccode\u003e61647ae\u003c/code\u003e\u003c/a\u003e v7.28.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/a177d551adba99773f4ff00ea9bf46550def6132\"\u003e\u003ccode\u003ea177d55\u003c/code\u003e\u003c/a\u003e [Babel 8] Use \u003ccode\u003et.traverseFast\u003c/code\u003e to replace some \u003ccode\u003epath.traverse\u003c/code\u003e (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17518\"\u003e#17518\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/eebd3a06021c13d335b5b0bd79734df3abbea678\"\u003e\u003ccode\u003eeebd3a0\u003c/code\u003e\u003c/a\u003e v7.27.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/317e332e650bc04907bc787ab79f930288a3e71e\"\u003e\u003ccode\u003e317e332\u003c/code\u003e\u003c/a\u003e Enforce node protocol import (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17207\"\u003e#17207\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/fdc0fb59e119ee0b38bced63867a344a5b4bc2f3\"\u003e\u003ccode\u003efdc0fb5\u003c/code\u003e\u003c/a\u003e [Babel 8] Bump nodejs requirements to \u003ccode\u003e^20.19.0 || \u0026gt;= 22.12.0\u003c/code\u003e (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17204\"\u003e#17204\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/cd24cc07ef6558b7f6510f9177f6393c91b0549f\"\u003e\u003ccode\u003ecd24cc0\u003c/code\u003e\u003c/a\u003e chore: Update TS 5.7 (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17053\"\u003e#17053\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/babel/babel/commits/v7.29.4/packages/babel-plugin-transform-modules-systemjs\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for \u003ccode\u003e@​babel/plugin-transform-modules-systemjs\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `bn.js` from 4.11.9 to 5.2.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/indutny/bn.js/releases\"\u003ebn.js's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: serious issue in \u003ccode\u003e.toString(16)\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/295\"\u003e#295\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: Buffer not using global in browser (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/260\"\u003e#260\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix: LE constructor for HEX (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/265\"\u003e#265\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.1.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for defined but not implemented Symbol.for (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/252\"\u003e#252\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.1.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix BN v5/v4 interoperability issue (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/249\"\u003e#249\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.1.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eTemporary workaround for BN#_move (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/236\"\u003e#236\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd eslintrc instead config in package.json (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/237\"\u003e#237\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.1.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBenchmark for BigInt (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/226\"\u003e#226\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd documentation for max/min (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/232\"\u003e#232\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate BN#inspect for Symbols (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/225\"\u003e#225\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove performance of toArrayLike (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/222\"\u003e#222\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etemporary disable jumboMulTo in BN#mulTo (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/221\"\u003e#221\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eoptimize toBitArray function (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/212\"\u003e#212\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix iaddn sign issue (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/216\"\u003e#216\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003etravis: update node versions (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/205\"\u003e#205\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRefactor buffer constructor (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/200\"\u003e#200\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003elib: fix for negative numbers: imuln, modrn, idivn (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/185\"\u003e#185\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebn: fix Red#imod (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/178\"\u003e#178\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echeck unexpected high bits for invalid characters (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/173\"\u003e#173\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edocument support very large integers (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/158\"\u003e#158\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eonly define toBuffer if Buffer is defined (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/172\"\u003e#172\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003elib: better validation of string input (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/151\"\u003e#151\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etests: reject decimal input in constructor (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/91\"\u003e#91\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebn: make .strip() an internal method (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/105\"\u003e#105\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003elib: deprecate \u003ccode\u003e.modn()\u003c/code\u003e introduce \u003ccode\u003e.modrn()\u003c/code\u003e  (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/112\"\u003e#112\u003c/a\u003e \u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/129\"\u003e#129\u003c/a\u003e \u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/130\"\u003e#130\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebn: don't accept invalid characters (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/141\"\u003e#141\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003epackage: use \u003ccode\u003efiles\u003c/code\u003e insteadof \u003ccode\u003e.npmignore\u003c/code\u003e  (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/152\"\u003e#152\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebn: improve allocation speed for buffers (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/167\"\u003e#167\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etoJSON to default to interoperable hex (length % 2) (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/164\"\u003e#164\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/indutny/bn.js/blob/master/CHANGELOG.md\"\u003ebn.js's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.2.3 / 2026-02-19\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: imaskn state (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/317\"\u003e#317\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.2 / 2025-04-25\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: imuln/muln with zero (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/313\"\u003e#313\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.1 / 2022-02-23\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: serious issue in \u003ccode\u003e.toString(16)\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/295\"\u003e#295\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.0 / 2021-02-23\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: Buffer not using global in browser (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/260\"\u003e#260\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix LE constructor for HEX (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/265\"\u003e#265\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.1.3 / 2020-08-14\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for defined but not implemented Symbol.for (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/252\"\u003e#252\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.1.2 / 2020-05-20\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix BN v5/v4 interoperability issue (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/249\"\u003e#249\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.1.1 / 2019-12-24\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eTemporary workaround for BN#_move (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/236\"\u003e#236\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd eslintrc instead config in package.json (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/237\"\u003e#237\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.1.0 / 2019-12-23\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBenchmark for BigInt (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/226\"\u003e#226\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd documentation for max/min (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/232\"\u003e#232\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate BN#inspect for Symbols (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/225\"\u003e#225\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove performance of toArrayLike (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/222\"\u003e#222\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etemporary disable jumboMulTo in BN#mulTo (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/221\"\u003e#221\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eoptimize toBitArray function (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/212\"\u003e#212\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix iaddn sign issue (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/216\"\u003e#216\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.0.0 / 2019-07-04\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/ea6c072a951493ca99e5cd5f8da3851b90116271\"\u003e\u003ccode\u003eea6c072\u003c/code\u003e\u003c/a\u003e 5.2.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/33df26b5771e824f303a79ec6407409376baa64b\"\u003e\u003ccode\u003e33df26b\u003c/code\u003e\u003c/a\u003e fix imaskn state (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/317\"\u003e#317\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/6db7c3818569423b94ebcf2bdff90fcfb9c47f6d\"\u003e\u003ccode\u003e6db7c38\u003c/code\u003e\u003c/a\u003e 5.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/c7e1a532566c83fd0297ff7669c227b824928bf4\"\u003e\u003ccode\u003ec7e1a53\u003c/code\u003e\u003c/a\u003e Fix imuln/muln with zero (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/313\"\u003e#313\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/4cc0bfa5195d54876a6b807827e582522c813019\"\u003e\u003ccode\u003e4cc0bfa\u003c/code\u003e\u003c/a\u003e docs: mention the max plain JS number argument value (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/307\"\u003e#307\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/5df40f81ea8afb835b909bb7c21e0833cdeb6a30\"\u003e\u003ccode\u003e5df40f8\u003c/code\u003e\u003c/a\u003e Document \u003ccode\u003elength\u003c/code\u003e unit in \u003ccode\u003etoBuffer(...)\u003c/code\u003e input (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/299\"\u003e#299\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/7078ea85082f2d14e6b315debec76b472b1d55fa\"\u003e\u003ccode\u003e7078ea8\u003c/code\u003e\u003c/a\u003e 5.2.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/042ab62e70418c15f189b45460709a51faf303cc\"\u003e\u003ccode\u003e042ab62\u003c/code\u003e\u003c/a\u003e Fix serious issue in \u003ccode\u003e.toString(16)\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/295\"\u003e#295\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/db57519421f0c47c9f68c05fa6fc12273dcca2c2\"\u003e\u003ccode\u003edb57519\u003c/code\u003e\u003c/a\u003e Fix a few typos in readme (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/285\"\u003e#285\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/4187ca213e91b41acf72be046072f2dc1f06d0de\"\u003e\u003ccode\u003e4187ca2\u003c/code\u003e\u003c/a\u003e readme: add Scout APM to new Sponsors section\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/indutny/bn.js/compare/v4.11.9...v5.2.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cipher-base` from 1.0.4 to 1.0.7\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/browserify/cipher-base/blob/master/CHANGELOG.md\"\u003ecipher-base's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/browserify/cipher-base/compare/v1.0.6...v1.0.7\"\u003ev1.0.7\u003c/a\u003e - 2025-09-24\u003c/h2\u003e\n\u003ch3\u003eCommits\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Refactor] use \u003ccode\u003eto-buffer\u003c/code\u003e \u003ca href=\"https://github.com/browserify/cipher-base/commit/fd1e5eeafccbc8eaa827ee6b9b60c14608aa784f\"\u003e\u003ccode\u003efd1e5ee\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e \u003ca href=\"https://github.com/browserify/cipher-base/commit/08ba8034223a53d300b7dccf33d8f14e52379a34\"\u003e\u003ccode\u003e08ba803\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/browserify/cipher-base/compare/v1.0.5...v1.0.6\"\u003ev1.0.6\u003c/a\u003e - 2024-11-26\u003c/h2\u003e\n\u003ch3\u003eCommits\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] io.js 3.0 - Node.js 5.3 typed array support \u003ca href=\"https://github.com/browserify/cipher-base/commit/b7ddd2ac24e65cc47befc1e0eb5026422f8ab037\"\u003e\u003ccode\u003eb7ddd2a\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/browserify/cipher-base/compare/v1.0.4...v1.0.5\"\u003ev1.0.5\u003c/a\u003e - 2024-11-17\u003c/h2\u003e\n\u003ch3\u003eCommits\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Tests] standard -\u0026gt; eslint, make test dir, etc \u003ca href=\"https://github.com/browserify/cipher-base/commit/ae02fd6624c41ac4ac18077be797111d1955bc76\"\u003e\u003ccode\u003eae02fd6\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] migrate from travis to GHA \u003ca href=\"https://github.com/browserify/cipher-base/commit/66387d71461287ad9067bb1bcbfdc47403a33ee7\"\u003e\u003ccode\u003e66387d7\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] fix package.json indentation \u003ca href=\"https://github.com/browserify/cipher-base/commit/5c02918ac58c875ed36913c2dc3e1043f4d1c99c\"\u003e\u003ccode\u003e5c02918\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] return valid values on multi-byte-wide TypedArray input \u003ca href=\"https://github.com/browserify/cipher-base/commit/8fd136432ca298a664f5637629cf2b42a6c7f294\"\u003e\u003ccode\u003e8fd1364\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] add \u003ccode\u003eauto-changelog\u003c/code\u003e \u003ca href=\"https://github.com/browserify/cipher-base/commit/88dc806806d3dc41444dbf639c87c00f82c949b3\"\u003e\u003ccode\u003e88dc806\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] add \u003ccode\u003enpmignore\u003c/code\u003e and \u003ccode\u003esafe-publish-latest\u003c/code\u003e \u003ca href=\"https://github.com/browserify/cipher-base/commit/7a137d749ce7ea7ea56b9c096844b1b8ab723f61\"\u003e\u003ccode\u003e7a137d7\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eOnly apps should have lockfiles \u003ca href=\"https://github.com/browserify/cipher-base/commit/42528f291db16bf2e7d5f831ebe2ad87fd0b1f42\"\u003e\u003ccode\u003e42528f2\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003einherits\u003c/code\u003e, \u003ccode\u003esafe-buffer\u003c/code\u003e \u003ca href=\"https://github.com/browserify/cipher-base/commit/0e7a2d9a33a391e82fa9cf512d6e25cc91ab8613\"\u003e\u003ccode\u003e0e7a2d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] add missing \u003ccode\u003eengines.node\u003c/code\u003e \u003ca href=\"https://github.com/browserify/cipher-base/commit/f2dc13e47bbcf3c873db9a9e0f83e5f29d0783fe\"\u003e\u003ccode\u003ef2dc13e\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/00567180c846dd3db3848c9223991c58a0d5490c\"\u003e\u003ccode\u003e0056718\u003c/code\u003e\u003c/a\u003e v1.0.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/fd1e5eeafccbc8eaa827ee6b9b60c14608aa784f\"\u003e\u003ccode\u003efd1e5ee\u003c/code\u003e\u003c/a\u003e [Refactor] use \u003ccode\u003eto-buffer\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/08ba8034223a53d300b7dccf33d8f14e52379a34\"\u003e\u003ccode\u003e08ba803\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/f5249f94611506ef35a8be4d48a3fc5ecf1fac63\"\u003e\u003ccode\u003ef5249f9\u003c/code\u003e\u003c/a\u003e v1.0.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/b7ddd2ac24e65cc47befc1e0eb5026422f8ab037\"\u003e\u003ccode\u003eb7ddd2a\u003c/code\u003e\u003c/a\u003e [Fix] io.js 3.0 - Node.js 5.3 typed array support\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/f03cebfdad1cba1d56614c58affa303b0fa2a43e\"\u003e\u003ccode\u003ef03cebf\u003c/code\u003e\u003c/a\u003e v1.0.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/88dc806806d3dc41444dbf639c87c00f82c949b3\"\u003e\u003ccode\u003e88dc806\u003c/code\u003e\u003c/a\u003e [meta] add \u003ccode\u003eauto-changelog\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/7a137d749ce7ea7ea56b9c096844b1b8ab723f61\"\u003e\u003ccode\u003e7a137d7\u003c/code\u003e\u003c/a\u003e [meta] add \u003ccode\u003enpmignore\u003c/code\u003e and \u003ccode\u003esafe-publish-latest\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/5c02918ac58c875ed36913c2dc3e1043f4d1c99c\"\u003e\u003ccode\u003e5c02918\u003c/code\u003e\u003c/a\u003e [meta] fix package.json indentation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/8fd136432ca298a664f5637629cf2b42a6c7f294\"\u003e\u003ccode\u003e8fd1364\u003c/code\u003e\u003c/a\u003e [Fix] return valid values on multi-byte-wide TypedArray input\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/crypto-browserify/cipher-base/compare/v1.0.4...v1.0.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~ljharb\"\u003eljharb\u003c/a\u003e, a new releaser for cipher-base since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepublish\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `follow-redirects` from 1.9.0 to 1.16.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/0c23a223067201c368035e82954c11eb2578a33b\"\u003e\u003ccode\u003e0c23a22\u003c/code\u003e\u003c/a\u003e Release version 1.16.0 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/844c4d302ac963d29bdb5dc1754ec7df3d70d7f9\"\u003e\u003ccode\u003e844c4d3\u003c/code\u003e\u003c/a\u003e Add sensitiveHeaders option.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5e8b8d024e2c76f804a284258e585ecb49a575be\"\u003e\u003ccode\u003e5e8b8d0\u003c/code\u003e\u003c/a\u003e ci: add Node.js 24.x to the CI matrix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7953e2255aa0b93602eed3804f3bc5e6923a03af\"\u003e\u003ccode\u003e7953e22\u003c/code\u003e\u003c/a\u003e ci: upgrade GitHub Actions to use setup-node@v6 and checkout@v6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/86dc1f86e4b56bcd642c78384d51f10f123aea75\"\u003e\u003ccode\u003e86dc1f8\u003c/code\u003e\u003c/a\u003e Sanitizing input.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/21ef28a544c5e57f4c34b8476d75f2144609a1eb\"\u003e\u003ccode\u003e21ef28a\u003c/code\u003e\u003c/a\u003e Release version 1.15.11 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7c88135da3bd0681a7e156ee66b16b2f6f98b480\"\u003e\u003ccode\u003e7c88135\u003c/code\u003e\u003c/a\u003e Roll back tree shaking.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/6e389ba094beec211a8847788a146917a16c1bdb\"\u003e\u003ccode\u003e6e389ba\u003c/code\u003e\u003c/a\u003e Release version 1.15.10 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5bc496e0229abda823221e0c6267926a3f93f262\"\u003e\u003ccode\u003e5bc496e\u003c/code\u003e\u003c/a\u003e Shake me up before you go-go.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/694d6b47a42bc8377e5ef1480394de451e16bd5b\"\u003e\u003ccode\u003e694d6b4\u003c/code\u003e\u003c/a\u003e Bump minimist from 1.2.5 to 1.2.8\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/follow-redirects/follow-redirects/compare/v1.9.0...v1.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `handlebars` from 4.5.3 to 4.7.9\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/handlebars-lang/handlebars.js/releases\"\u003ehandlebars's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.7.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: enable shell mode for spawn to resolve Windows EINVAL issue - e0137c2\u003c/li\u003e\n\u003cli\u003efix type \u0026quot;RuntimeOptions\u0026quot; also accepting string partials - eab1d14\u003c/li\u003e\n\u003cli\u003efeat(types): set \u003ccode\u003ehash\u003c/code\u003e to be a \u003ccode\u003eRecord\u0026lt;string, any\u0026gt;\u003c/code\u003e - de4414d\u003c/li\u003e\n\u003cli\u003efix non-contiguous program indices - 4512766\u003c/li\u003e\n\u003cli\u003erefactor: rename i to startPartIndex - e497a35\u003c/li\u003e\n\u003cli\u003esecurity: fix security issues - 68d8df5\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2w6w-674q-4c4q\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2w6w-674q-4c4q\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-3mfm-83xf-c92r\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-3mfm-83xf-c92r\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xhpv-hc6g-r9c6\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xhpv-hc6g-r9c6\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xjpj-3mr7-gcpf\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xjpj-3mr7-gcpf\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-9cx6-37pm-9jff\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-9cx6-37pm-9jff\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2qvq-rjwj-gvw9\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2qvq-rjwj-gvw9\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-7rx3-28cr-v5wh\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-7rx3-28cr-v5wh\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-442j-39wm-28r2\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-442j-39wm-28r2\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.8...v4.7.9\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.7.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMake library compatible with workers (\u003ca href=\"https://redirect.gi...\n\n_Description has been truncated_","html_url":"https://github.com/Surfndez/next.js/pull/12","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Surfndez%2Fnext.js/issues/12","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/12/packages"}},{"old_version":"3.2.2","new_version":"3.2.3","update_type":"patch","path":null,"pr_created_at":"2026-05-14T17:14:13.000Z","version_change":"3.2.2 → 3.2.3","issue":{"uuid":"4447841666","node_id":"PR_kwDOGn7O-c7bnFib","number":12,"state":"closed","title":"Bump the npm_and_yarn group across 9 directories with 20 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-14T17:50:34.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-14T17:14:13.000Z","updated_at":"2026-05-14T17:50:36.000Z","time_to_close":2181,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":20,"packages":[{"name":"express","old_version":"4.17.0","new_version":"4.22.0","repository_url":"https://github.com/expressjs/express"},{"name":"minimatch","old_version":"3.0.4","new_version":"3.1.4","repository_url":"https://github.com/isaacs/minimatch"},{"name":"tar","old_version":"4.4.10","new_version":"7.5.11","repository_url":"https://github.com/isaacs/node-tar"},{"name":"devalue","old_version":"2.0.1","new_version":"5.6.4","repository_url":"https://github.com/sveltejs/devalue"},{"name":"@babel/plugin-transform-modules-systemjs","old_version":"7.12.1","new_version":"7.29.4","repository_url":"https://github.com/babel/babel"},{"name":"bn.js","old_version":"4.11.9","new_version":"5.2.3","repository_url":"https://github.com/indutny/bn.js"},{"name":"cipher-base","old_version":"1.0.4","new_version":"1.0.7","repository_url":"https://github.com/crypto-browserify/cipher-base"},{"name":"flatted","old_version":"3.1.1","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"follow-redirects","old_version":"1.9.0","new_version":"1.16.0","repository_url":"https://github.com/follow-redirects/follow-redirects"},{"name":"handlebars","old_version":"4.7.6","new_version":"4.7.9","repository_url":"https://github.com/handlebars-lang/handlebars.js"},{"name":"js-yaml","old_version":"3.13.1","new_version":"3.14.2","repository_url":"https://github.com/nodeca/js-yaml"},{"name":"jws","old_version":"3.2.2","new_version":"3.2.3","repository_url":"https://github.com/brianloveswords/node-jws"},{"name":"pbkdf2","old_version":"3.1.1","new_version":"3.1.5","repository_url":"https://github.com/browserify/pbkdf2"},{"name":"rollup","old_version":"2.35.1","new_version":"2.80.0","repository_url":"https://github.com/rollup/rollup"},{"name":"serialize-javascript","old_version":"3.1.0","new_version":"6.0.2","repository_url":"https://github.com/yahoo/serialize-javascript"},{"name":"sha.js","old_version":"2.4.11","new_version":"2.4.12","repository_url":"https://github.com/crypto-browserify/sha.js"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 16 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [express](https://github.com/expressjs/express) | `4.17.0` | `4.22.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.4` |\n| [tar](https://github.com/isaacs/node-tar) | `4.4.10` | `7.5.11` |\n| [devalue](https://github.com/sveltejs/devalue) | `2.0.1` | `5.6.4` |\n| [@babel/plugin-transform-modules-systemjs](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs) | `7.12.1` | `7.29.4` |\n| [bn.js](https://github.com/indutny/bn.js) | `4.11.9` | `5.2.3` |\n| [cipher-base](https://github.com/crypto-browserify/cipher-base) | `1.0.4` | `1.0.7` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.1.1` | `3.4.2` |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.9.0` | `1.16.0` |\n| [handlebars](https://github.com/handlebars-lang/handlebars.js) | `4.7.6` | `4.7.9` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.13.1` | `3.14.2` |\n| [jws](https://github.com/brianloveswords/node-jws) | `3.2.2` | `3.2.3` |\n| [pbkdf2](https://github.com/browserify/pbkdf2) | `3.1.1` | `3.1.5` |\n| [rollup](https://github.com/rollup/rollup) | `2.35.1` | `2.80.0` |\n| [serialize-javascript](https://github.com/yahoo/serialize-javascript) | `3.1.0` | `6.0.2` |\n| [sha.js](https://github.com/crypto-browserify/sha.js) | `2.4.11` | `2.4.12` |\n\nBumps the npm_and_yarn group with 1 update in the /examples/auth-with-stytch directory: [next](https://github.com/vercel/next.js).\nBumps the npm_and_yarn group with 1 update in the /examples/blog-with-comment directory: [next](https://github.com/vercel/next.js).\nBumps the npm_and_yarn group with 1 update in the /examples/styled-jsx-with-csp directory: [next](https://github.com/vercel/next.js).\nBumps the npm_and_yarn group with 1 update in the /examples/using-preact directory: [next](https://github.com/vercel/next.js).\nBumps the npm_and_yarn group with 1 update in the /examples/with-aws-amplify-typescript directory: [next](https://github.com/vercel/next.js).\nBumps the npm_and_yarn group with 1 update in the /examples/with-i18n-next-intl directory: [next-intl](https://github.com/amannn/next-intl).\nBumps the npm_and_yarn group with 1 update in the /examples/with-nhost-auth-realtime-graphql directory: [next](https://github.com/vercel/next.js).\nBumps the npm_and_yarn group with 1 update in the /examples/with-paste-typescript directory: [next](https://github.com/vercel/next.js).\n\nUpdates `express` from 4.17.0 to 4.22.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/expressjs/express/releases\"\u003eexpress's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.22.0\u003c/h2\u003e\n\u003ch2\u003eImportant: Security\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity fix for \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2024-51999\"\u003eCVE-2024-51999\u003c/a\u003e (\u003ca href=\"https://github.com/expressjs/express/security/advisories/GHSA-pj86-cfqh-vqx6\"\u003eGHSA-pj86-cfqh-vqx6\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRefactor: improve readability by \u003ca href=\"https://github.com/sazk07\"\u003e\u003ccode\u003e@​sazk07\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6190\"\u003eexpressjs/express#6190\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add support for Node.js@23.0 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6080\"\u003eexpressjs/express#6080\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMethod functions with no path should error by \u003ca href=\"https://github.com/wesleytodd\"\u003e\u003ccode\u003e@​wesleytodd\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/5957\"\u003eexpressjs/express#5957\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: updated github actions ci workflow by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6323\"\u003eexpressjs/express#6323\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: reorder \u003ccode\u003enpm i\u003c/code\u003e steps to fix ci for older node versions by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6336\"\u003eexpressjs/express#6336\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBackport: ci: add node.js 24 to test matrix by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6506\"\u003eexpressjs/express#6506\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(4.x): wider range for query test skip by \u003ca href=\"https://github.com/jonchurch\"\u003e\u003ccode\u003e@​jonchurch\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6513\"\u003eexpressjs/express#6513\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003euse tilde notation for certain dependencies by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6905\"\u003eexpressjs/express#6905\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeps: qs@6.14.0 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6909\"\u003eexpressjs/express#6909\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeps: use tilde notation for \u003ccode\u003eqs\u003c/code\u003e by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6919\"\u003eexpressjs/express#6919\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelease: 4.22.0 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6921\"\u003eexpressjs/express#6921\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/expressjs/express/compare/4.21.2...4.22.0\"\u003ehttps://github.com/expressjs/express/compare/4.21.2...4.22.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e4.21.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd funding field (v4) by \u003ca href=\"https://github.com/bjohansebas\"\u003e\u003ccode\u003e@​bjohansebas\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6065\"\u003eexpressjs/express#6065\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeps: path-to-regexp@0.1.11 by \u003ca href=\"https://github.com/blakeembrey\"\u003e\u003ccode\u003e@​blakeembrey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/5956\"\u003eexpressjs/express#5956\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeps: bump path-to-regexp@0.1.12 by \u003ca href=\"https://github.com/jonchurch\"\u003e\u003ccode\u003e@​jonchurch\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6209\"\u003eexpressjs/express#6209\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelease: 4.21.2 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6094\"\u003eexpressjs/express#6094\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/expressjs/express/compare/4.21.1...4.21.2\"\u003ehttps://github.com/expressjs/express/compare/4.21.1...4.21.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e4.21.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBackport a fix for CVE-2024-47764 to the 4.x branch by \u003ca href=\"https://github.com/joshbuker\"\u003e\u003ccode\u003e@​joshbuker\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6029\"\u003eexpressjs/express#6029\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelease: 4.21.1 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/6031\"\u003eexpressjs/express#6031\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/expressjs/express/compare/4.21.0...4.21.1\"\u003ehttps://github.com/expressjs/express/compare/4.21.0...4.21.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e4.21.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate \u003ccode\u003e\u0026quot;back\u0026quot;\u003c/code\u003e magic string in redirects by \u003ca href=\"https://github.com/blakeembrey\"\u003e\u003ccode\u003e@​blakeembrey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/5935\"\u003eexpressjs/express#5935\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efinalhandler@1.3.1 by \u003ca href=\"https://github.com/wesleytodd\"\u003e\u003ccode\u003e@​wesleytodd\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/5954\"\u003eexpressjs/express#5954\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(deps): serve-static@1.16.2 by \u003ca href=\"https://github.com/wesleytodd\"\u003e\u003ccode\u003e@​wesleytodd\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/5951\"\u003eexpressjs/express#5951\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgraded dependency qs to 6.13.0 to match qs in body-parser by \u003ca href=\"https://github.com/agadzinski93\"\u003e\u003ccode\u003e@​agadzinski93\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/5946\"\u003eexpressjs/express#5946\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agadzinski93\"\u003e\u003ccode\u003e@​agadzinski93\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/expressjs/express/pull/5946\"\u003eexpressjs/express#5946\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/expressjs/express/blob/4.22.0/History.md\"\u003eexpress's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e4.22.0 / 2025-12-01\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity fix for \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2024-51999\"\u003eCVE-2024-51999\u003c/a\u003e (\u003ca href=\"https://github.com/expressjs/express/security/advisories/GHSA-pj86-cfqh-vqx6\"\u003eGHSA-pj86-cfqh-vqx6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edeps: use tilde notation for dependencies\u003c/li\u003e\n\u003cli\u003edeps: qs@6.14.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e4.21.2 / 2024-11-06\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003edeps: path-to-regexp@0.1.12\n\u003cul\u003e\n\u003cli\u003eFix backtracking protection\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003edeps: path-to-regexp@0.1.11\n\u003cul\u003e\n\u003cli\u003eThrows an error on invalid path values\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e4.21.1 / 2024-10-08\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eBackported a fix for \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2024-47764\"\u003eCVE-2024-47764\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e4.21.0 / 2024-09-11\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate \u003ccode\u003eres.location(\u0026quot;back\u0026quot;)\u003c/code\u003e and \u003ccode\u003eres.redirect(\u0026quot;back\u0026quot;)\u003c/code\u003e magic string\u003c/li\u003e\n\u003cli\u003edeps: serve-static@1.16.2\n\u003cul\u003e\n\u003cli\u003eincludes send@0.19.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003edeps: finalhandler@1.3.1\u003c/li\u003e\n\u003cli\u003edeps: qs@6.13.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e4.20.0 / 2024-09-10\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003edeps: serve-static@0.16.0\n\u003cul\u003e\n\u003cli\u003eRemove link renderization in html while redirecting\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003edeps: send@0.19.0\n\u003cul\u003e\n\u003cli\u003eRemove link renderization in html while redirecting\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003edeps: body-parser@0.6.0\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003edepth\u003c/code\u003e option to customize the depth level in the parser\u003c/li\u003e\n\u003cli\u003eIMPORTANT: The default \u003ccode\u003edepth\u003c/code\u003e level for parsing URL-encoded data is now \u003ccode\u003e32\u003c/code\u003e (previously was \u003ccode\u003eInfinity\u003c/code\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eRemove link renderization in html while using \u003ccode\u003eres.redirect\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003edeps: path-to-regexp@0.1.10\n\u003cul\u003e\n\u003cli\u003eAdds support for named matching groups in the routes using a regex\u003c/li\u003e\n\u003cli\u003eAdds backtracking protection to parameters without regexes defined\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003edeps: encodeurl@~2.0.0\n\u003cul\u003e\n\u003cli\u003eRemoves encoding of \u003ccode\u003e\\\u003c/code\u003e, \u003ccode\u003e|\u003c/code\u003e, and \u003ccode\u003e^\u003c/code\u003e to align better with URL spec\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eDeprecate passing \u003ccode\u003eoptions.maxAge\u003c/code\u003e and \u003ccode\u003eoptions.expires\u003c/code\u003e to \u003ccode\u003eres.clearCookie\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003eWill be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e4.19.2 / 2024-03-25\u003c/h1\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/49744abd1120484fe64d7bde1cd3197c32523b6e\"\u003e\u003ccode\u003e49744ab\u003c/code\u003e\u003c/a\u003e 4.22.0 (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6921\"\u003e#6921\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/6e97452f600a3b01719fbc5517d833c7646b0bb7\"\u003e\u003ccode\u003e6e97452\u003c/code\u003e\u003c/a\u003e sec: security patch for CVE-2024-51999\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/6a23d34d652b9e69a4486d2a2a0dea54b9685fa5\"\u003e\u003ccode\u003e6a23d34\u003c/code\u003e\u003c/a\u003e deps: use tilde notation for \u003ccode\u003eqs\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6919\"\u003e#6919\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/8c12cdf93b89a4628b59179e3cc0722fc517d6b3\"\u003e\u003ccode\u003e8c12cdf\u003c/code\u003e\u003c/a\u003e deps: qs@6.14.0 (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6909\"\u003e#6909\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/7fea74fcf02764580f38f2a7f1932dfa54cddd90\"\u003e\u003ccode\u003e7fea74f\u003c/code\u003e\u003c/a\u003e deps: use tilde notation for certain dependencies (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6905\"\u003e#6905\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/dac7a0475a99e9dfc57b3b8e6d5bdf52813f1944\"\u003e\u003ccode\u003edac7a04\u003c/code\u003e\u003c/a\u003e chore: wider range for query test skip (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6513\"\u003e#6513\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/997919b48879bbd53171c3b4e5dd1b04ad139241\"\u003e\u003ccode\u003e997919b\u003c/code\u003e\u003c/a\u003e ci: add node.js 24 to test matrix (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6506\"\u003e#6506\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/36fb59c6c7d9dfca0b08dfeafb5b6e4a249234a1\"\u003e\u003ccode\u003e36fb59c\u003c/code\u003e\u003c/a\u003e fix(ci): reorder \u003ccode\u003enpm i\u003c/code\u003e steps to fix ci for older node versions (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6336\"\u003e#6336\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/3a5edfaff06f1a2c7079b08d0635108b371eddfd\"\u003e\u003ccode\u003e3a5edfa\u003c/code\u003e\u003c/a\u003e fix(ci): updated github actions ci workflow (\u003ca href=\"https://redirect.github.com/expressjs/express/issues/6323\"\u003e#6323\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/express/commit/52d978119a7af27667cce5d99ac0739dc269d818\"\u003e\u003ccode\u003e52d9781\u003c/code\u003e\u003c/a\u003e fix(test): add test for method routes without paths \u003ca href=\"https://redirect.github.com/expressjs/express/issues/5955\"\u003e#5955\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/expressjs/express/compare/4.17.0...4.22.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~ulisesgascon\"\u003eulisesgascon\u003c/a\u003e, a new releaser for express since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 3.0.4 to 3.1.4\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a2e084af579731af66c221214e3ca8222c9bf23\"\u003e\u003ccode\u003e1a2e084\u003c/code\u003e\u003c/a\u003e 3.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/ae24656237c3d58067442f790ce17eff84463a47\"\u003e\u003ccode\u003eae24656\u003c/code\u003e\u003c/a\u003e update lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/b1003749228b2a79e1f237963a0d559ef7a0941e\"\u003e\u003ccode\u003eb100374\u003c/code\u003e\u003c/a\u003e limit recursion for **, improve perf considerably\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/26ffeaa091b9f660833e23f42e07165b33e85c13\"\u003e\u003ccode\u003e26ffeaa\u003c/code\u003e\u003c/a\u003e lockfile update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/9eca892a4e5dbb20534f9f30483b85cdeee6c2eb\"\u003e\u003ccode\u003e9eca892\u003c/code\u003e\u003c/a\u003e lock node version to 14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/00c323b188b704e5d4bc534ecec2268cfa70a32a\"\u003e\u003ccode\u003e00c323b\u003c/code\u003e\u003c/a\u003e 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/30486b2048929264f44d18822891cfffa02af78b\"\u003e\u003ccode\u003e30486b2\u003c/code\u003e\u003c/a\u003e update CI matrix and actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/9c31b2d4e0af72a6c2d2d62c5dbc2247da669802\"\u003e\u003ccode\u003e9c31b2d\u003c/code\u003e\u003c/a\u003e update test expectations for coalesced consecutive stars\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/46fe687857cf02f6cf45469cc593b97e11b10c96\"\u003e\u003ccode\u003e46fe687\u003c/code\u003e\u003c/a\u003e coalesce consecutive non-globstar * characters\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/5a9ccbda64befc5d94b965534dbea2853c92aebd\"\u003e\u003ccode\u003e5a9ccbd\u003c/code\u003e\u003c/a\u003e [meta] update publishConfig.tag to legacy-v3\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v3.0.4...v3.1.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `tar` from 4.4.10 to 7.5.11\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/isaacs/node-tar/releases\"\u003etar's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.1.13\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/npm/node-tar/compare/v6.1.12...v6.1.13\"\u003e6.1.13\u003c/a\u003e (2022-12-07)\u003c/h2\u003e\n\u003ch3\u003eDependencies\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-tar/commit/cc4e0ddfe523a0bce383846a67442c637a65d486\"\u003e\u003ccode\u003ecc4e0dd\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-tar/pull/343\"\u003e#343\u003c/a\u003e bump minipass from 3.3.6 to 4.0.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.1.12\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/npm/node-tar/compare/v6.1.11...v6.1.12\"\u003e6.1.12\u003c/a\u003e (2022-10-31)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-tar/commit/57493ee66ece50d62114e02914282fc37be3a91a\"\u003e\u003ccode\u003e57493ee\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-tar/pull/332\"\u003e#332\u003c/a\u003e ensuring close event is emited after stream has ended (\u003ca href=\"https://github.com/webark\"\u003e\u003ccode\u003e@​webark\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-tar/commit/b003c64f624332e24e19b30dc011069bb6708680\"\u003e\u003ccode\u003eb003c64\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-tar/pull/314\"\u003e#314\u003c/a\u003e replace deprecated String.prototype.substr() (\u003ca href=\"https://redirect.github.com/isaacs/node-tar/issues/314\"\u003e#314\u003c/a\u003e) (\u003ca href=\"https://github.com/CommanderRoot\"\u003e\u003ccode\u003e@​CommanderRoot\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/lukekarrys\"\u003e\u003ccode\u003e@​lukekarrys\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-tar/commit/f12992932f171ea248b27fad95e7d489a56d31ed\"\u003e\u003ccode\u003ef129929\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-tar/pull/313\"\u003e#313\u003c/a\u003e remove dead link to benchmarks (\u003ca href=\"https://redirect.github.com/isaacs/node-tar/issues/313\"\u003e#313\u003c/a\u003e) (\u003ca href=\"https://github.com/yetzt\"\u003e\u003ccode\u003e@​yetzt\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-tar/commit/c1faa9f44001dfb0bc7638b2850eb6058bd56a4a\"\u003e\u003ccode\u003ec1faa9f\u003c/code\u003e\u003c/a\u003e add examples/explanation of using tar.t (\u003ca href=\"https://github.com/isaacs\"\u003e\u003ccode\u003e@​isaacs\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md\"\u003etar's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003e7.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003ezstd\u003c/code\u003e compression support.\u003c/li\u003e\n\u003cli\u003eConsistent TOCTOU behavior in sync t.list\u003c/li\u003e\n\u003cli\u003eOnly read from ustar block if not specified in Pax\u003c/li\u003e\n\u003cli\u003eFix sync tar.list when file size reduces while reading\u003c/li\u003e\n\u003cli\u003eSanitize absolute linkpaths properly\u003c/li\u003e\n\u003cli\u003ePrevent writing hardlink entries to the archive ahead of their\nfile target\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate \u003ccode\u003eonentry\u003c/code\u003e in favor of \u003ccode\u003eonReadEntry\u003c/code\u003e for clarity.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eonWriteEntry\u003c/code\u003e option\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDRY the command definitions into a single \u003ccode\u003emakeCommand\u003c/code\u003e method,\nand update the type signatures to more appropriately infer the\nreturn type from the options and arguments provided.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate minipass to v7.1.0\u003c/li\u003e\n\u003cli\u003eUpdate the type definitions of \u003ccode\u003ewrite()\u003c/code\u003e and \u003ccode\u003eend()\u003c/code\u003e methods on\n\u003ccode\u003eUnpack\u003c/code\u003e and \u003ccode\u003eParser\u003c/code\u003e classes to be compatible with the\nNodeJS.WritableStream type in the latest versions of\n\u003ccode\u003e@types/node\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for node \u0026lt;18\u003c/li\u003e\n\u003cli\u003eRewrite in TypeScript, provide ESM and CommonJS hybrid\ninterface\u003c/li\u003e\n\u003cli\u003eAdd tree-shake friendly exports, like \u003ccode\u003eimport('tar/create')\u003c/code\u003e\nand \u003ccode\u003eimport('tar/read-entry')\u003c/code\u003e to get individual functions or\nclasses.\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003echmod\u003c/code\u003e option that defaults to false, and deprecate\n\u003ccode\u003enoChmod\u003c/code\u003e. That is, reverse the default option regarding\nexplicitly setting file system modes to match tar entry\nsettings.\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eprocessUmask\u003c/code\u003e option to avoid having to call\n\u003ccode\u003eprocess.umask()\u003c/code\u003e when \u003ccode\u003echmod: true\u003c/code\u003e (or \u003ccode\u003enoChmod: false\u003c/code\u003e) is\nset.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/bf776f673164215074b62749e0fe80e5834588f4\"\u003e\u003ccode\u003ebf776f6\u003c/code\u003e\u003c/a\u003e 7.5.11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/f48b5fa3b7985ddab96dc0f2125a4ffc9911b6ad\"\u003e\u003ccode\u003ef48b5fa\u003c/code\u003e\u003c/a\u003e prevent escaping symlinks with drive-relative paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/97cff15d3539a37a4095eb3d287147d9d77c2dc3\"\u003e\u003ccode\u003e97cff15\u003c/code\u003e\u003c/a\u003e docs: more security info\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/2b72abc1d47c3570e1ad95c9ab557fc4c2e6e4b1\"\u003e\u003ccode\u003e2b72abc\u003c/code\u003e\u003c/a\u003e 7.5.10\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/7bc755dd85e623c0279e08eb3784909e6d7e4b9f\"\u003e\u003ccode\u003e7bc755d\u003c/code\u003e\u003c/a\u003e parse root off paths before sanitizing .. parts\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/c8cb84629dee649feedde03f2f4ea48f2e44e778\"\u003e\u003ccode\u003ec8cb846\u003c/code\u003e\u003c/a\u003e update deps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/1f0c2c9006b10199cf2686f8ef43e79a1773e1aa\"\u003e\u003ccode\u003e1f0c2c9\u003c/code\u003e\u003c/a\u003e 7.5.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/fbb08518bf290733b68ca4d4135f75becf73fd75\"\u003e\u003ccode\u003efbb0851\u003c/code\u003e\u003c/a\u003e build minified version as default export\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/6b8eba0ef367ac937e703238daa6df94ae6f823f\"\u003e\u003ccode\u003e6b8eba0\u003c/code\u003e\u003c/a\u003e 7.5.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/2cb1120bcefe28d7ecc719b41441ade59c52e384\"\u003e\u003ccode\u003e2cb1120\u003c/code\u003e\u003c/a\u003e fix(unpack): improve UnpackSync symlink error \u0026quot;into\u0026quot; path accuracy\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/node-tar/compare/v4.4.10...v7.5.11\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~isaacs\"\u003eisaacs\u003c/a\u003e, a new releaser for tar since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `devalue` from 2.0.1 to 5.6.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sveltejs/devalue/releases\"\u003edevalue's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.6.4\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e87c1f3c: fix: reject \u003ccode\u003e__proto__\u003c/code\u003e keys in malformed \u003ccode\u003eObject\u003c/code\u003e wrapper payloads\u003c/p\u003e\n\u003cp\u003eThis validates the \u003ccode\u003e\u0026quot;Object\u0026quot;\u003c/code\u003e parse path and throws when the wrapped value has an own \u003ccode\u003e__proto__\u003c/code\u003e key.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e40f1db1: fix: ensure sparse array indices are integers\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e87c1f3c: fix: disallow \u003ccode\u003e__proto__\u003c/code\u003e keys in null-prototype object parsing\u003c/p\u003e\n\u003cp\u003eThis disallows \u003ccode\u003e__proto__\u003c/code\u003e keys in the \u003ccode\u003e\u0026quot;null\u0026quot;\u003c/code\u003e parse path so null-prototype object hydration cannot carry that key through parse/unflatten.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.6.3\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e0f04d4d: fix: Properly handle \u003ccode\u003e__proto__\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e819f1ac: fix: better encoding for sparse arrays\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.6.2\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e1175584: fix: validate input for \u003ccode\u003eArrayBuffer\u003c/code\u003e parsing\u003c/li\u003e\n\u003cli\u003ee46afa6: fix: validate input for typed arrays\u003c/li\u003e\n\u003cli\u003e1175584: fix: more helpful errors for inputs causing stack overflows\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.6.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e2161d44: fix: add hasOwn check before calling reviver\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.6.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ea3d09d4: feat: expose \u003ccode\u003eDevalueError\u003c/code\u003e for \u003ccode\u003einstanceof\u003c/code\u003e checks in \u003ccode\u003ecatch\u003c/code\u003e clauses\u003c/li\u003e\n\u003cli\u003ea3d09d4: feat: add \u003ccode\u003evalue\u003c/code\u003e and \u003ccode\u003eroot\u003c/code\u003e properties in \u003ccode\u003eDevalueError\u003c/code\u003e instances\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.5.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e828fa1c: Enable support for custom reducer/reviver for \u0026quot;function\u0026quot; values\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.4.2\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e5c26c0d: fix: allow custom revivers to revive things serialized by builtin reducers\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.4.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sveltejs/devalue/blob/main/CHANGELOG.md\"\u003edevalue's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.6.4\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e87c1f3c: fix: reject \u003ccode\u003e__proto__\u003c/code\u003e keys in malformed \u003ccode\u003eObject\u003c/code\u003e wrapper payloads\u003c/p\u003e\n\u003cp\u003eThis validates the \u003ccode\u003e\u0026quot;Object\u0026quot;\u003c/code\u003e parse path and throws when the wrapped value has an own \u003ccode\u003e__proto__\u003c/code\u003e key.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e40f1db1: fix: ensure sparse array indices are integers\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e87c1f3c: fix: disallow \u003ccode\u003e__proto__\u003c/code\u003e keys in null-prototype object parsing\u003c/p\u003e\n\u003cp\u003eThis disallows \u003ccode\u003e__proto__\u003c/code\u003e keys in the \u003ccode\u003e\u0026quot;null\u0026quot;\u003c/code\u003e parse path so null-prototype object hydration cannot carry that key through parse/unflatten.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.6.3\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e0f04d4d: fix: Properly handle \u003ccode\u003e__proto__\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e819f1ac: fix: better encoding for sparse arrays\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.6.2\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e1175584: fix: validate input for \u003ccode\u003eArrayBuffer\u003c/code\u003e parsing\u003c/li\u003e\n\u003cli\u003ee46afa6: fix: validate input for typed arrays\u003c/li\u003e\n\u003cli\u003e1175584: fix: more helpful errors for inputs causing stack overflows\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.6.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e2161d44: fix: add hasOwn check before calling reviver\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.6.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ea3d09d4: feat: expose \u003ccode\u003eDevalueError\u003c/code\u003e for \u003ccode\u003einstanceof\u003c/code\u003e checks in \u003ccode\u003ecatch\u003c/code\u003e clauses\u003c/li\u003e\n\u003cli\u003ea3d09d4: feat: add \u003ccode\u003evalue\u003c/code\u003e and \u003ccode\u003eroot\u003c/code\u003e properties in \u003ccode\u003eDevalueError\u003c/code\u003e instances\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.5.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e828fa1c: Enable support for custom reducer/reviver for \u0026quot;function\u0026quot; values\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.4.2\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/devalue/commit/6cbb3f51258e01d7769e2b3d77b6ce9ed060804b\"\u003e\u003ccode\u003e6cbb3f5\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://redirect.github.com/sveltejs/devalue/issues/133\"\u003e#133\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/devalue/commit/40f1db13afdd65c8e2ebd02f684276c273ef81b0\"\u003e\u003ccode\u003e40f1db1\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/devalue/commit/87c1f3ce3759765a061cfe34843ecc4b0711ba8d\"\u003e\u003ccode\u003e87c1f3c\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/devalue/commit/a4a37d208a4d1bdd0d58c82e5644c87cab855259\"\u003e\u003ccode\u003ea4a37d2\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://redirect.github.com/sveltejs/devalue/issues/132\"\u003e#132\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/devalue/commit/819f1ac7475ab37547645cfb09bf2f678a799cf0\"\u003e\u003ccode\u003e819f1ac\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/devalue/commit/0f04d4d678eac39ad5d7a07d1956275d7874e81c\"\u003e\u003ccode\u003e0f04d4d\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/devalue/commit/fcf4e88275f2e2e45b9ea70ffaa5247c8f55f057\"\u003e\u003ccode\u003efcf4e88\u003c/code\u003e\u003c/a\u003e fix tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/devalue/commit/1d8a5ea5863bcd9992755ce5a3842265753cb4ab\"\u003e\u003ccode\u003e1d8a5ea\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://redirect.github.com/sveltejs/devalue/issues/131\"\u003e#131\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/devalue/commit/11755849fa0634ae294a15ec0aef2f43efcad7c4\"\u003e\u003ccode\u003e1175584\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/devalue/commit/e46afa64dd2b25aa35fb905ba5d20cea63aabbf7\"\u003e\u003ccode\u003ee46afa6\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sveltejs/devalue/compare/v2.0.1...v5.6.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for devalue since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@babel/plugin-transform-modules-systemjs` from 7.12.1 to 7.29.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/babel/babel/releases\"\u003e@​babel/plugin-transform-modules-systemjs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.29.4 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-plugin-transform-modules-systemjs\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17974\"\u003e#17974\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 1\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.3 (2026-04-30)\u003c/h2\u003e\n\u003ch4\u003e:eyeglasses: Spec Compliance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17923\"\u003e#17923\u003c/a\u003e Support flow extends bound (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helper-create-class-features-plugin\u003c/code\u003e, \u003ccode\u003ebabel-plugin-proposal-decorators\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17931\"\u003e#17931\u003c/a\u003e fix(decorators): replace super within all removed static elements (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-register\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17915\"\u003e#17915\u003c/a\u003e Fix thread synchronization issues in \u003ccode\u003e@babel/register\u003c/code\u003e (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-compat-data\u003c/code\u003e, \u003ccode\u003ebabel-plugin-bugfix-safari-rest-destructuring-rhs-array\u003c/code\u003e, \u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17788\"\u003e#17788\u003c/a\u003e Add bugfix plugin for Safari array rest destructuring bug (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:nail_care: Polish\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17782\"\u003e#17782\u003c/a\u003e Improve trailing comma comment handling (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:memo: Documentation\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17847\"\u003e#17847\u003c/a\u003e Replace npmjs.com links with npmx.dev (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:running_woman: Performance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helper-import-to-platform-api\u003c/code\u003e, \u003ccode\u003ebabel-plugin-proposal-import-wasm-source\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-json-modules\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17818\"\u003e#17818\u003c/a\u003e Load async Wasm and JSON imports in parallel (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 4\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eBabel Bot (\u003ca href=\"https://github.com/babel-bot\"\u003e\u003ccode\u003e@​babel-bot\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNicolò Ribaudo (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.2 (2026-03-16)\u003c/h2\u003e\n\u003ch4\u003e:eyeglasses: Spec Compliance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17840\"\u003e#17840\u003c/a\u003e [7.x backport] async x =\u0026gt; {} must be in leading pos (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helpers\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-async-generator-functions\u003c/code\u003e, \u003ccode\u003ebabel-preset-env\u003c/code\u003e, \u003ccode\u003ebabel-runtime-corejs3\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17805\"\u003e#17805\u003c/a\u003e [7.x backport] fix: Properly handle await in finally (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-preset-env\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/a458f66074b97d54773db8159af673d23b26079b\"\u003e\u003ccode\u003ea458f66\u003c/code\u003e\u003c/a\u003e v7.29.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/32ebd5aaf2526ddd176fd6a3d1e3dc594abdc8d9\"\u003e\u003ccode\u003e32ebd5a\u003c/code\u003e\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17974\"\u003e#17974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/aa8394e454337d118ac3d40bfa3ee1a3cb3f3ed2\"\u003e\u003ccode\u003eaa8394e\u003c/code\u003e\u003c/a\u003e v7.29.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/0053db620c05acf0036f593b5aaf4e372daa79d0\"\u003e\u003ccode\u003e0053db6\u003c/code\u003e\u003c/a\u003e Update polyfill packages (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17727\"\u003e#17727\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/61647ae2397c82c3c71f077b5ab109106a5cac0f\"\u003e\u003ccode\u003e61647ae\u003c/code\u003e\u003c/a\u003e v7.28.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/a177d551adba99773f4ff00ea9bf46550def6132\"\u003e\u003ccode\u003ea177d55\u003c/code\u003e\u003c/a\u003e [Babel 8] Use \u003ccode\u003et.traverseFast\u003c/code\u003e to replace some \u003ccode\u003epath.traverse\u003c/code\u003e (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17518\"\u003e#17518\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/eebd3a06021c13d335b5b0bd79734df3abbea678\"\u003e\u003ccode\u003eeebd3a0\u003c/code\u003e\u003c/a\u003e v7.27.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/317e332e650bc04907bc787ab79f930288a3e71e\"\u003e\u003ccode\u003e317e332\u003c/code\u003e\u003c/a\u003e Enforce node protocol import (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17207\"\u003e#17207\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/fdc0fb59e119ee0b38bced63867a344a5b4bc2f3\"\u003e\u003ccode\u003efdc0fb5\u003c/code\u003e\u003c/a\u003e [Babel 8] Bump nodejs requirements to \u003ccode\u003e^20.19.0 || \u0026gt;= 22.12.0\u003c/code\u003e (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17204\"\u003e#17204\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/cd24cc07ef6558b7f6510f9177f6393c91b0549f\"\u003e\u003ccode\u003ecd24cc0\u003c/code\u003e\u003c/a\u003e chore: Update TS 5.7 (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17053\"\u003e#17053\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/babel/babel/commits/v7.29.4/packages/babel-plugin-transform-modules-systemjs\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for \u003ccode\u003e@​babel/plugin-transform-modules-systemjs\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `bn.js` from 4.11.9 to 5.2.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/indutny/bn.js/releases\"\u003ebn.js's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: serious issue in \u003ccode\u003e.toString(16)\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/295\"\u003e#295\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: Buffer not using global in browser (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/260\"\u003e#260\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix: LE constructor for HEX (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/265\"\u003e#265\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.1.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for defined but not implemented Symbol.for (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/252\"\u003e#252\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.1.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix BN v5/v4 interoperability issue (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/249\"\u003e#249\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.1.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eTemporary workaround for BN#_move (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/236\"\u003e#236\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd eslintrc instead config in package.json (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/237\"\u003e#237\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.1.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBenchmark for BigInt (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/226\"\u003e#226\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd documentation for max/min (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/232\"\u003e#232\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate BN#inspect for Symbols (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/225\"\u003e#225\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove performance of toArrayLike (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/222\"\u003e#222\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etemporary disable jumboMulTo in BN#mulTo (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/221\"\u003e#221\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eoptimize toBitArray function (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/212\"\u003e#212\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix iaddn sign issue (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/216\"\u003e#216\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003etravis: update node versions (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/205\"\u003e#205\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRefactor buffer constructor (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/200\"\u003e#200\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003elib: fix for negative numbers: imuln, modrn, idivn (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/185\"\u003e#185\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebn: fix Red#imod (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/178\"\u003e#178\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echeck unexpected high bits for invalid characters (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/173\"\u003e#173\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edocument support very large integers (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/158\"\u003e#158\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eonly define toBuffer if Buffer is defined (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/172\"\u003e#172\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003elib: better validation of string input (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/151\"\u003e#151\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etests: reject decimal input in constructor (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/91\"\u003e#91\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebn: make .strip() an internal method (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/105\"\u003e#105\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003elib: deprecate \u003ccode\u003e.modn()\u003c/code\u003e introduce \u003ccode\u003e.modrn()\u003c/code\u003e  (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/112\"\u003e#112\u003c/a\u003e \u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/129\"\u003e#129\u003c/a\u003e \u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/130\"\u003e#130\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebn: don't accept invalid characters (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/141\"\u003e#141\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003epackage: use \u003ccode\u003efiles\u003c/code\u003e insteadof \u003ccode\u003e.npmignore\u003c/code\u003e  (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/152\"\u003e#152\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebn: improve allocation speed for buffers (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/167\"\u003e#167\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etoJSON to default to interoperable hex (length % 2) (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/164\"\u003e#164\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/indutny/bn.js/blob/master/CHANGELOG.md\"\u003ebn.js's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.2.3 / 2026-02-19\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: imaskn state (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/317\"\u003e#317\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.2 / 2025-04-25\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: imuln/muln with zero (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/313\"\u003e#313\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.1 / 2022-02-23\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: serious issue in \u003ccode\u003e.toString(16)\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/295\"\u003e#295\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.0 / 2021-02-23\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: Buffer not using global in browser (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/260\"\u003e#260\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix LE constructor for HEX (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/265\"\u003e#265\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.1.3 / 2020-08-14\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for defined but not implemented Symbol.for (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/252\"\u003e#252\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.1.2 / 2020-05-20\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix BN v5/v4 interoperability issue (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/249\"\u003e#249\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.1.1 / 2019-12-24\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eTemporary workaround for BN#_move (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/236\"\u003e#236\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd eslintrc instead config in package.json (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/237\"\u003e#237\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.1.0 / 2019-12-23\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBenchmark for BigInt (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/226\"\u003e#226\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd documentation for max/min (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/232\"\u003e#232\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate BN#inspect for Symbols (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/225\"\u003e#225\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove performance of toArrayLike (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/222\"\u003e#222\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etemporary disable jumboMulTo in BN#mulTo (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/221\"\u003e#221\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eoptimize toBitArray function (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/212\"\u003e#212\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix iaddn sign issue (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/216\"\u003e#216\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.0.0 / 2019-07-04\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/ea6c072a951493ca99e5cd5f8da3851b90116271\"\u003e\u003ccode\u003eea6c072\u003c/code\u003e\u003c/a\u003e 5.2.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/33df26b5771e824f303a79ec6407409376baa64b\"\u003e\u003ccode\u003e33df26b\u003c/code\u003e\u003c/a\u003e fix imaskn state (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/317\"\u003e#317\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/6db7c3818569423b94ebcf2bdff90fcfb9c47f6d\"\u003e\u003ccode\u003e6db7c38\u003c/code\u003e\u003c/a\u003e 5.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/c7e1a532566c83fd0297ff7669c227b824928bf4\"\u003e\u003ccode\u003ec7e1a53\u003c/code\u003e\u003c/a\u003e Fix imuln/muln with zero (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/313\"\u003e#313\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/4cc0bfa5195d54876a6b807827e582522c813019\"\u003e\u003ccode\u003e4cc0bfa\u003c/code\u003e\u003c/a\u003e docs: mention the max plain JS number argument value (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/307\"\u003e#307\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/5df40f81ea8afb835b909bb7c21e0833cdeb6a30\"\u003e\u003ccode\u003e5df40f8\u003c/code\u003e\u003c/a\u003e Document \u003ccode\u003elength\u003c/code\u003e unit in \u003ccode\u003etoBuffer(...)\u003c/code\u003e input (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/299\"\u003e#299\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/7078ea85082f2d14e6b315debec76b472b1d55fa\"\u003e\u003ccode\u003e7078ea8\u003c/code\u003e\u003c/a\u003e 5.2.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/042ab62e70418c15f189b45460709a51faf303cc\"\u003e\u003ccode\u003e042ab62\u003c/code\u003e\u003c/a\u003e Fix serious issue in \u003ccode\u003e.toString(16)\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/295\"\u003e#295\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/db57519421f0c47c9f68c05fa6fc12273dcca2c2\"\u003e\u003ccode\u003edb57519\u003c/code\u003e\u003c/a\u003e Fix a few typos in readme (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/285\"\u003e#285\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/4187ca213e91b41acf72be046072f2dc1f06d0de\"\u003e\u003ccode\u003e4187ca2\u003c/code\u003e\u003c/a\u003e readme: add Scout APM to new Sponsors section\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/indutny/bn.js/compare/v4.11.9...v5.2.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cipher-base` from 1.0.4 to 1.0.7\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/browserify/cipher-base/blob/master/CHANGELOG.md\"\u003ecipher-base's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/browserify/cipher-base/compare/v1.0.6...v1.0.7\"\u003ev1.0.7\u003c/a\u003e - 2025-09-24\u003c/h2\u003e\n\u003ch3\u003eCommits\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Refactor] use \u003ccode\u003eto-buffer\u003c/code\u003e \u003ca href=\"https://github.com/browserify/cipher-base/commit/fd1e5eeafccbc8eaa827ee6b9b60c14608aa784f\"\u003e\u003ccode\u003efd1e5ee\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e \u003ca href=\"https://github.com/browserify/cipher-base/commit/08ba8034223a53d300b7dccf33d8f14e52379a34\"\u003e\u003ccode\u003e08ba803\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/browserify/cipher-base/compare/v1.0.5...v1.0.6\"\u003ev1.0.6\u003c/a\u003e - 2024-11-26\u003c/h2\u003e\n\u003ch3\u003eCommits\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] io.js 3.0 - Node.js 5.3 typed array support \u003ca href=\"https://github.com/browserify/cipher-base/commit/b7ddd2ac24e65cc47befc1e0eb5026422f8ab037\"\u003e\u003ccode\u003eb7ddd2a\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/browserify/cipher-base/compare/v1.0.4...v1.0.5\"\u003ev1.0.5\u003c/a\u003e - 2024-11-17\u003c/h2\u003e\n\u003ch3\u003eCommits\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Tests] standard -\u0026gt; eslint, make test dir, etc \u003ca href=\"https://github.com/browserify/cipher-base/commit/ae02fd6624c41ac4ac18077be797111d1955bc76\"\u003e\u003ccode\u003eae02fd6\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] migrate from travis to GHA \u003ca href=\"https://github.com/browserify/cipher-base/commit/66387d71461287ad9067bb1bcbfdc47403a33ee7\"\u003e\u003ccode\u003e66387d7\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] fix package.json indentation \u003ca href=\"https://github.com/browserify/cipher-base/commit/5c02918ac58c875ed36913c2dc3e1043f4d1c99c\"\u003e\u003ccode\u003e5c02918\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] return valid values on multi-byte-wide TypedArray input \u003ca href=\"https://github.com/browserify/cipher-base/commit/8fd136432ca298a664f5637629cf2b42a6c7f294\"\u003e\u003ccode\u003e8fd1364\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] add \u003ccode\u003eauto-changelog\u003c/code\u003e \u003ca href=\"https://github.com/browserify/cipher-base/commit/88dc806806d3dc41444dbf639c87c00f82c949b3\"\u003e\u003ccode\u003e88dc806\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] add \u003ccode\u003enpmignore\u003c/code\u003e and \u003ccode\u003esafe-publish-latest\u003c/code\u003e \u003ca href=\"https://github.com/browserify/cipher-base/commit/7a137d749ce7ea7ea56b9c096844b1b8ab723f61\"\u003e\u003ccode\u003e7a137d7\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eOnly apps should have lockfiles \u003ca href=\"https://github.com/browserify/cipher-base/commit/42528f291db16bf2e7d5f831ebe2ad87fd0b1f42\"\u003e\u003ccode\u003e42528f2\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003einherits\u003c/code\u003e, \u003ccode\u003esafe-buffer\u003c/code\u003e \u003ca href=\"https://github.com/browserify/cipher-base/commit/0e7a2d9a33a391e82fa9cf512d6e25cc91ab8613\"\u003e\u003ccode\u003e0e7a2d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] add missing \u003ccode\u003eengines.node\u003c/code\u003e \u003ca href=\"https://github.com/browserify/cipher-base/commit/f2dc13e47bbcf3c873db9a9e0f83e5f29d0783fe\"\u003e\u003ccode\u003ef2dc13e\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/00567180c846dd3db3848c9223991c58a0d5490c\"\u003e\u003ccode\u003e0056718\u003c/code\u003e\u003c/a\u003e v1.0.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/fd1e5eeafccbc8eaa827ee6b9b60c14608aa784f\"\u003e\u003ccode\u003efd1e5ee\u003c/code\u003e\u003c/a\u003e [Refactor] use \u003ccode\u003eto-buffer\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/08ba8034223a53d300b7dccf33d8f14e52379a34\"\u003e\u003ccode\u003e08ba803\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/f5249f94611506ef35a8be4d48a3fc5ecf1fac63\"\u003e\u003ccode\u003ef5249f9\u003c/code\u003e\u003c/a\u003e v1.0.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/b7ddd2ac24e65cc47befc1e0eb5026422f8ab037\"\u003e\u003ccode\u003eb7ddd2a\u003c/code\u003e\u003c/a\u003e [Fix] io.js 3.0 - Node.js 5.3 typed array support\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/f03cebfdad1cba1d56614c58affa303b0fa2a43e\"\u003e\u003ccode\u003ef03cebf\u003c/code\u003e\u003c/a\u003e v1.0.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/88dc806806d3dc41444dbf639c87c00f82c949b3\"\u003e\u003ccode\u003e88dc806\u003c/code\u003e\u003c/a\u003e [meta] add \u003ccode\u003eauto-changelog\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/7a137d749ce7ea7ea56b9c096844b1b8ab723f61\"\u003e\u003ccode\u003e7a137d7\u003c/code\u003e\u003c/a\u003e [meta] add \u003ccode\u003enpmignore\u003c/code\u003e and \u003ccode\u003esafe-publish-latest\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/5c02918ac58c875ed36913c2dc3e1043f4d1c99c\"\u003e\u003ccode\u003e5c02918\u003c/code\u003e\u003c/a\u003e [meta] fix package.json indentation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/8fd136432ca298a664f5637629cf2b42a6c7f294\"\u003e\u003ccode\u003e8fd1364\u003c/code\u003e\u003c/a\u003e [Fix] return valid values on multi-byte-wide TypedArray input\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/crypto-browserify/cipher-base/compare/v1.0.4...v1.0.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~ljharb\"\u003eljharb\u003c/a\u003e, a new releaser for cipher-base since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepublish\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `flatted` from 3.1.1 to 3.4.2\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/3bf09091c3562e17a0647bc06710dd6097079cf7\"\u003e\u003ccode\u003e3bf0909\u003c/code\u003e\u003c/a\u003e 3.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/885ddcc33cf9657caf38c57c7be45ae1c5272802\"\u003e\u003ccode\u003e885ddcc\u003c/code\u003e\u003c/a\u003e fix CWE-1321\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/0bdba705d130f00892b1b8fcc80cf4cdea0631e3\"\u003e\u003ccode\u003e0bdba70\u003c/code\u003e\u003c/a\u003e added flatted-view to the benchmark\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/2a02dce7c641dec31194c67663f9b0b12e62da20\"\u003e\u003ccode\u003e2a02dce\u003c/code\u003e\u003c/a\u003e 3.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/fba4e8f2e113665da275b19cd0f695f3d98e9416\"\u003e\u003ccode\u003efba4e8f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/WebReflection/flatted/issues/89\"\u003e#89\u003c/a\u003e from WebReflection/python-fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/5fe86485e6df7f7f34a07a2a85498bd3e17384e7\"\u003e\u003ccode\u003e5fe8648\u003c/code\u003e\u003c/a\u003e added \u0026quot;when in Rome\u0026quot; also a test for PHP\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/53517adbefe724fe472b2f9ebcdb01910d0ae3f0\"\u003e\u003ccode\u003e53517ad\u003c/code\u003e\u003c/a\u003e some minor improvement\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/b3e2a0c387bf446435fec45ad7f05299f012346f\"\u003e\u003ccode\u003eb3e2a0c\u003c/code\u003e\u003c/a\u003e Fixing recursion issue in Python too\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/c4b46dbcbf782326e54ea1b65d3ebb1dc7a23fad\"\u003e\u003ccode\u003ec4b46db\u003c/code\u003e\u003c/a\u003e Add SECURITY.md for security policy and reporting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/f86d071e0f70de5a7d8200198824a3f07fc9c988\"\u003e\u003ccode\u003ef86d071\u003c/code\u003e\u003c/a\u003e Create dependabot.yml for version updates\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/WebReflection/flatted/compare/v3.1.1...v3.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `follow-redirects` from 1.9.0 to 1.16.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/0c23a223067201c368035e82954c11eb2578a33b\"\u003e\u003ccode\u003e0c23a22\u003c/code\u003e\u003c/a\u003e Release version 1.16.0 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/844c4d302ac963d29bdb5dc1754ec7df3d70d7f9\"\u003e\u003ccode\u003e844c4d3\u003c/code\u003e\u003c/a\u003e Add sensitiveHeaders option.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5e8b8d024e2c76f804a284258e585ecb49a575be\"\u003e\u003ccode\u003e5e8b8d0\u003c/code\u003e\u003c/a\u003e ci: add Node.js 24.x to the CI matrix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7953e2255aa0b93602eed3804f3bc5e6923a03af\"\u003e\u003ccode\u003e7953e22\u003c/code\u003e\u003c/a\u003e ci: upgrade GitHub Actions to use setup-node@v6 and checkout@v6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/86dc1f86e4b56bcd642c78384d51f10f123aea75\"\u003e\u003ccode\u003e86dc1f8\u003c/code\u003e\u003c/a\u003e Sanitizing input.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/21ef28a544c5e57f4c34b8476d75f2144609a1eb\"\u003e\u003ccode\u003e21ef28a\u003c/code\u003e\u003c/a\u003e Release version 1.15.11 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7c88135da3bd0681a7e156ee66b16b2f6f98b480\"\u003e\u003ccode\u003e7c88135\u003c/code\u003e\u003c/a\u003e Roll back tree shaking.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/6e389ba094beec211a8847788a146917a16c1bdb\"\u003e\u003ccode\u003e6e389ba\u003c/code\u003e\u003c/a\u003e Release version 1.15.10 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5bc496e0229abda823221e0c6267926a3f93f262\"\u003e\u003ccode\u003e5bc496e\u003c/code\u003e\u003c/a\u003e Shake me up before you go-go.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/694d6b47a42bc8377e5ef1480394de451e16bd5b\"\u003e\u003ccode\u003e694d6b4\u003c/code\u003e\u003c/a\u003e Bump minimist from 1.2.5 to 1.2.8\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/follow-redirects/follow-redirects/compare/v1.9.0...v1.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `handlebars` from 4.7.6 to 4.7.9\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/handlebars-lang/handlebars.js/releases\"\u003ehandlebars's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.7.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: enable shell mode for spawn to resolve Windows EINVAL issue - e0137c2\u003c/li\u003e\n\u003cli\u003efix type \u0026quot;RuntimeOptions\u0026quot; also accepting string partials - eab1d14\u003c/li\u003e\n\u003cli\u003efeat(types): set \u003ccode\u003ehash\u003c/code\u003e to be a \u003ccode\u003eRecord\u0026lt;string, any\u0026gt;\u003c/code\u003e - de4414d\u003c/li\u003e\n\u003cli\u003efix non-contiguous program indices - 4512766\u003c/li\u003e\n\u003cli\u003erefactor: rename i to startPartIndex - e497a35\u003c/li\u003e\n\u003cli\u003esecurity: fix security issues - 68d8df5\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2w6w-674q-4c4q\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2w6w-674q-4c4q\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-3mfm-83xf-c92r\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-3mfm-83xf-c92r\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xhpv-hc6g-r9c6\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xhpv-hc6g-r9c6\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xjpj-3mr7-gcpf\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xjpj-3mr7-gcpf\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-9cx6-37pm-9jff\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-9cx6-37pm-9jff\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2qvq-rjwj-gvw9\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2qvq-rjwj-gvw9\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-7rx3-28cr-v5wh\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-7rx3-28cr-v5wh\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-442j-39wm-28r2\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-442j-39wm-28r2\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.8...v4.7.9\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.7.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMake library compatible with workers (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1894\"\u003e#1894\u003c/a\u003e) - 3d3796c\u003c/li\u003e\n\u003cli\u003eDon't rely on Node.js global object (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1776\"\u003e#1776\u003c/a\u003e) - 2954e7e\u003c/li\u003e\n\u003cli\u003eFix compiling of each block params in strict mode (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1855\"\u003e#1855\u003c/a\u003e) - 30dbf04\u003c/li\u003e\n\u003cli\u003eFix rollup warning when importing Handlebars as ESM - 03d387b\u003c/li\u003e\n\u003cli\u003eFix bundler issue with webpack 5 (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1862\"\u003e#1862\u003c/a\u003e) - c6c6bbb\u003c/li\u003e\n\u003cli\u003eUse https instead of git for mustache submodule - 88ac068\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.7...v4.7.8\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/handlebars-lang/handlebars.js/blob/v4.7.9/release-notes.md\"\u003ehandlebars's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.7.9 - March 26th, 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: enable shell mode for spawn to resolve Windows EINVAL issue - e0137c2\u003c/li\u003e\n\u003cli\u003efix type \u0026quot;RuntimeOptions\u0026quot; also accepting string partials - eab1d14\u003c/li\u003e\n\u003cli\u003efeat(types): set \u003ccode\u003ehash\u003c/code\u003e to be a \u003ccode\u003eRecord\u0026lt;string, any\u0026gt;\u003c/code\u003e - de4414d\u003c/li\u003e\n\u003cli\u003efix non-contiguous program indices - 4512766\u003c/li\u003e\n\u003cli\u003erefactor: rename i to startPartIndex - e497a35\u003c/li\u003e\n\u003cli\u003esecurity: fix security issues - 68d8df5\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.8...v4.7.9\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.7.8 - July 27th, 2023\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMake library compatible with workers (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1894\"\u003e#1894\u003c/a\u003e) - 3d3796c\u003c/li\u003e\n\u003cli\u003eDon't rely on Node.js global object (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1776\"\u003e#1776\u003c/a\u003e) - 2954e7e\u003c/li\u003e\n\u003cli\u003eFix compiling of each block params in strict mode (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1855\"\u003e#1855\u003c/a\u003e) - 30dbf04\u003c/li\u003e\n\u003cli\u003eFix rollup warning when importing Handlebars as ESM - 03d387b\u003c/li\u003e\n\u003cli\u003eFix bundler issue with webpack 5 (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1862\"\u003e#1862\u003c/a\u003e) - c6c6bbb\u003c/li\u003e\n\u003cli\u003eUse https instead of git for mustache submodule - 88ac068\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.7...v4.7.8\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.7.7 - February 15th, 2021\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix weird error in integration tests - eb860c0\u003c/li\u003e\n\u003cli\u003efix: check prototype property access in strict-mode (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1736\"\u003e#1736\u003c/a\u003e) - b6d3de7\u003c/li\u003e\n\u003cli\u003efix: escape property names in compat mode (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1736\"\u003e#1736\u003c/a\u003e) - f058970\u003c/li\u003e\n\u003cli\u003erefactor: In spec tests, use expectTemplate over equals and shouldThrow (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1683\"\u003e#1683\u003c/a\u003e) - 77825f8\u003c/li\u003e\n\u003cli\u003echore: start testing on Node.js 12 and 13 - 3789a30\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e(POSSIBLY) BREAKING CHANGES:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ethe changes from version \u003ca href=\"https://github.com/handlebars-lang/handlebars.js/blob/master/release-notes.md#v460---january-8th-2020\"\u003e4.6.0\u003c/a\u003e now also apply\nin when using the compile-option \u0026quot;strict: true\u0026quot;. Access to prototype properties is forbidden completely by default, specific properties or methods\ncan be allowed via runtime-options. See \u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1633\"\u003e#1633\u003c/a\u003e for details. If you are using Handlebars as documented, you should not be accessing prototype properties\nfrom your template anyway, so the changes should not be a problem for you. Only the use of undocumented features can break your build.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThat is why we only bump the patch version despite mentioning breaking changes.\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/wycats/handlebars.js/compare/v4.7.6...v4.7.7\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/dce542c9a660048d31f0981ac8a45c08b919bddb\"\u003e\u003ccode\u003edce542c\u003c/code\u003e\u003c/a\u003e v4.7.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/8a41389ba5b2624b6f43a5463d8e2533b843a562\"\u003e\u003ccode\u003e8a41389\u003c/code\u003e\u003c/a\u003e Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/68d8df5a88e0a26fe9e6084c5c6aaebe67b07da2\"\u003e\u003ccode\u003e68d8df5\u003c/code\u003e\u003c/a\u003e Fix security issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/b2a083136b11e1da9f0f47a11f749a9830a49328\"\u003e\u003ccode\u003eb2a0831\u003c/code\u003e\u003c/a\u003e Fix browser tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/9f98c1629834abf8de5a127caff8a2eab03d2c12\"\u003e\u003ccode\u003e9f98c16\u003c/code\u003e\u003c/a\u003e Fix release script\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/45443b4290475dfb7cec32a85d344f12ab345eb9\"\u003e\u003ccode\u003e45443b4\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Improve partial indenting performance\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/8841a5f6d35096aee95d68e1e49636a4cb5c661e\"\u003e\u003ccode\u003e8841a5f\u003c/code\u003e\u003c/a\u003e Fix CI errors with linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/e0137c26f2202593bca7cc25184e733e87d54709\"\u003e\u003ccode\u003ee0137c2\u003c/code\u003e\u003c/a\u003e fix: enable shell mode for spawn to resolve Windows EINVAL issue\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/e914d6037ffb0dd371f7e4823cdb019732ae66d7\"\u003e\u003ccode\u003ee914d60\u003c/code\u003e\u003c/a\u003e Improve rendering performance\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/7de4b41c344a5d702edca93d1841b59642fa32bd\"\u003e\u003ccode\u003e7de4b41\u003c/code\u003e\u003c/a\u003e Upgrade GitHub Actions checkout and setup-node on 4.x branch\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.6...v4.7.9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~jaylinski\"\u003ejaylinski\u003c/a\u003e, a new releaser for handlebars since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `js-yaml` from 3.13.1 to 3.14.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md\"\u003ejs-yaml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[3.14.2] - 2025-11-15\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackported v4.1.1 fix to v3\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.1.1] - 2025-11-12\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix prototype pollution issue in yaml merge (\u0026lt;\u0026lt;) operator.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.1.0] - 2021-04-15\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eTypes are now exported as \u003ccode\u003eyaml.types.XXX\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eEvery type now has \u003ccode\u003eoptions\u003c/code\u003e property with original arguments kept as they were\n(see \u003ccode\u003eyaml.types.int.options\u003c/code\u003e as an example).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eSchema.extend()\u003c/code\u003e now keeps old type order in case of conflicts\n(e.g. Schema.extend([ a, b, c ]).extend([ b, a, d ]) is now ordered as \u003ccode\u003eabcd\u003c/code\u003e instead of \u003ccode\u003ecbad\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.0.0] - 2021-01-03\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCheck \u003ca href=\"https://github.com/nodeca/js-yaml/blob/master/migrate_v3_to_v4.md\"\u003emigration guide\u003c/a\u003e to see details for all breaking changes.\u003c/li\u003e\n\u003cli\u003eBreaking: \u0026quot;unsafe\u0026quot; tags \u003ccode\u003e!!js/function\u003c/code\u003e, \u003ccode\u003e!!js/regexp\u003c/code\u003e, \u003ccode\u003e!!js/undefined\u003c/code\u003e are\nmoved to \u003ca href=\"https://github.com/nodeca/js-yaml-js-types\"\u003ejs-yaml-js-types\u003c/a\u003e package.\u003c/li\u003e\n\u003cli\u003eBreaking: removed \u003ccode\u003esafe*\u003c/code\u003e functions. Use \u003ccode\u003eload\u003c/code\u003e, \u003ccode\u003eloadAll\u003c/code\u003e, \u003ccode\u003edump\u003c/code\u003e\ninstead which are all now safe by default.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eyaml.DEFAULT_SAFE_SCHEMA\u003c/code\u003e and \u003ccode\u003eyaml.DEFAULT_FULL_SCHEMA\u003c/code\u003e are removed, use\n\u003ccode\u003eyaml.DEFAULT_SCHEMA\u003c/code\u003e instead.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eyaml.Schema.create(schema, tags)\u003c/code\u003e is removed, use \u003ccode\u003eschema.extend(tags)\u003c/code\u003e instead.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e!!binary\u003c/code\u003e now always mapped to \u003ccode\u003eUint8Array\u003c/code\u003e on load.\u003c/li\u003e\n\u003cli\u003eReduced nesting of \u003ccode\u003e/lib\u003c/code\u003e folder.\u003c/li\u003e\n\u003cli\u003eParse numbers according to YAML 1.2 instead of YAML 1.1 (\u003ccode\u003e01234\u003c/code\u003e is now decimal,\n\u003ccode\u003e0o1234\u003c/code\u003e is octal, \u003ccode\u003e1:23\u003c/code\u003e is parsed as string instead of base60).\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edump()\u003c/code\u003e no longer quotes \u003ccode\u003e:\u003c/code\u003e, \u003ccode\u003e[\u003c/code\u003e, \u003ccode\u003e]\u003c/code\u003e, \u003ccode\u003e(\u003c/code\u003e, \u003ccode\u003e)\u003c/code\u003e except when necessary, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/470\"\u003e#470\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/557\"\u003e#557\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eLine and column in exceptions are now formatted as \u003ccode\u003e(X:Y)\u003c/code\u003e instead of\n\u003ccode\u003eat line X, column Y\u003c/code\u003e (also present in compact format), \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/332\"\u003e#332\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eCode snippet created in exceptions now contains multiple lines with line numbers.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edump()\u003c/code\u003e now serializes \u003ccode\u003eundefined\u003c/code\u003e as \u003ccode\u003enull\u003c/code\u003e in collections and removes keys with\n\u003ccode\u003eundefined\u003c/code\u003e in mappings, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/571\"\u003e#571\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edump()\u003c/code\u003e with \u003ccode\u003eskipInvalid=true\u003c/code\u003e now serializes invalid items in collections as null.\u003c/li\u003e\n\u003cli\u003eCustom tags starting with \u003ccode\u003e!\u003c/code\u003e are now dumped as \u003ccode\u003e!tag\u003c/code\u003e instead of \u003ccode\u003e!\u0026lt;!tag\u0026gt;\u003c/code\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/576\"\u003e#576\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eCustom tags starting with \u003ccode\u003etag:yaml.org,2002:\u003c/code\u003e are now shorthanded using \u003ccode\u003e!!\u003c/code\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/258\"\u003e#258\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003e.mjs\u003c/code\u003e (es modules) support.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003equotingType\u003c...\n\n_Description has been truncated_","html_url":"https://github.com/jcstein/next.js/pull/12","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/jcstein%2Fnext.js/issues/12","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/12/packages"}},{"old_version":"3.2.2","new_version":"3.2.3","update_type":"patch","path":null,"pr_created_at":"2026-05-13T23:56:19.000Z","version_change":"3.2.2 → 3.2.3","issue":{"uuid":"4441970213","node_id":"PR_kwDOOeldyM7bUvF1","number":2,"state":"closed","title":"Bump the npm_and_yarn group across 1 directory with 22 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-05-14T04:39:27.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-13T23:56:19.000Z","updated_at":"2026-05-14T04:39:29.000Z","time_to_close":16988,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":22,"packages":[{"name":"@langchain/core","old_version":"0.3.7","new_version":"0.3.80","repository_url":"https://github.com/langchain-ai/langchainjs"},{"name":"@modelcontextprotocol/sdk","old_version":"1.9.0","new_version":"1.26.0","repository_url":"https://github.com/modelcontextprotocol/typescript-sdk"},{"name":"next","old_version":"14.2.25","new_version":"15.5.18","repository_url":"https://github.com/vercel/next.js"},{"name":"postcss","old_version":"8.4.49","new_version":"8.5.10","repository_url":"https://github.com/postcss/postcss"},{"name":"mdast-util-to-hast","old_version":"13.2.0","new_version":"13.2.1","repository_url":"https://github.com/syntax-tree/mdast-util-to-hast"},{"name":"undici","old_version":"6.20.1","new_version":"6.25.0","repository_url":"https://github.com/nodejs/undici"},{"name":"@smithy/config-resolver","old_version":"4.0.1","new_version":"4.5.1","repository_url":"https://github.com/smithy-lang/smithy-typescript"},{"name":"brace-expansion","old_version":"1.1.11","new_version":"1.1.14","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"axios","old_version":"1.8.1","new_version":"1.16.1","repository_url":"https://github.com/axios/axios"},{"name":"yaml","old_version":"2.4.5","new_version":"2.9.0","repository_url":"https://github.com/eemeli/yaml"},{"name":"yaml","old_version":"1.10.2","new_version":"1.10.3","repository_url":"https://github.com/eemeli/yaml"},{"name":"diff","old_version":"5.2.0","new_version":"5.2.2","repository_url":"https://github.com/kpdecker/jsdiff"},{"name":"fast-xml-parser","old_version":"4.4.1","new_version":"5.7.2","repository_url":"https://github.com/NaturalIntelligence/fast-xml-parser"},{"name":"flatted","old_version":"3.3.1","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"glob","old_version":"10.3.10","new_version":"10.5.0","repository_url":"https://github.com/isaacs/node-glob"},{"name":"js-yaml","old_version":"4.1.0","new_version":"4.1.1","repository_url":"https://github.com/nodeca/js-yaml"},{"name":"jws","old_version":"3.2.2","new_version":"3.2.3","repository_url":"https://github.com/brianloveswords/node-jws"},{"name":"lodash","old_version":"4.17.21","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 18 updates in the /apps/rowboat directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [@langchain/core](https://github.com/langchain-ai/langchainjs) | `0.3.7` | `0.3.80` |\n| [@modelcontextprotocol/sdk](https://github.com/modelcontextprotocol/typescript-sdk) | `1.9.0` | `1.26.0` |\n| [next](https://github.com/vercel/next.js) | `14.2.25` | `15.5.18` |\n| [postcss](https://github.com/postcss/postcss) | `8.4.49` | `8.5.10` |\n| [mdast-util-to-hast](https://github.com/syntax-tree/mdast-util-to-hast) | `13.2.0` | `13.2.1` |\n| [undici](https://github.com/nodejs/undici) | `6.20.1` | `6.25.0` |\n| [@smithy/config-resolver](https://github.com/smithy-lang/smithy-typescript/tree/HEAD/packages/config-resolver) | `4.0.1` | `4.5.1` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.14` |\n| [axios](https://github.com/axios/axios) | `1.8.1` | `1.16.1` |\n| [yaml](https://github.com/eemeli/yaml) | `2.4.5` | `2.9.0` |\n| [yaml](https://github.com/eemeli/yaml) | `1.10.2` | `1.10.3` |\n| [diff](https://github.com/kpdecker/jsdiff) | `5.2.0` | `5.2.2` |\n| [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) | `4.4.1` | `5.7.2` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.1` | `3.4.2` |\n| [glob](https://github.com/isaacs/node-glob) | `10.3.10` | `10.5.0` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `4.1.0` | `4.1.1` |\n| [jws](https://github.com/brianloveswords/node-jws) | `3.2.2` | `3.2.3` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n\n\nUpdates `@langchain/core` from 0.3.7 to 0.3.80\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchainjs/commit/2954498b052b3ebc30b8ff37a11db1953f4ae0f0\"\u003e\u003ccode\u003e2954498\u003c/code\u003e\u003c/a\u003e chore(docs): Update llms.text redirect (\u003ca href=\"https://redirect.github.com/langchain-ai/langchainjs/issues/9988\"\u003e#9988\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchainjs/commit/b2f3c2354edc8e9a0386f475839b0e40a21c3cc9\"\u003e\u003ccode\u003eb2f3c23\u003c/code\u003e\u003c/a\u003e fix(docs): v0.3 redirects fix (\u003ca href=\"https://redirect.github.com/langchain-ai/langchainjs/issues/9929\"\u003e#9929\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchainjs/commit/e8fbaf3131a8f5715516e50b92490941c7554abb\"\u003e\u003ccode\u003ee8fbaf3\u003c/code\u003e\u003c/a\u003e add core docs redir\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchainjs/commit/22c28eff1297cfbd1a8189bea9cdf9ad276777a5\"\u003e\u003ccode\u003e22c28ef\u003c/code\u003e\u003c/a\u003e fix(docs): Fix redirects (\u003ca href=\"https://redirect.github.com/langchain-ai/langchainjs/issues/9908\"\u003e#9908\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchainjs/commit/926dc85e9c9b020a80985c38fdee026d6a2b8bde\"\u003e\u003ccode\u003e926dc85\u003c/code\u003e\u003c/a\u003e x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchainjs/commit/dbf05fdc6577bb1e7e1b42d7b9fc293465021140\"\u003e\u003ccode\u003edbf05fd\u003c/code\u003e\u003c/a\u003e fix - sry for spam\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchainjs/commit/6854916777fb83547fdfa734e502e379df05fcb5\"\u003e\u003ccode\u003e6854916\u003c/code\u003e\u003c/a\u003e fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchainjs/commit/c869f64450dfc7fd1d883416d919533d1276eb6a\"\u003e\u003ccode\u003ec869f64\u003c/code\u003e\u003c/a\u003e add index\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchainjs/commit/b29d1940d00a5debb59660812637953ffe97fb12\"\u003e\u003ccode\u003eb29d194\u003c/code\u003e\u003c/a\u003e fix output dir\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchainjs/commit/3605e971bcee5288cf02316311727aae0985d718\"\u003e\u003ccode\u003e3605e97\u003c/code\u003e\u003c/a\u003e null framework\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/langchain-ai/langchainjs/compare/0.3.7...@langchain/core==0.3.80\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~hntrl\"\u003ehntrl\u003c/a\u003e, a new releaser for \u003ccode\u003e@​langchain/core\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@modelcontextprotocol/sdk` from 1.9.0 to 1.26.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/releases\"\u003e@​modelcontextprotocol/sdk's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.26.0\u003c/h2\u003e\n\u003cp\u003eAddresses \u0026quot;Sharing server/transport instances can leak cross-client response data\u0026quot; in this GHSA \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/security/advisories/GHSA-345p-7cg4-v4c7\"\u003ehttps://github.com/modelcontextprotocol/typescript-sdk/security/advisories/GHSA-345p-7cg4-v4c7\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore: bump v1.25.3 for backport fixes by \u003ca href=\"https://github.com/pcarleton\"\u003e\u003ccode\u003e@​pcarleton\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1412\"\u003emodelcontextprotocol/typescript-sdk#1412\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(deps): resolve npm audit vulnerabilities and bump dependencies (v1.x backport) by \u003ca href=\"https://github.com/samuv\"\u003e\u003ccode\u003e@​samuv\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1382\"\u003emodelcontextprotocol/typescript-sdk#1382\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1430\"\u003e#1430\u003c/a\u003e: Client Credentials providers scopes support (backported) by \u003ca href=\"https://github.com/NSeydoux\"\u003e\u003ccode\u003e@​NSeydoux\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1442\"\u003emodelcontextprotocol/typescript-sdk#1442\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: bump version to 1.26.0 by \u003ca href=\"https://github.com/pcarleton\"\u003e\u003ccode\u003e@​pcarleton\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1479\"\u003emodelcontextprotocol/typescript-sdk#1479\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/samuv\"\u003e\u003ccode\u003e@​samuv\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1382\"\u003emodelcontextprotocol/typescript-sdk#1382\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NSeydoux\"\u003e\u003ccode\u003e@​NSeydoux\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1442\"\u003emodelcontextprotocol/typescript-sdk#1442\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/v1.25.3...v1.26.0\"\u003ehttps://github.com/modelcontextprotocol/typescript-sdk/compare/v1.25.3...v1.26.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.25.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[v1.x backport] Use correct schema for client sampling validation when tools are present by \u003ca href=\"https://github.com/olaservo\"\u003e\u003ccode\u003e@​olaservo\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1407\"\u003emodelcontextprotocol/typescript-sdk#1407\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: prevent Hono from overriding global Response object (v1.x) by \u003ca href=\"https://github.com/mattzcarey\"\u003e\u003ccode\u003e@​mattzcarey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1411\"\u003emodelcontextprotocol/typescript-sdk#1411\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/v1.25.2...v1.25.3\"\u003ehttps://github.com/modelcontextprotocol/typescript-sdk/compare/v1.25.2...v1.25.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.25.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eci: trigger workflow on v1.x branch by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1319\"\u003emodelcontextprotocol/typescript-sdk#1319\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: README badges links destinations by \u003ca href=\"https://github.com/antonpk1\"\u003e\u003ccode\u003e@​antonpk1\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/907\"\u003emodelcontextprotocol/typescript-sdk#907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: prevent ReDoS in UriTemplate regex patterns (v1.x backport) by \u003ca href=\"https://github.com/pcarleton\"\u003e\u003ccode\u003e@​pcarleton\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1365\"\u003emodelcontextprotocol/typescript-sdk#1365\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/antonpk1\"\u003e\u003ccode\u003e@​antonpk1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/907\"\u003emodelcontextprotocol/typescript-sdk#907\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/1.25.1...v1.25.2\"\u003ehttps://github.com/modelcontextprotocol/typescript-sdk/compare/1.25.1...v1.25.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e1.25.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003espec types - backwards compatibility changes by \u003ca href=\"https://github.com/KKonstantinov\"\u003e\u003ccode\u003e@​KKonstantinov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1306\"\u003emodelcontextprotocol/typescript-sdk#1306\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: bump version for patch fix by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1307\"\u003emodelcontextprotocol/typescript-sdk#1307\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/1.25.0...1.25.1\"\u003ehttps://github.com/modelcontextprotocol/typescript-sdk/compare/1.25.0...1.25.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e1.25.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003elist changed handlers on client constructor by \u003ca href=\"https://github.com/mattzcarey\"\u003e\u003ccode\u003e@​mattzcarey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1206\"\u003emodelcontextprotocol/typescript-sdk#1206\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRole - moved from inline to reusable type by \u003ca href=\"https://github.com/KKonstantinov\"\u003e\u003ccode\u003e@​KKonstantinov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1221\"\u003emodelcontextprotocol/typescript-sdk#1221\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: use versioned npm tag for non-main branch releases by \u003ca href=\"https://github.com/pcarleton\"\u003e\u003ccode\u003e@​pcarleton\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1236\"\u003emodelcontextprotocol/typescript-sdk#1236\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNo automatic completion support unless needed - Revisited yet again by \u003ca href=\"https://github.com/cliffhall\"\u003e\u003ccode\u003e@​cliffhall\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1237\"\u003emodelcontextprotocol/typescript-sdk#1237\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Support updating output schema by \u003ca href=\"https://github.com/vincent0426\"\u003e\u003ccode\u003e@​vincent0426\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1048\"\u003emodelcontextprotocol/typescript-sdk#1048\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/fe9c07b465871394c7069207c86513df9c1194a4\"\u003e\u003ccode\u003efe9c07b\u003c/code\u003e\u003c/a\u003e chore: bump version to 1.26.0 (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1479\"\u003e#1479\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/4f01e7e0708e1a85ccc7dbf39e850005f2d9ff03\"\u003e\u003ccode\u003e4f01e7e\u003c/code\u003e\u003c/a\u003e fix: add non-null assertions for optional setupServer fields in stateful test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/a05be176cabeae1f933b676e3ce024bf02e2314d\"\u003e\u003ccode\u003ea05be17\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/50d9fa3cd12e807e7963bcb9e1548786d3d5d941\"\u003e\u003ccode\u003e50d9fa3\u003c/code\u003e\u003c/a\u003e Fix \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1430\"\u003e#1430\u003c/a\u003e: Client Credentials providers scopes support (backported) (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1442\"\u003e#1442\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/aa81a66556fb4434d8a6d1b70f7ac9fc40b5d325\"\u003e\u003ccode\u003eaa81a66\u003c/code\u003e\u003c/a\u003e fix(deps): resolve npm audit vulnerabilities and bump dependencies (v1.x back...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/6aba0659654e1ff0699844524595922a61e44cb9\"\u003e\u003ccode\u003e6aba065\u003c/code\u003e\u003c/a\u003e chore: bump v1.25.3 for backport fixes (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1412\"\u003e#1412\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/6e8f7e1a43a819ae230373c62b82228dafd892c6\"\u003e\u003ccode\u003e6e8f7e1\u003c/code\u003e\u003c/a\u003e fix: prevent Hono from overriding global Response object (v1.x) (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1411\"\u003e#1411\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/12ae856cee6ca58499cce24e80f650e78a0c7610\"\u003e\u003ccode\u003e12ae856\u003c/code\u003e\u003c/a\u003e [v1.x backport] Use correct schema for client sampling validation when tools ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/b392f02ffcf37c088dbd114fedf25026ec3913d3\"\u003e\u003ccode\u003eb392f02\u003c/code\u003e\u003c/a\u003e fix: prevent ReDoS in UriTemplate regex patterns (v1.x backport) (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1365\"\u003e#1365\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/a0c9b13484748acab9e5dc8317a7e89c06b52e37\"\u003e\u003ccode\u003ea0c9b13\u003c/code\u003e\u003c/a\u003e fix: README badges links destinations (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/907\"\u003e#907\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/1.9.0...v1.26.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~pcarleton\"\u003epcarleton\u003c/a\u003e, a new releaser for \u003ccode\u003e@​modelcontextprotocol/sdk\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `next` from 14.2.25 to 15.5.18\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vercel/next.js/releases\"\u003enext's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev15.5.18\u003c/h2\u003e\n\u003cp\u003eThis release contains security fixes for the following advisories:\u003c/p\u003e\n\u003cp\u003eHigh:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-8h8q-6873-q5fj\"\u003eGHSA-8h8q-6873-q5fj: Denial of Service with Server Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-267c-6grr-h53f\"\u003eGHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-26hh-7cqf-hhc6\"\u003eGHSA-26hh-7cqf-hhc6: Middleware / Proxy bypass in App Router applications via segment-prefetch routes - Incomplete Fix Follow-Up\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-mg66-mrh9-m8jx\"\u003eGHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-492v-c6pp-mqqv\"\u003eGHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-c4j6-fc7j-m34r\"\u003eGHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-36qx-fr4f-26g5\"\u003eGHSA-36qx-fr4f-26g5: Middleware / Proxy bypass in Pages Router applications using i18n\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eModerate:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-ffhc-5mcf-pf4q\"\u003eGHSA-ffhc-5mcf-pf4q: Cross-site scripting in App Router applications using CSP nonces\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-gx5p-jg67-6x7h\"\u003eGHSA-gx5p-jg67-6x7h: Cross-site scripting in beforeInteractive scripts with untrusted input\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-h64f-5h5j-jqjh\"\u003eGHSA-h64f-5h5j-jqjh: Denial of Service in the Image Optimization API\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-wfc6-r584-vfw7\"\u003eGHSA-wfc6-r584-vfw7: Cache poisoning in React Server Component responses\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eLow:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-vfv6-92ff-j949\"\u003eGHSA-vfv6-92ff-j949: Cache poisoning via collisions in React Server Component cache-busting\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-3g8h-86w9-wvmq\"\u003eGHSA-3g8h-86w9-wvmq: Middleware / Proxy redirects can be cache-poisoned\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev15.5.16\u003c/h2\u003e\n\u003cp\u003eThis release contains security fixes for the following advisories:\u003c/p\u003e\n\u003cp\u003eHigh:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-8h8q-6873-q5fj\"\u003eGHSA-8h8q-6873-q5fj: Denial of Service with Server Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-267c-6grr-h53f\"\u003eGHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-mg66-mrh9-m8jx\"\u003eGHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-492v-c6pp-mqqv\"\u003eGHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-c4j6-fc7j-m34r\"\u003eGHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-36qx-fr4f-26g5\"\u003eGHSA-36qx-fr4f-26g5: Middleware / Proxy bypass in Pages Router applications using i18n\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eModerate:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-ffhc-5mcf-pf4q\"\u003eGHSA-ffhc-5mcf-pf4q: Cross-site scripting in App Router applications using CSP nonces\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-gx5p-jg67-6x7h\"\u003eGHSA-gx5p-jg67-6x7h: Cross-site scripting in beforeInteractive scripts with untrusted input\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-h64f-5h5j-jqjh\"\u003eGHSA-h64f-5h5j-jqjh: Denial of Service in the Image Optimization API\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-wfc6-r584-vfw7\"\u003eGHSA-wfc6-r584-vfw7: Cache poisoning in React Server Component responses\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eLow:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-vfv6-92ff-j949\"\u003eGHSA-vfv6-92ff-j949: Cache poisoning via collisions in React Server Component cache-busting\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-3g8h-86w9-wvmq\"\u003eGHSA-3g8h-86w9-wvmq: Middleware / Proxy redirects can be cache-poisoned\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev15.5.15\u003c/h2\u003e\n\u003cp\u003ePlease refer the following changelogs for more information about this security release:\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://vercel.com/changelog/summary-of-cve-2026-23869\"\u003ehttps://vercel.com/changelog/summary-of-cve-2026-23869\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev15.5.14\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/9ff92cebcaa6ba4e7463b6fd037a8510ba9b81ec\"\u003e\u003ccode\u003e9ff92ce\u003c/code\u003e\u003c/a\u003e v15.5.18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/00ebe23562bd7eb32dd78730984bfadb47138bcf\"\u003e\u003ccode\u003e00ebe23\u003c/code\u003e\u003c/a\u003e [backport] Disable build caches for production/staging/force-preview deploys ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/62c97ab0b5825e2cbc15f6b682d8286a8dd6a038\"\u003e\u003ccode\u003e62c97ab\u003c/code\u003e\u003c/a\u003e v15.5.17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/423623ae38c106273085b66946ee5bf9aab77f2c\"\u003e\u003ccode\u003e423623a\u003c/code\u003e\u003c/a\u003e Turbopack: Match proxy matchers with webpack implementation (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93594\"\u003e#93594\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/fa787399b38d9aa702118f9bd23a8315b9f0ecc6\"\u003e\u003ccode\u003efa78739\u003c/code\u003e\u003c/a\u003e Turbopack: Fix middleware matcher suffix (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93590\"\u003e#93590\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/36e62c6eb7813e42d409eb487f93b829f4ad77e8\"\u003e\u003ccode\u003e36e62c6\u003c/code\u003e\u003c/a\u003e [backport] Turbopack: more strict vergen setup (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93588\"\u003e#93588\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/36589b5db512b7704cdadd873cbe49b6dbcc9261\"\u003e\u003ccode\u003e36589b5\u003c/code\u003e\u003c/a\u003e [backport][test] Pin package manager to patch versions (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93596\"\u003e#93596\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/ad6fd4e50e5aba20b60d283c42b89273a3167ccd\"\u003e\u003ccode\u003ead6fd4e\u003c/code\u003e\u003c/a\u003e v15.5.16\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/79d7dff1448483f0c8f187f98887b31019f6e494\"\u003e\u003ccode\u003e79d7dff\u003c/code\u003e\u003c/a\u003e Ignore malformed CSP nonce headers (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/c4f69086cc8dcbd81b1dbc321c98ea874d90d6f8\"\u003e\u003ccode\u003ec4f6908\u003c/code\u003e\u003c/a\u003e router-server: guard upgrade proxy against absolute-url SSRF (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/77\"\u003e#77\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vercel/next.js/compare/v14.2.25...v15.5.18\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for next since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `postcss` from 8.4.49 to 8.5.10\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/releases\"\u003epostcss's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcessor#version\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map annotation cleaning performance (by CodeAnt AI).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eContainerWithChildren\u003c/code\u003e type discriminating (by \u003ca href=\"https://github.com/Goodwine\"\u003e\u003ccode\u003e@​Goodwine\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epackage.json\u003c/code\u003e→\u003ccode\u003eexports\u003c/code\u003e compatibility with some tools (by \u003ca href=\"https://github.com/JounQin\"\u003e\u003ccode\u003e@​JounQin\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed Parcel compatibility issue (by \u003ca href=\"https://github.com/git-sumitchaudhary\"\u003e\u003ccode\u003e@​git-sumitchaudhary\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded more details to \u003ccode\u003eUnknown word\u003c/code\u003e error (by \u003ca href=\"https://github.com/hiepxanh\"\u003e\u003ccode\u003e@​hiepxanh\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFixed types (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFixed docs (by \u003ca href=\"https://github.com/catnipan\"\u003e\u003ccode\u003e@​catnipan\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed end position of rules with semicolon (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed backwards compatibility for complex cases (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5 “Duke Alloces”\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003ePostCSS 8.5 brought API to work better with non-CSS sources like HTML, Vue.js/Svelte sources or CSS-in-JS.\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e during \u003ca href=\"https://redirect.github.com/postcss/postcss/issues/1995\"\u003ehis work\u003c/a\u003e on \u003ca href=\"https://stylelint.io\"\u003eStylelint\u003c/a\u003e added \u003ccode\u003eInput#document\u003c/code\u003e in additional to \u003ccode\u003eInput#css\u003c/code\u003e.\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003eroot.source.input.document //=\u0026gt; \u0026quot;\u0026lt;p\u0026gt;Hello\u0026lt;/p\u0026gt;\r\n                           //    \u0026lt;style\u0026gt;\r\n                           //    p {\r\n                           //      color: green;\r\n                           //    }\r\n                           //    \u0026lt;/style\u0026gt;\u0026quot;\r\nroot.source.input.css      //=\u0026gt; \u0026quot;p {\r\n                           //      color: green;\r\n                           //    }\u0026quot;\r\n\u003cp\u003e\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt;\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/blob/main/CHANGELOG.md\"\u003epostcss's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcessor#version\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map annotation cleaning performance (by CodeAnt AI).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eContainerWithChildren\u003c/code\u003e type discriminating (by \u003ca href=\"https://github.com/Goodwine\"\u003e\u003ccode\u003e@​Goodwine\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epackage.json\u003c/code\u003e→\u003ccode\u003eexports\u003c/code\u003e compatibility with some tools (by \u003ca href=\"https://github.com/JounQin\"\u003e\u003ccode\u003e@​JounQin\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed Parcel compatibility issue (by \u003ca href=\"https://github.com/git-sumitchaudhary\"\u003e\u003ccode\u003e@​git-sumitchaudhary\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded more details to \u003ccode\u003eUnknown word\u003c/code\u003e error (by \u003ca href=\"https://github.com/hiepxanh\"\u003e\u003ccode\u003e@​hiepxanh\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFixed types (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFixed docs (by \u003ca href=\"https://github.com/catnipan\"\u003e\u003ccode\u003e@​catnipan\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed end position of rules with semicolon (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed backwards compatibility for complex cases (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5 “Duke Alloces”\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003eInput#document\u003c/code\u003e for sources like CSS-in-JS or HTML (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/33b9790263dc1562a46ce45d9532bd63e95b7986\"\u003e\u003ccode\u003e33b9790\u003c/code\u003e\u003c/a\u003e Release 8.5.10 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/536c79e4b01e58a3a56b09c3c0cf2323f4b9a28b\"\u003e\u003ccode\u003e536c79e\u003c/code\u003e\u003c/a\u003e Escape \u0026lt;/style\u0026gt; in CSS output (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2074\"\u003e#2074\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/afa96b2a139ce625c4d27973313479c7c85f39d4\"\u003e\u003ccode\u003eafa96b2\u003c/code\u003e\u003c/a\u003e Update dependencies (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2073\"\u003e#2073\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/effe88bb87cabdc1876e02adbdd30f392f19f40d\"\u003e\u003ccode\u003eeffe88b\u003c/code\u003e\u003c/a\u003e Typo (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2072\"\u003e#2072\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/3ee79a2c4a11e41d52db50b444eebe38299495ad\"\u003e\u003ccode\u003e3ee79a2\u003c/code\u003e\u003c/a\u003e Thread model (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2071\"\u003e#2071\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/2e0683daca4dc2919211b03774f6b2d137136c01\"\u003e\u003ccode\u003e2e0683d\u003c/code\u003e\u003c/a\u003e Create incident response docs (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/fe88ac29c06b7b218be32994cdc6ca1525bdf2c9\"\u003e\u003ccode\u003efe88ac2\u003c/code\u003e\u003c/a\u003e Release 8.5.9 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/c551632496b87ab3f1965bfda5dc386b6c71963e\"\u003e\u003ccode\u003ec551632\u003c/code\u003e\u003c/a\u003e Avoid RegExp when we can use simple JS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/89a6b744060eb8dee743351c785a9fbe37d4525a\"\u003e\u003ccode\u003e89a6b74\u003c/code\u003e\u003c/a\u003e Move SECURITY.txt for docs folder to keep GitHub page cleaner\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/6ceb8a46af9f9de821faee98f861bdf84617347b\"\u003e\u003ccode\u003e6ceb8a4\u003c/code\u003e\u003c/a\u003e Create SECURITY.md\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/postcss/postcss/compare/8.4.49...8.5.10\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `mdast-util-to-hast` from 13.2.0 to 13.2.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/syntax-tree/mdast-util-to-hast/releases\"\u003emdast-util-to-hast's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e13.2.1\u003c/h2\u003e\n\u003ch4\u003eFix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eab3a795 Fix support for spaces in class names\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eTypes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eefb5312 Refactor to use \u003ccode\u003e@import\u003c/code\u003es\u003c/li\u003e\n\u003cli\u003ea5bc210 Add declaration maps\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/syntax-tree/mdast-util-to-hast/compare/13.2.0...13.2.1\"\u003ehttps://github.com/syntax-tree/mdast-util-to-hast/compare/13.2.0...13.2.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/syntax-tree/mdast-util-to-hast/commit/174795b21f7757fffb54dd8d5fb4012f4751f791\"\u003e\u003ccode\u003e174795b\u003c/code\u003e\u003c/a\u003e 13.2.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/syntax-tree/mdast-util-to-hast/commit/3d05b3a715133df55689fe3753c2e47101315b4e\"\u003e\u003ccode\u003e3d05b3a\u003c/code\u003e\u003c/a\u003e Update Node in Actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/syntax-tree/mdast-util-to-hast/commit/ab3a79570a1afbfa7efef5d4a0cd9b5caafbc5d7\"\u003e\u003ccode\u003eab3a795\u003c/code\u003e\u003c/a\u003e Fix support for spaces in class names\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/syntax-tree/mdast-util-to-hast/commit/efb531231020055e0dab7b39a18d80b569d5b566\"\u003e\u003ccode\u003eefb5312\u003c/code\u003e\u003c/a\u003e Refactor to use \u003ccode\u003e@import\u003c/code\u003es\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/syntax-tree/mdast-util-to-hast/commit/a5bc210f1aa308e4c6141ac374893c9237fcd746\"\u003e\u003ccode\u003ea5bc210\u003c/code\u003e\u003c/a\u003e Add declaration maps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/syntax-tree/mdast-util-to-hast/commit/b54955d4e123b0167eac13646333c809bb8f301c\"\u003e\u003ccode\u003eb54955d\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003e.tsbuildinfo\u003c/code\u003e to \u003ccode\u003e.gitignore\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/syntax-tree/mdast-util-to-hast/compare/13.2.0...13.2.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `undici` from 6.20.1 to 6.25.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodejs/undici/releases\"\u003eundici's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.25.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v6.24.1...v6.25.0\"\u003ehttps://github.com/nodejs/undici/compare/v6.24.1...v6.25.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.24.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v6.24.0...v6.24.1\"\u003ehttps://github.com/nodejs/undici/compare/v6.24.0...v6.24.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.24.0\u003c/h2\u003e\n\u003ch1\u003eUndici v6.24.0 Security Release Notes (LTS)\u003c/h1\u003e\n\u003cp\u003eThis release backports fixes for security vulnerabilities affecting the v6 line.\u003c/p\u003e\n\u003ch2\u003eUpgrade guidance\u003c/h2\u003e\n\u003cp\u003eAll users on v6 should upgrade to \u003cstrong\u003ev6.24.0\u003c/strong\u003e or later.\u003c/p\u003e\n\u003ch2\u003eFixed advisories\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-6q6p-2qxm\"\u003eGHSA-2mjp-6q6p-2qxm\u003c/a\u003e / CVE-2026-1525 (Medium)\u003cbr /\u003e\nInconsistent interpretation of HTTP requests (request/response smuggling class issue).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj\"\u003eGHSA-f269-vfmq-vjvj\u003c/a\u003e / CVE-2026-1528 (High)\u003cbr /\u003e\nMalicious WebSocket 64-bit frame length handling could crash the client.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-4992-7rv2-5pvq\"\u003eGHSA-4992-7rv2-5pvq\u003c/a\u003e / CVE-2026-1527 (Medium)\u003cbr /\u003e\nCRLF injection via the \u003ccode\u003eupgrade\u003c/code\u003e option.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8\"\u003eGHSA-v9p9-hfj2-hcw8\u003c/a\u003e / CVE-2026-2229 (High)\u003cbr /\u003e\nUnhandled exception from invalid \u003ccode\u003eserver_max_window_bits\u003c/code\u003e in WebSocket permessage-deflate negotiation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q\"\u003eGHSA-vrm6-8vpv-qv8q\u003c/a\u003e / CVE-2026-1526 (High)\u003cbr /\u003e\nUnbounded memory consumption in WebSocket permessage-deflate decompression.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNot applicable to v6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-phc3-fgpg-7m6h\"\u003eGHSA-phc3-fgpg-7m6h\u003c/a\u003e / CVE-2026-2581 affects \u003ccode\u003e\u0026gt;= 7.17.0 \u0026lt; 7.24.0\u003c/code\u003e only.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAffected and patched ranges (v6)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-1525: affected \u003ccode\u003e\u0026lt; 6.24.0\u003c/code\u003e, patched \u003ccode\u003e6.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1528: affected \u003ccode\u003e\u0026gt;= 6.0.0 \u0026lt; 6.24.0\u003c/code\u003e, patched \u003ccode\u003e6.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1527: affected \u003ccode\u003e\u0026lt; 6.24.0\u003c/code\u003e, patched \u003ccode\u003e6.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-2229: affected \u003ccode\u003e\u0026lt; 6.24.0\u003c/code\u003e, patched \u003ccode\u003e6.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1526: affected \u003ccode\u003e\u0026lt; 6.24.0\u003c/code\u003e, patched \u003ccode\u003e6.24.0\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eReferences\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eGitHub Security Advisories: \u003ca href=\"https://github.com/nodejs/undici/security/advisories\"\u003ehttps://github.com/nodejs/undici/security/advisories\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/3420499cad88e72e04972b7bb28dd9f2ec2638ac\"\u003e\u003ccode\u003e3420499\u003c/code\u003e\u003c/a\u003e Bumped v6.25.0 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/5029\"\u003e#5029\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/d7a1e55fbe9607e8b56a10b4be129ca63d16014b\"\u003e\u003ccode\u003ed7a1e55\u003c/code\u003e\u003c/a\u003e feat: add configurable maxPayloadSize for WebSocket (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4955\"\u003e#4955\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/a9d1848fa18d351813e9563bb7653acf1e3c60ad\"\u003e\u003ccode\u003ea9d1848\u003c/code\u003e\u003c/a\u003e Do not mark v6.x releases as latest\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/01265866974369f75f939109969097e45e72b1e1\"\u003e\u003ccode\u003e0126586\u003c/code\u003e\u003c/a\u003e Ignore local agent configuration files\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/c0cf656ef5e66f7372a7e57d08c6cbdd5b127e82\"\u003e\u003ccode\u003ec0cf656\u003c/code\u003e\u003c/a\u003e Bumped v6.24.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/f5a9f0ccbe958e7d0cfd7b63a9a8d195378ac6f6\"\u003e\u003ccode\u003ef5a9f0c\u003c/code\u003e\u003c/a\u003e Fix v6 release workflow branch targeting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/af2cb8fe01320f189394bef193c2d5b441fcfe6f\"\u003e\u003ccode\u003eaf2cb8f\u003c/code\u003e\u003c/a\u003e wqremove maxDecompressedMessageSize (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4891\"\u003e#4891\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/8873c947271faf1ebc455bdc6158ecbc022ecfa9\"\u003e\u003ccode\u003e8873c94\u003c/code\u003e\u003c/a\u003e Bumped v6.24.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/411bd01a42e7917009bbf686f7628b99d67bbce9\"\u003e\u003ccode\u003e411bd01\u003c/code\u003e\u003c/a\u003e test(websocket): use node:assert for Node 18 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/844bf59699d778944f78a24ae819c0e8f295766e\"\u003e\u003ccode\u003e844bf59\u003c/code\u003e\u003c/a\u003e test: fix http2 lint regressions in backport\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nodejs/undici/compare/v6.20.1...v6.25.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for undici since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@smithy/config-resolver` from 4.0.1 to 4.5.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/smithy-lang/smithy-typescript/releases\"\u003e@​smithy/config-resolver's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ccode\u003e@​smithy/config-resolver\u003c/code\u003e\u003ca href=\"https://github.com/4\"\u003e\u003ccode\u003e@​4\u003c/code\u003e\u003c/a\u003e.5.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated dependencies [2dc5cf6]\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [1d0ff86]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​smithy/core\u003c/code\u003e\u003ca href=\"https://github.com/3\"\u003e\u003ccode\u003e@​3\u003c/code\u003e\u003c/a\u003e.24.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/smithy-lang/smithy-typescript/blob/main/packages/config-resolver/CHANGELOG.md\"\u003e@​smithy/config-resolver's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.5.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated dependencies [2dc5cf6]\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [1d0ff86]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​smithy/core\u003c/code\u003e\u003ca href=\"https://github.com/3\"\u003e\u003ccode\u003e@​3\u003c/code\u003e\u003c/a\u003e.24.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.5.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e540aeb4: consolidate core/retry and related cleanup\u003c/li\u003e\n\u003cli\u003e4f30af1: consolidation for core/protocols\u003c/li\u003e\n\u003cli\u003e62fed78: package consolidation for core/config\u003c/li\u003e\n\u003cli\u003ef21bf6b: consolidate packages into core/client\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e0be0b36: clean up exported API surface\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [ee92b6b]\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [540aeb4]\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [0be0b36]\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [4f30af1]\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [8963b91]\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [fb323fb]\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [9194e9f]\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [7ec62a0]\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [62fed78]\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [cad44fc]\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [545589a]\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [f21bf6b]\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [7fd6ac0]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​smithy/core\u003c/code\u003e\u003ca href=\"https://github.com/3\"\u003e\u003ccode\u003e@​3\u003c/code\u003e\u003c/a\u003e.24.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/smithy-lang/smithy-typescript/commit/6b733627f88522b81d2f264a25967752d516b872\"\u003e\u003ccode\u003e6b73362\u003c/code\u003e\u003c/a\u003e Version NPM packages\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/smithy-lang/smithy-typescript/commit/bf13524f10a780d7404e16686d439caf9ee871f0\"\u003e\u003ccode\u003ebf13524\u003c/code\u003e\u003c/a\u003e chore(packages): add build:types standalone script to stub packages (\u003ca href=\"https://github.com/smithy-lang/smithy-typescript/tree/HEAD/packages/config-resolver/issues/2019\"\u003e#2019\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/smithy-lang/smithy-typescript/commit/e1bede0f47296cdd8d93a715304979a63b51ec8c\"\u003e\u003ccode\u003ee1bede0\u003c/code\u003e\u003c/a\u003e Version NPM packages\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/smithy-lang/smithy-typescript/commit/0be0b361fa588240e7c8998046385963d391030a\"\u003e\u003ccode\u003e0be0b36\u003c/code\u003e\u003c/a\u003e chore(scripts): add type symbols to api snapshot (\u003ca href=\"https://github.com/smithy-lang/smithy-typescript/tree/HEAD/packages/config-resolver/issues/2004\"\u003e#2004\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/smithy-lang/smithy-typescript/commit/540aeb4a66e9a7cfe14dde87a14c6557580a6974\"\u003e\u003ccode\u003e540aeb4\u003c/code\u003e\u003c/a\u003e chore(core/retry): consolidate packages (\u003ca href=\"https://github.com/smithy-lang/smithy-typescript/tree/HEAD/packages/config-resolver/issues/2002\"\u003e#2002\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/smithy-lang/smithy-typescript/commit/62fed781fa0fdfca43b02b7ab5031be52545e3e0\"\u003e\u003ccode\u003e62fed78\u003c/code\u003e\u003c/a\u003e chore(core/config): consolidate packages (\u003ca href=\"https://github.com/smithy-lang/smithy-typescript/tree/HEAD/packages/config-resolver/issues/1992\"\u003e#1992\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/smithy-lang/smithy-typescript/commit/f21bf6b04e98711aae56aa497e956a4f7c579a12\"\u003e\u003ccode\u003ef21bf6b\u003c/code\u003e\u003c/a\u003e chore(core/client): package consolidation (\u003ca href=\"https://github.com/smithy-lang/smithy-typescript/tree/HEAD/packages/config-resolver/issues/1991\"\u003e#1991\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/smithy-lang/smithy-typescript/commit/c077b47b045f90382003cab83b3bec14cbc1ec29\"\u003e\u003ccode\u003ec077b47\u003c/code\u003e\u003c/a\u003e Version NPM packages\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/smithy-lang/smithy-typescript/commit/a5194303d19d5b5e4a7e3f08374768f3a507f800\"\u003e\u003ccode\u003ea519430\u003c/code\u003e\u003c/a\u003e Version NPM packages\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/smithy-lang/smithy-typescript/commit/77e352f51cba8f14e98b55fe6527457776649f75\"\u003e\u003ccode\u003e77e352f\u003c/code\u003e\u003c/a\u003e Version NPM packages\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/smithy-lang/smithy-typescript/commits/@smithy/config-resolver@4.5.1/packages/config-resolver\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `brace-expansion` from 1.1.11 to 1.1.14\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/juliangruber/brace-expansion/releases\"\u003ebrace-expansion's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.1.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003epkg: publish on tag 1.x  c460dbd\u003c/li\u003e\n\u003cli\u003efmt  ccb8ac6\u003c/li\u003e\n\u003cli\u003eFix potential ReDoS Vulnerability or Inefficient Regular Expression (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/65\"\u003e#65\u003c/a\u003e)  c3c73c8\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v1.1.11...v1.1.12\"\u003ehttps://github.com/juliangruber/brace-expansion/compare/v1.1.11...v1.1.12\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/10c05fcf3699b1a29ef5e611c011af3d3c97e6e3\"\u003e\u003ccode\u003e10c05fc\u003c/code\u003e\u003c/a\u003e 1.1.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/1afa1b22ead12f6a7a02f25bf0f7d64c2439b007\"\u003e\u003ccode\u003e1afa1b2\u003c/code\u003e\u003c/a\u003e Add opt-in { max } mitigation to v1 legacy line (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/2fbb6a2aa0f984bb2fb5f60252ca6cba3e1368ec\"\u003e\u003ccode\u003e2fbb6a2\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/0d7652e3093d3273151729812f9b0b79a17ecba6\"\u003e\u003ccode\u003e0d7652e\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/6c353caf23beb9644f858eb3fe38d43a68b82898\"\u003e\u003ccode\u003e6c353ca\u003c/code\u003e\u003c/a\u003e 1.1.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2\"\u003e\u003ccode\u003e7fd684f\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-f886-m6hf-6m8v (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/95\"\u003e#95\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/44f33b47c5c6a965d507421af43e86cf5971d711\"\u003e\u003ccode\u003e44f33b4\u003c/code\u003e\u003c/a\u003e 1.1.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/c460dbd68e428d147b2080622d8ce126c7a08570\"\u003e\u003ccode\u003ec460dbd\u003c/code\u003e\u003c/a\u003e pkg: publish on tag 1.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/ccb8ac6d4292b7661b677fe048ba6690c877f51f\"\u003e\u003ccode\u003eccb8ac6\u003c/code\u003e\u003c/a\u003e fmt\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/c3c73c8b088defc70851843be88ccc3af08e7217\"\u003e\u003ccode\u003ec3c73c8\u003c/code\u003e\u003c/a\u003e Fix potential ReDoS Vulnerability or Inefficient Regular Expression (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/65\"\u003e#65\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/1.1.11...v1.1.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `axios` from 1.8.1 to 1.16.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/releases\"\u003eaxios's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.16.1 — May 13, 2026\u003c/h2\u003e\n\u003cp\u003eThis release ships a defence-in-depth fix for prototype pollution in \u003ccode\u003eformDataToJSON\u003c/code\u003e, hardens proxy and CI workflows, restores Webpack 4 compatibility for the fetch adapter, and includes several small bug fixes and maintenance improvements.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution Defence-in-Depth:\u003c/strong\u003e Hardened \u003ccode\u003eformDataToJSON\u003c/code\u003e against already-polluted \u003ccode\u003eObject.prototype\u003c/code\u003e by walking own properties only, so attacker-controlled keys inherited from a poisoned prototype cannot propagate through deserialization. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7413\"\u003e#7413\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProxy Cleartext Leak:\u003c/strong\u003e Fixed an issue where HTTPS request data could be transmitted in cleartext to an HTTP proxy under certain configurations. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10858\"\u003e#10858\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eCI Cache Removal:\u003c/strong\u003e Removed all GitHub Actions caches as a defence-in-depth measure against cache poisoning vectors in the build pipeline. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10882\"\u003e#10882\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eData URI Parsing:\u003c/strong\u003e Updated the \u003ccode\u003efromDataURI\u003c/code\u003e regex to match RFC 2397 more strictly, fixing edge cases in \u003ccode\u003edata:\u003c/code\u003e URL handling. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10829\"\u003e#10829\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUnicode Headers:\u003c/strong\u003e Preserved Unicode header values when running through request interceptors, so non-ASCII header content is no longer corrupted before dispatch. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10850\"\u003e#10850\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eXHR Upload Progress:\u003c/strong\u003e Guarded against malformed \u003ccode\u003eProgressEvent\u003c/code\u003e payloads emitted by some environments during XHR upload, preventing crashes when \u003ccode\u003eloaded\u003c/code\u003e / \u003ccode\u003etotal\u003c/code\u003e are missing or invalid. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10868\"\u003e#10868\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eWebpack 4 Fetch Adapter:\u003c/strong\u003e Fixed an \u0026quot;unexpected token\u0026quot; error caused by syntax in the fetch adapter that Webpack 4 could not parse, restoring compatibility for legacy bundler users. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10864\"\u003e#10864\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eType Definitions:\u003c/strong\u003e Made \u003ccode\u003eparseReviver\u003c/code\u003e \u003ccode\u003econtext.source\u003c/code\u003e optional in the type definitions to align with the ES2023 specification. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10837\"\u003e#10837\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eURL Object Support Reverted:\u003c/strong\u003e Reverted the change that allowed passing a \u003ccode\u003eURL\u003c/code\u003e object as \u003ccode\u003econfig.url\u003c/code\u003e (originally \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e\u003c/strong\u003e) due to regressions; this support will be reintroduced in a later release once the underlying issues are addressed. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10874\"\u003e#10874\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eCycle Detection Refactor:\u003c/strong\u003e Replaced the array-based cycle tracker in \u003ccode\u003etoJSONObject\u003c/code\u003e with a \u003ccode\u003eWeakSet\u003c/code\u003e, improving performance and memory behaviour on large nested structures. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10832\"\u003e#10832\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecomposeSignals Cleanup:\u003c/strong\u003e Refactored \u003ccode\u003ecomposeSignals\u003c/code\u003e to use a clearer early-return structure, simplifying the cancellation/abort composition path. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10844\"\u003e#10844\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eAI Readiness \u0026amp; Repo Docs:\u003c/strong\u003e Added \u003ccode\u003eAGENTS.md\u003c/code\u003e and related contributor-guide updates for both human and AI agents, plus post-release documentation improvements. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10835\"\u003e#10835\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10841\"\u003e#10841\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDocs Improvements:\u003c/strong\u003e Clarified the GET request example, fixed the interceptor \u003ccode\u003eeject\u003c/code\u003e example to reference the correct instance, and corrected the Buzzoid sponsor description in the README. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10836\"\u003e#10836\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10853\"\u003e#10853\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10856\"\u003e#10856\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSponsorship Tooling:\u003c/strong\u003e Fixed empty sponsor arrays in the sponsor processing script, added the ability to inject additional sponsors, updated the sponsorship link, and added a Twicsy advertisement entry. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10843\"\u003e#10843\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10859\"\u003e#10859\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10869\"\u003e#10869\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDependencies:\u003c/strong\u003e Bumped \u003ccode\u003e@commitlint/cli\u003c/code\u003e from 20.5.0 to 20.5.2. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10846\"\u003e#10846\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🌟 New Contributors\u003c/h2\u003e\n\u003cp\u003eWe are thrilled to welcome our new contributors. Thank you for helping improve axios:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/hpinmetaverse\"\u003e\u003ccode\u003e@​hpinmetaverse\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10836\"\u003e#10836\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/tommyhgunz14\"\u003e\u003ccode\u003e@​tommyhgunz14\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7413\"\u003e#7413\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/abhu85\"\u003e\u003ccode\u003e@​abhu85\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10829\"\u003e#10829\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/divyanshuraj1095\"\u003e\u003ccode\u003e@​divyanshuraj1095\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10853\"\u003e#10853\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/sagodi97\"\u003e\u003ccode\u003e@​sagodi97\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10856\"\u003e#10856\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/rkdfx\"\u003e\u003ccode\u003e@​rkdfx\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10868\"\u003e#10868\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/Liuwei1125\"\u003e\u003ccode\u003e@​Liuwei1125\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/axios/axios/compare/v1.16.0...v1.16.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.16.0 — May 2, 2026\u003c/h2\u003e\n\u003cp\u003eThis release adds support for the QUERY HTTP method and a new \u003ccode\u003eECONNREFUSED\u003c/code\u003e error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.\u003c/p\u003e\n\u003ch2\u003e⚠️ Notable Changes\u003c/h2\u003e\n\u003cp\u003eA handful of fixes in this release are either security-adjacent or change observable behaviour. Please review before upgrading:\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/blob/v1.x/CHANGELOG.md\"\u003eaxios's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003ev1.16.0 — May 2, 2026\u003c/h2\u003e\n\u003cp\u003eThis release adds support for the QUERY HTTP method and a new \u003ccode\u003eECONNREFUSED\u003c/code\u003e error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.\u003c/p\u003e\n\u003ch2\u003e⚠️ Notable Changes\u003c/h2\u003e\n\u003cp\u003eA handful of fixes in this release are either security-adjacent or change observable behaviour. Please review before upgrading:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFetch adapter now enforces \u003ccode\u003emaxBodyLength\u003c/code\u003e and \u003ccode\u003emaxContentLength\u003c/code\u003e.\u003c/strong\u003e These limits were silently ignored on the fetch adapter prior to 1.16.0 — anyone relying on them as a safety net (DoS protection, accidental large uploads) had no protection. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10795\"\u003e#10795\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProxy requests now preserve user-supplied \u003ccode\u003eHost\u003c/code\u003e headers.\u003c/strong\u003e Previously, the proxy path could overwrite a custom \u003ccode\u003eHost\u003c/code\u003e. Virtual-host-style routing through a proxy will now behave correctly. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10822\"\u003e#10822\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBasic auth credentials embedded in URLs are now URL-decoded.\u003c/strong\u003e If you have percent-encoded credentials in a URL (e.g. \u003ccode\u003ehttps://user:p%40ss@host\u003c/code\u003e), the decoded value is what now goes on the wire. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10825\"\u003e#10825\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eparseProtocol\u003c/code\u003e now strictly requires a colon in the protocol separator.\u003c/strong\u003e Strings that loosely parsed as protocols before may no longer match. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10729\"\u003e#10729\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDeprecated \u003ccode\u003eunescape()\u003c/code\u003e replaced with modern UTF-8 encoding.\u003c/strong\u003e Non-ASCII URL handling is now spec-correct; consumers depending on legacy \u003ccode\u003eunescape()\u003c/code\u003e quirks may see different output bytes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7378\"\u003e#7378\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003etransformRequest\u003c/code\u003e input typing change was reverted.\u003c/strong\u003e The typing change introduced in \u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e was reverted in \u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e after follow-up review — net behavior is unchanged from 1.15.2. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eQUERY HTTP Method:\u003c/strong\u003e Added support for the QUERY HTTP method across adapters and type definitions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10802\"\u003e#10802\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eECONNREFUSED Error Constant:\u003c/strong\u003e Exposed \u003ccode\u003eECONNREFUSED\u003c/code\u003e as a constant on \u003ccode\u003eAxiosError\u003c/code\u003e so callers can match connection-refused failures without comparing string literals (closes \u003ca href=\"https://redirect.github.com/axios/axios/issues/6485\"\u003e#6485\u003c/a\u003e). (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10680\"\u003e#10680\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eEncode Helper Export:\u003c/strong\u003e Exported the internal \u003ccode\u003eencode\u003c/code\u003e helper from \u003ccode\u003ebuildURL\u003c/code\u003e so userland param serializers can reuse the same encoding logic that axios uses internally. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6897\"\u003e#6897\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP Adapter — Redirects \u0026amp; Headers:\u003c/strong\u003e Cleared stale headers when a redirect targets a no-proxy host, fixed the redirect listener chain so listeners no longer stack across hops, restored the missing \u003ccode\u003erequestDetails\u003c/code\u003e argument on \u003ccode\u003ebeforeRedirect\u003c/code\u003e, preserved user-supplied \u003ccode\u003eHost\u003c/code\u003e headers when forwarding through a proxy, and properly URL-decoded basic auth credentials. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10794\"\u003e#10794\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10800\"\u003e#10800\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6241\"\u003e#6241\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10822\"\u003e#10822\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10825\"\u003e#10825\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP Adapter — Streams \u0026amp; Timeouts:\u003c/strong\u003e Preserved the partial response object on \u003ccode\u003eAxiosError\u003c/code\u003e when a stream is aborted after headers arrive, honoured the \u003ccode\u003etimeout\u003c/code\u003e option during the connect phase when redirects are disabled, and resolved an unsettled-promise hang when an aborted request was combined with compression and \u003ccode\u003emaxRedirects: 0\u003c/code\u003e. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10708\"\u003e#10708\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10819\"\u003e#10819\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7149\"\u003e#7149\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eFetch Adapter:\u003c/strong\u003e Enforced \u003ccode\u003emaxBodyLength\u003c/code\u003e / \u003ccode\u003emaxContentLength\u003c/code\u003e in the fetch adapter, set the \u003ccode\u003eUser-Agent\u003c/code\u003e header to match the HTTP adapter, preserved the original abort reason instead of replacing it with a generic error, and deferred global access so importing the module no longer throws a \u003ccode\u003eTypeError\u003c/code\u003e in restricted environments. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10795\"\u003e#10795\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10772\"\u003e#10772\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10806\"\u003e#10806\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7260\"\u003e#7260\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eXHR Adapter:\u003c/strong\u003e Unsubscribed the \u003ccode\u003ecancelToken\u003c/code\u003e and \u003ccode\u003eAbortSignal\u003c/code\u003e listeners on the error, timeout, and abort code paths to prevent leaked subscriptions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10787\"\u003e#10787\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eError Handling:\u003c/strong\u003e Attached the parsed response to \u003ccode\u003eAxiosError\u003c/code\u003e when \u003ccode\u003eJSON.parse\u003c/code\u003e fails inside \u003ccode\u003edispatchRequest\u003c/code\u003e, prevented \u003ccode\u003esettle\u003c/code\u003e from emitting \u003ccode\u003eundefined\u003c/code\u003e error codes, and tightened the \u003ccode\u003eparseProtocol\u003c/code\u003e regex to require a colon in the protocol separator. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10724\"\u003e#10724\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7276\"\u003e#7276\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10729\"\u003e#10729\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTypes \u0026amp; Exports:\u003c/strong\u003e Aligned the CommonJS \u003ccode\u003eCancelToken\u003c/code\u003e typings with the ESM build, fixed a compiler error caused by \u003ccode\u003eRawAxiosHeaders\u003c/code\u003e, and re-exported \u003ccode\u003ecreate\u003c/code\u003e from the package index. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7414\"\u003e#7414\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6389\"\u003e#6389\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6460\"\u003e#6460\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUTF-8 Encoding:\u003c/strong\u003e Replaced the deprecated \u003ccode\u003eunescape()\u003c/code\u003e call with a modern UTF-8 encoding implementation. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7378\"\u003e#7378\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eMisc Cleanup:\u003c/strong\u003e Resolved a batch of small inconsistencies and gadget-level issues across the codebase. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10833\"\u003e#10833\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRefactor — ES6 Modernisation:\u003c/strong\u003e Modernised the \u003ccode\u003eutils\u003c/code\u003e module and XHR adapter to use ES6 features, and tidied the multipart boundary error message. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10588\"\u003e#10588\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7419\"\u003e#7419\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTests:\u003c/strong\u003e Hardened the HTTP test server lifecycle to fix flaky \u003ccode\u003eFormData\u003c/code\u003e EPIPE failures, fixed Win32 platform support for the pipe tests, and corrected an incorrect test assumption. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10820\"\u003e#10820\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10791\"\u003e#10791\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10796\"\u003e#10796\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDocs:\u003c/strong\u003e Documented \u003ccode\u003eparamsSerializer.encode\u003c/code\u003e for strict RFC 3986 query encoding, updated the \u003ccode\u003eparseReviver\u003c/code\u003e TypeScript definitions and configuration docs for ES2023, added timeout guidance to the README's first async example, and expanded notes around the recent type changes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10821\"\u003e#10821\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10782\"\u003e#10782\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10759\"\u003e#10759\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10804\"\u003e#10804\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eReverted:\u003c/strong\u003e Reverted the \u003ccode\u003etransformRequest\u003c/code\u003e input typing change from \u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e after follow-up review. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDependencies:\u003c/strong\u003e Bumped \u003ccode\u003eactions/setup-node\u003c/code\u003e, the \u003ccode\u003egithub-actions\u003c/code\u003e group, and \u003ccode\u003epostcss\u003c/code\u003e (in \u003ccode\u003e/docs\u003c/code\u003e) to their latest versions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10785\"\u003e#10785\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10813\"\u003e#10813\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10814\"\u003e#10814\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRelease:\u003c/strong\u003e Updated changelog and packages, and prepared the 1.16.0 release. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10790\"\u003e#10790\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10834\"\u003e#10834\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🌟 New Contributors\u003c/h2\u003e\n\u003cp\u003eWe are thrilled to welcome our new contributors. Thank you for helping improve axios:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/singhankit001\"\u003e\u003ccode\u003e@​singhankit001\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10588\"\u003e#10588\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/cuiweixie\"\u003e\u003ccode\u003e@​cuiweixie\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7419\"\u003e#7419\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/iruizsalinas\"\u003e\u003ccode\u003e@​iruizsalinas\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10787\"\u003e#10787\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/1337d6b537afb2d3f501074c8ac4ef4308221197\"\u003e\u003ccode\u003e1337d6b\u003c/code\u003e\u003c/a\u003e chore(release): prepare release 1.16.1 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10877\"\u003e#10877\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/858a790cec06054547d0d3f941916d6fb2a4d18e\"\u003e\u003ccode\u003e858a790\u003c/code\u003e\u003c/a\u003e fix: remove all caches (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10882\"\u003e#10882\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/34adfd90efc9c145488399e1cf7fa96de67080fa\"\u003e\u003ccode\u003e34adfd9\u003c/code\u003e\u003c/a\u003e revert: \u0026quot;fix: support URL object as config.url input (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10874\"\u003e#10874\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/847d89b43654405d9a231e0b669832c2092b621f\"\u003e\u003ccode\u003e847d89b\u003c/code\u003e\u003c/a\u003e fix: support URL object as config.url input (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/40948863677bb793bfff0293cce7e7b4f8a1b212\"\u003e\u003ccode\u003e4094886\u003c/code\u003e\u003c/a\u003e fix(progress): guard malformed XHR upload events (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10868\"\u003e#10868\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/44f0c5bf73c45df6009365141faa394d73596bd7\"\u003e\u003ccode\u003e44f0c5b\u003c/code\u003e\u003c/a\u003e chore: change sponsorship link and add Twicsy advertisement (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10869\"\u003e#10869\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/64e1095efedc64c9fecf5176bd9cf2e5e93140d6\"\u003e\u003ccode\u003e64e1095\u003c/code\u003e\u003c/a\u003e chore: update PR and issue template to use h2 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10865\"\u003e#10865\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/3e6b4e1f311b43aa1dc77d78150a601d9fe4b280\"\u003e\u003ccode\u003e3e6b4e1\u003c/code\u003e\u003c/a\u003e fix: error unexpected token in fetch JS compatibility issue with Webpack 4 (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/c4453bab70f53575175903aee60810c821f72129\"\u003e\u003ccode\u003ec4453ba\u003c/code\u003e\u003c/a\u003e fix: add t...\n\n_Description has been truncated_","html_url":"https://github.com/HarleyCoops/rowboat/pull/2","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/HarleyCoops%2Frowboat/issues/2","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2/packages"}},{"old_version":"4.0.0","new_version":"4.0.1","update_type":"patch","path":null,"pr_created_at":"2026-05-13T10:33:31.000Z","version_change":"4.0.0 → 4.0.1","issue":{"uuid":"4437096936","node_id":"PR_kwDOQ1tNM87bEwVq","number":15,"state":"closed","title":"chore(deps): bump the npm_and_yarn group across 2 directories with 22 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-22T10:42:06.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-13T10:33:31.000Z","updated_at":"2026-05-22T10:42:08.000Z","time_to_close":778115,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"npm_and_yarn","update_count":22,"packages":[{"name":"simple-git","old_version":"3.28.0","new_version":"3.36.0","repository_url":"https://github.com/steveukx/git-js"},{"name":"tar","old_version":"7.5.2","new_version":"7.5.11","repository_url":"https://github.com/isaacs/node-tar"},{"name":"uuid","old_version":"13.0.0","new_version":"14.0.0","repository_url":"https://github.com/uuidjs/uuid"},{"name":"@modelcontextprotocol/sdk","old_version":"1.23.0","new_version":"1.29.0","repository_url":"https://github.com/modelcontextprotocol/typescript-sdk"},{"name":"diff","old_version":"7.0.0","new_version":"9.0.0","repository_url":"https://github.com/kpdecker/jsdiff"},{"name":"undici","old_version":"7.15.0","new_version":"7.25.0","repository_url":"https://github.com/nodejs/undici"},{"name":"ajv","old_version":"8.17.1","new_version":"8.18.0","repository_url":"https://github.com/ajv-validator/ajv"},{"name":"picomatch","old_version":"4.0.3","new_version":"4.0.4","repository_url":"https://github.com/micromatch/picomatch"},{"name":"@isaacs/brace-expansion","old_version":"5.0.0","new_version":"5.0.1"},{"name":"brace-expansion","old_version":"1.1.12","new_version":"1.1.14","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"minimatch","old_version":"3.1.2","new_version":"3.1.5","repository_url":"https://github.com/isaacs/minimatch"},{"name":"fast-uri","old_version":"3.0.6","new_version":"3.1.2","repository_url":"https://github.com/fastify/fast-uri"},{"name":"fast-xml-parser","old_version":"4.5.3","new_version":"5.8.0","repository_url":"https://github.com/NaturalIntelligence/fast-xml-parser"},{"name":"flatted","old_version":"3.3.3","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"jws","old_version":"4.0.0","new_version":"4.0.1","repository_url":"https://github.com/brianloveswords/node-jws"},{"name":"jws","old_version":"3.2.2","new_version":"3.2.3","repository_url":"https://github.com/brianloveswords/node-jws"},{"name":"lodash","old_version":"4.17.21","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"rollup","old_version":"4.53.2","new_version":"4.60.3","repository_url":"https://github.com/rollup/rollup"},{"name":"vite","old_version":"7.2.2","new_version":"7.3.3","repository_url":"https://github.com/vitejs/vite"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 18 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [simple-git](https://github.com/steveukx/git-js/tree/HEAD/simple-git) | `3.28.0` | `3.36.0` |\n| [tar](https://github.com/isaacs/node-tar) | `7.5.2` | `7.5.11` |\n| [uuid](https://github.com/uuidjs/uuid) | `13.0.0` | `14.0.0` |\n| [@modelcontextprotocol/sdk](https://github.com/modelcontextprotocol/typescript-sdk) | `1.23.0` | `1.29.0` |\n| [diff](https://github.com/kpdecker/jsdiff) | `7.0.0` | `9.0.0` |\n| [undici](https://github.com/nodejs/undici) | `7.15.0` | `7.25.0` |\n| [ajv](https://github.com/ajv-validator/ajv) | `8.17.1` | `8.18.0` |\n| [picomatch](https://github.com/micromatch/picomatch) | `4.0.3` | `4.0.4` |\n| @isaacs/brace-expansion | `5.0.0` | `5.0.1` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.12` | `1.1.14` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [fast-uri](https://github.com/fastify/fast-uri) | `3.0.6` | `3.1.2` |\n| [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) | `4.5.3` | `5.8.0` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` |\n| [jws](https://github.com/brianloveswords/node-jws) | `4.0.0` | `4.0.1` |\n| [jws](https://github.com/brianloveswords/node-jws) | `3.2.2` | `3.2.3` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [rollup](https://github.com/rollup/rollup) | `4.53.2` | `4.60.3` |\n| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `7.2.2` | `7.3.3` |\n\nBumps the npm_and_yarn group with 2 updates in the /packages/core directory: [uuid](https://github.com/uuidjs/uuid) and [diff](https://github.com/kpdecker/jsdiff).\n\nUpdates `simple-git` from 3.28.0 to 3.36.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/steveukx/git-js/releases\"\u003esimple-git's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003esimple-git@3.36.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e89a2294: Extend known exploitable configuration keys and per-task environment variables.\u003c/p\u003e\n\u003cp\u003eNote - \u003ccode\u003eParsedVulnerabilities\u003c/code\u003e from \u003ccode\u003eargv-parser\u003c/code\u003e is removed in favour of a readonly array of \u003ccode\u003eVulnerability\u003c/code\u003e to match usage in \u003ccode\u003esimple-git\u003c/code\u003e, rolled into the new \u003ccode\u003evulnerabilityCheck\u003c/code\u003e for simpler access to the identified issues.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/zebbern\"\u003e\u003ccode\u003e@​zebbern\u003c/code\u003e\u003c/a\u003e for identifying the need to block \u003ccode\u003ecore.fsmonitor\u003c/code\u003e.\nThanks to \u003ca href=\"https://github.com/kodareef5\"\u003e\u003ccode\u003e@​kodareef5\u003c/code\u003e\u003c/a\u003e for identifying the need to block \u003ccode\u003eGIT_CONFIG_COUNT\u003c/code\u003e environment variables and \u003ccode\u003e--template\u003c/code\u003e / \u003ccode\u003emerge\u003c/code\u003e related config.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e1ad57e8: Remove conflicting node:buffer import\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [89a2294]\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [675570a]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/argv-parser\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.1.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/args-pathspec\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esimple-git@3.35.2\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e0cf9d8c: Improvements for mono-repo publishing pipeline\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [0cf9d8c]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/args-pathspec\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.2\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/argv-parser\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esimple-git@3.35.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e0de400e: Update monorepo version handling during publish\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [0de400e]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/argv-parser\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.2\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esimple-git@3.33.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ea263635: Use \u003ccode\u003epathspec\u003c/code\u003e wrappers for remote and local paths when running either \u003ccode\u003egit.clone\u003c/code\u003e or \u003ccode\u003egit.mirror\u003c/code\u003e to\navoid leaving them less open for unexpected outcomes when passing unsanitised data into these tasks.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003ee253a0d: Enhanced \u003ccode\u003egit -c\u003c/code\u003e checks in \u003ccode\u003eunsafe\u003c/code\u003e plugin.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/JohannesLks\"\u003e\u003ccode\u003e@​JohannesLks\u003c/code\u003e\u003c/a\u003e for identifying the issue\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esimple-git@3.32.3\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ef704208: Enhanced \u003ccode\u003eprotocol.allow\u003c/code\u003e checks in \u003ccode\u003eallowUnsafeExtProtocol\u003c/code\u003e handling.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/steveukx/git-js/blob/main/simple-git/CHANGELOG.md\"\u003esimple-git's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.36.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e89a2294: Extend known exploitable configuration keys and per-task environment variables.\u003c/p\u003e\n\u003cp\u003eNote - \u003ccode\u003eParsedVulnerabilities\u003c/code\u003e from \u003ccode\u003eargv-parser\u003c/code\u003e is removed in favour of a readonly array of \u003ccode\u003eVulnerability\u003c/code\u003e to match usage in \u003ccode\u003esimple-git\u003c/code\u003e, rolled into the new \u003ccode\u003evulnerabilityCheck\u003c/code\u003e for simpler access to the identified issues.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/zebbern\"\u003e\u003ccode\u003e@​zebbern\u003c/code\u003e\u003c/a\u003e for identifying the need to block \u003ccode\u003ecore.fsmonitor\u003c/code\u003e.\nThanks to \u003ca href=\"https://github.com/kodareef5\"\u003e\u003ccode\u003e@​kodareef5\u003c/code\u003e\u003c/a\u003e for identifying the need to block \u003ccode\u003eGIT_CONFIG_COUNT\u003c/code\u003e environment variables and \u003ccode\u003e--template\u003c/code\u003e / \u003ccode\u003emerge\u003c/code\u003e related config.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e1ad57e8: Remove conflicting node:buffer import\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [89a2294]\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [675570a]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/argv-parser\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.1.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/args-pathspec\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.35.2\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e0cf9d8c: Improvements for mono-repo publishing pipeline\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [0cf9d8c]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/args-pathspec\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.2\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/argv-parser\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.35.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e0de400e: Update monorepo version handling during publish\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [0de400e]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/argv-parser\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.2\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.35.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e3d8708b: Updating publish config\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated dependencies [3d8708b]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/args-pathspec\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.1\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/argv-parser\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.34.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/7dc1a532a9ec92fb08c93202954be73175b07d83\"\u003e\u003ccode\u003e7dc1a53\u003c/code\u003e\u003c/a\u003e Version Packages\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/76f5376bd418cb8baf5ec32757af442d47128e22\"\u003e\u003ccode\u003e76f5376\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://github.com/steveukx/git-js/tree/HEAD/simple-git/issues/1061\"\u003e#1061\u003c/a\u003e from Vinzent03/fix/buffer-import\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/89a2294febed5dfe737c4c735d936bb6018746a8\"\u003e\u003ccode\u003e89a2294\u003c/code\u003e\u003c/a\u003e Environment Parsing (\u003ca href=\"https://github.com/steveukx/git-js/tree/HEAD/simple-git/issues/1156\"\u003e#1156\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/1b91b762f047777ca6686f34ac3f7b8a543a4780\"\u003e\u003ccode\u003e1b91b76\u003c/code\u003e\u003c/a\u003e fix: remove explicit node:buffer import\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/e390685960a3461875dce89d87ab80e3143d79fe\"\u003e\u003ccode\u003ee390685\u003c/code\u003e\u003c/a\u003e Version Packages\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/3c9e4b8309667d0cb4102cda770f92075fc781dd\"\u003e\u003ccode\u003e3c9e4b8\u003c/code\u003e\u003c/a\u003e Pin version of \u003ccode\u003e@​simple-git/args-pathspec\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/94ee21fd5a2a6182fbf0f218a5efca2057b567cd\"\u003e\u003ccode\u003e94ee21f\u003c/code\u003e\u003c/a\u003e Export \u003ccode\u003epathspec\u003c/code\u003e types through \u003ccode\u003esimple-git\u003c/code\u003e for backward compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/6d7cb5174273aa33d131172d3770cb386e795171\"\u003e\u003ccode\u003e6d7cb51\u003c/code\u003e\u003c/a\u003e Version Packages\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/0de400e7b014a48113acf673b3409a95b9c87a15\"\u003e\u003ccode\u003e0de400e\u003c/code\u003e\u003c/a\u003e Switch to semver from workspace revisions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/2264722abcb637042dd4cc50d903d69e4ee14b38\"\u003e\u003ccode\u003e2264722\u003c/code\u003e\u003c/a\u003e Version Packages\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/steveukx/git-js/commits/simple-git@3.36.0/simple-git\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for simple-git since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `tar` from 7.5.2 to 7.5.11\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/bf776f673164215074b62749e0fe80e5834588f4\"\u003e\u003ccode\u003ebf776f6\u003c/code\u003e\u003c/a\u003e 7.5.11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/f48b5fa3b7985ddab96dc0f2125a4ffc9911b6ad\"\u003e\u003ccode\u003ef48b5fa\u003c/code\u003e\u003c/a\u003e prevent escaping symlinks with drive-relative paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/97cff15d3539a37a4095eb3d287147d9d77c2dc3\"\u003e\u003ccode\u003e97cff15\u003c/code\u003e\u003c/a\u003e docs: more security info\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/2b72abc1d47c3570e1ad95c9ab557fc4c2e6e4b1\"\u003e\u003ccode\u003e2b72abc\u003c/code\u003e\u003c/a\u003e 7.5.10\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/7bc755dd85e623c0279e08eb3784909e6d7e4b9f\"\u003e\u003ccode\u003e7bc755d\u003c/code\u003e\u003c/a\u003e parse root off paths before sanitizing .. parts\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/c8cb84629dee649feedde03f2f4ea48f2e44e778\"\u003e\u003ccode\u003ec8cb846\u003c/code\u003e\u003c/a\u003e update deps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/1f0c2c9006b10199cf2686f8ef43e79a1773e1aa\"\u003e\u003ccode\u003e1f0c2c9\u003c/code\u003e\u003c/a\u003e 7.5.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/fbb08518bf290733b68ca4d4135f75becf73fd75\"\u003e\u003ccode\u003efbb0851\u003c/code\u003e\u003c/a\u003e build minified version as default export\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/6b8eba0ef367ac937e703238daa6df94ae6f823f\"\u003e\u003ccode\u003e6b8eba0\u003c/code\u003e\u003c/a\u003e 7.5.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/2cb1120bcefe28d7ecc719b41441ade59c52e384\"\u003e\u003ccode\u003e2cb1120\u003c/code\u003e\u003c/a\u003e fix(unpack): improve UnpackSync symlink error \u0026quot;into\u0026quot; path accuracy\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/node-tar/compare/v7.5.2...v7.5.11\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~isaacs\"\u003eisaacs\u003c/a\u003e, a new releaser for tar since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `uuid` from 13.0.0 to 14.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/uuidjs/uuid/releases\"\u003euuid's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev14.0.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v14.0.0\"\u003e14.0.0\u003c/a\u003e (2026-04-19)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eexpect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/dc4ddb87272ed2843faccd130bcc41d492688bd3\"\u003edc4ddb8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eexpect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/f2c235f93059325fa43e1106e624b5291bb523c4\"\u003ef2c235f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse GITHUB_TOKEN for release-please and enable npm provenance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/925\"\u003e#925\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/ffa31383e8e4e1f0b4e22e504561272041b8738c\"\u003effa3138\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.2\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.1...v13.0.2\"\u003e13.0.2\u003c/a\u003e (2026-05-04)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ererelease to fix provenance. (\u003ca href=\"https://github.com/uuidjs/uuid/commit/49ccb35f78c0c4ce1409dd2f1d89f83caadba10b\"\u003e49ccb35\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v13.0.1\"\u003e13.0.1\u003c/a\u003e (2026-04-27)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebackport fix for GHSA-w5hq-g745-h8pq (\u003ca href=\"https://github.com/uuidjs/uuid/commit/9d27ddf7046ce496ef39569ff84d948eeff9cb2a\"\u003e9d27ddf\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md\"\u003euuid's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v14.0.0\"\u003e14.0.0\u003c/a\u003e (2026-04-19)\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixes \u003ca href=\"https://github.com/uuidjs/uuid/security/advisories/GHSA-w5hq-g745-h8pq\"\u003eGHSA-w5hq-g745-h8pq\u003c/a\u003e: \u003ccode\u003ev3()\u003c/code\u003e, \u003ccode\u003ev5()\u003c/code\u003e, and \u003ccode\u003ev6()\u003c/code\u003e did not validate that writes would remain within the bounds of a caller-supplied buffer, allowing out-of-bounds writes when an invalid \u003ccode\u003eoffset\u003c/code\u003e was provided. A \u003ccode\u003eRangeError\u003c/code\u003e is now thrown if \u003ccode\u003eoffset \u0026lt; 0\u003c/code\u003e or \u003ccode\u003eoffset + 16 \u0026gt; buf.length\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ecrypto\u003c/code\u003e is now expected to be globally defined (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade minimum supported TypeScript version to 5.4.3, in keeping with the project's policy of supporting TypeScript versions released within the last two years\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/7c1ea087a8149b57380fc8bb7f68c3a215cb6e4b\"\u003e\u003ccode\u003e7c1ea08\u003c/code\u003e\u003c/a\u003e chore(main): release 14.0.0 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/926\"\u003e#926\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/3d2c5b0342f0fcb52a5ac681c3d47c13e7444b34\"\u003e\u003ccode\u003e3d2c5b0\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/f2c235f93059325fa43e1106e624b5291bb523c4\"\u003e\u003ccode\u003ef2c235f\u003c/code\u003e\u003c/a\u003e fix!: expect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/529ef0899f5dd503d2ee90d690585d63d78bc212\"\u003e\u003ccode\u003e529ef08\u003c/code\u003e\u003c/a\u003e chore: upgrade TypeScript and fixup types (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/927\"\u003e#927\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/086fd7976f11433edf9ac80be876b3ad243fe087\"\u003e\u003ccode\u003e086fd79\u003c/code\u003e\u003c/a\u003e chore: update dependencies (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/933\"\u003e#933\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/dc4ddb87272ed2843faccd130bcc41d492688bd3\"\u003e\u003ccode\u003edc4ddb8\u003c/code\u003e\u003c/a\u003e feat!: drop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/0f1f9c9c9cedbae5a1d363d5406c5dfbabe81404\"\u003e\u003ccode\u003e0f1f9c9\u003c/code\u003e\u003c/a\u003e chore: switch to Biome for parsing and linting (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/932\"\u003e#932\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/e2879e64bf125add903c1eff6e0860542c605013\"\u003e\u003ccode\u003ee2879e6\u003c/code\u003e\u003c/a\u003e chore: use maintained version of npm-run-all (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/930\"\u003e#930\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/ffa31383e8e4e1f0b4e22e504561272041b8738c\"\u003e\u003ccode\u003effa3138\u003c/code\u003e\u003c/a\u003e fix: Use GITHUB_TOKEN for release-please and enable npm provenance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/925\"\u003e#925\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/0423d49df2dc8efc300c804731d25f4d7e0fccc4\"\u003e\u003ccode\u003e0423d49\u003c/code\u003e\u003c/a\u003e docs: remove obsolete v1 option notes (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/915\"\u003e#915\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v14.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for uuid since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@modelcontextprotocol/sdk` from 1.23.0 to 1.29.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/releases\"\u003e@​modelcontextprotocol/sdk's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.29.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: treat v1.x as primary branch for npm latest tag (backport \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1577\"\u003e#1577\u003c/a\u003e) by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1749\"\u003emodelcontextprotocol/typescript-sdk#1749\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[v1.x] fix: disallow null (infinite) requested TTL by \u003ca href=\"https://github.com/LucaButBoring\"\u003e\u003ccode\u003e@​LucaButBoring\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1339\"\u003emodelcontextprotocol/typescript-sdk#1339\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[v1.x] fix: add missing size field to ResourceSchema by \u003ca href=\"https://github.com/olaservo\"\u003e\u003ccode\u003e@​olaservo\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1575\"\u003emodelcontextprotocol/typescript-sdk#1575\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd typings exports by \u003ca href=\"https://github.com/tdraier\"\u003e\u003ccode\u003e@​tdraier\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1623\"\u003emodelcontextprotocol/typescript-sdk#1623\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev1.x npm audit fix by \u003ca href=\"https://github.com/KKonstantinov\"\u003e\u003ccode\u003e@​KKonstantinov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1780\"\u003emodelcontextprotocol/typescript-sdk#1780\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev1.x \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1623\"\u003e#1623\u003c/a\u003e follow up -add missing types to package.json by \u003ca href=\"https://github.com/KKonstantinov\"\u003e\u003ccode\u003e@​KKonstantinov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1773\"\u003emodelcontextprotocol/typescript-sdk#1773\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[v1.x backport] Allow servers / clients to advertise extensions in the capability object by \u003ca href=\"https://github.com/localden\"\u003e\u003ccode\u003e@​localden\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1811\"\u003emodelcontextprotocol/typescript-sdk#1811\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(stdio): always set windowsHide on Windows, not just in Electron by \u003ca href=\"https://github.com/jnMetaCode\"\u003e\u003ccode\u003e@​jnMetaCode\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1640\"\u003emodelcontextprotocol/typescript-sdk#1640\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: bump version to 1.29.0 by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1820\"\u003emodelcontextprotocol/typescript-sdk#1820\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tdraier\"\u003e\u003ccode\u003e@​tdraier\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1623\"\u003emodelcontextprotocol/typescript-sdk#1623\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jnMetaCode\"\u003e\u003ccode\u003e@​jnMetaCode\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1640\"\u003emodelcontextprotocol/typescript-sdk#1640\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/v1.28.0...v1.29.0\"\u003ehttps://github.com/modelcontextprotocol/typescript-sdk/compare/v1.28.0...v1.29.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.28.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: use scopes_supported from resource metadata by default (fixes \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/580\"\u003e#580\u003c/a\u003e) by \u003ca href=\"https://github.com/antogyn\"\u003e\u003ccode\u003e@​antogyn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/757\"\u003emodelcontextprotocol/typescript-sdk#757\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[v1.x backport] Default to client_secret_basic when server omits token_endpoint_auth_methods_supported by \u003ca href=\"https://github.com/pcarleton\"\u003e\u003ccode\u003e@​pcarleton\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1611\"\u003emodelcontextprotocol/typescript-sdk#1611\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: reject plain JSON Schema objects passed as inputSchema by \u003ca href=\"https://github.com/tiluckdave\"\u003e\u003ccode\u003e@​tiluckdave\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1596\"\u003emodelcontextprotocol/typescript-sdk#1596\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: clear _timeoutInfo in _onclose() and scope .finally() abort controller cleanup by \u003ca href=\"https://github.com/pcarleton\"\u003e\u003ccode\u003e@​pcarleton\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1462\"\u003emodelcontextprotocol/typescript-sdk#1462\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(server/auth): RFC 8252 loopback port relaxation by \u003ca href=\"https://github.com/poteat\"\u003e\u003ccode\u003e@​poteat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1738\"\u003emodelcontextprotocol/typescript-sdk#1738\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: bump version to 1.28.0 by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1746\"\u003emodelcontextprotocol/typescript-sdk#1746\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/antogyn\"\u003e\u003ccode\u003e@​antogyn\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/757\"\u003emodelcontextprotocol/typescript-sdk#757\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tiluckdave\"\u003e\u003ccode\u003e@​tiluckdave\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1596\"\u003emodelcontextprotocol/typescript-sdk#1596\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/poteat\"\u003e\u003ccode\u003e@​poteat\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1738\"\u003emodelcontextprotocol/typescript-sdk#1738\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/v1.27.1...v1.28.0\"\u003ehttps://github.com/modelcontextprotocol/typescript-sdk/compare/v1.27.1...v1.28.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.27.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: implement auth/pre-registration conformance scenario by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1545\"\u003emodelcontextprotocol/typescript-sdk#1545\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: add governance documentation for SEP-1730 by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1547\"\u003emodelcontextprotocol/typescript-sdk#1547\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: comprehensive feature documentation for SEP-1730 Tier 1 by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1548\"\u003emodelcontextprotocol/typescript-sdk#1548\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: prevent command injection in example URL opening (v1.x backport) by \u003ca href=\"https://github.com/maxisbey\"\u003e\u003ccode\u003e@​maxisbey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1579\"\u003emodelcontextprotocol/typescript-sdk#1579\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: call onerror for silently swallowed transport errors by \u003ca href=\"https://github.com/qing-ant\"\u003e\u003ccode\u003e@​qing-ant\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1580\"\u003emodelcontextprotocol/typescript-sdk#1580\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: bump version to 1.27.1 by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1581\"\u003emodelcontextprotocol/typescript-sdk#1581\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qing-ant\"\u003e\u003ccode\u003e@​qing-ant\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1580\"\u003emodelcontextprotocol/typescript-sdk#1580\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/v1.27.0...v1.27.1\"\u003ehttps://github.com/modelcontextprotocol/typescript-sdk/compare/v1.27.0...v1.27.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.27.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/e12cbd7078db388152f6e839abdbe09ba01f3f32\"\u003e\u003ccode\u003ee12cbd7\u003c/code\u003e\u003c/a\u003e chore: bump version to 1.29.0 (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1820\"\u003e#1820\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/3913fd4443a86536155e3ebef9edd2045c372c1e\"\u003e\u003ccode\u003e3913fd4\u003c/code\u003e\u003c/a\u003e fix(stdio): always set windowsHide on Windows, not just in Electron (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1640\"\u003e#1640\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/5608e78dd0d4ca6cd7dd03278419578f1780365a\"\u003e\u003ccode\u003e5608e78\u003c/code\u003e\u003c/a\u003e [v1.x backport] Allow servers / clients to advertise extensions in the capabi...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/7213816788e634ffb9d09affe50f0295093bfb73\"\u003e\u003ccode\u003e7213816\u003c/code\u003e\u003c/a\u003e v1.x \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1623\"\u003e#1623\u003c/a\u003e follow up -add missing types to package.json (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1773\"\u003e#1773\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/364f38ca2d8895aed7c37b7a0a1031bb7ae4841c\"\u003e\u003ccode\u003e364f38c\u003c/code\u003e\u003c/a\u003e v1.x npm audit fix (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1780\"\u003e#1780\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/c95cc0943b045517e4cc414baf1f168b216c3142\"\u003e\u003ccode\u003ec95cc09\u003c/code\u003e\u003c/a\u003e Add typings exports (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1623\"\u003e#1623\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/ddadaa6cc633fb5db0c094bf031b15b68a357820\"\u003e\u003ccode\u003eddadaa6\u003c/code\u003e\u003c/a\u003e [v1.x] fix: add missing size field to ResourceSchema (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1575\"\u003e#1575\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/2a158513028d9f862c4188b6957e78cd5663f26b\"\u003e\u003ccode\u003e2a15851\u003c/code\u003e\u003c/a\u003e [v1.x] fix: disallow null (infinite) requested TTL (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1339\"\u003e#1339\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/13e30f1d36de8442417fec695983bdb155c00768\"\u003e\u003ccode\u003e13e30f1\u003c/code\u003e\u003c/a\u003e fix: treat v1.x as primary branch for npm latest tag (backport \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1577\"\u003e#1577\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1749\"\u003e#1749\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/a0565695218544fc53e99bf5b544a887d373cefa\"\u003e\u003ccode\u003ea056569\u003c/code\u003e\u003c/a\u003e chore: bump version to 1.28.0 (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1746\"\u003e#1746\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/1.23.0...v1.29.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `diff` from 7.0.0 to 9.0.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kpdecker/jsdiff/blob/master/release-notes.md\"\u003ediff's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e9.0.0\u003c/h2\u003e\n\u003cp\u003e(All changes part of PR \u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/672\"\u003e#672\u003c/a\u003e.)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eES5 support is dropped\u003c/strong\u003e. \u003ccode\u003eparsePatch\u003c/code\u003e now uses \u003ccode\u003eTextDecoder\u003c/code\u003e and \u003ccode\u003eUint8Array\u003c/code\u003e, which are not available in ES5, and TypeScript is now compiled with the \u0026quot;es6\u0026quot; \u003ccode\u003etarget\u003c/code\u003e. From now on, I intend to freely use any features that are deemed \u0026quot;Widely available\u0026quot; by \u003ca href=\"https://web.dev/baseline\"\u003eBaseline\u003c/a\u003e. Users who need ES5 support should stick to version 8.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eC-style quoted strings in filename headers are now properly supported\u003c/strong\u003e.\u003c/p\u003e\n\u003cp\u003eWhen the name of either the old or new file in a patch contains \u0026quot;special characters\u0026quot;, both GNU \u003ccode\u003ediff\u003c/code\u003e and Git quote the filename in the patch's headers and escape special characters using the same escape sequences that are used in string literals in C, including octal escapes for all non-ASCII characters. Previously, jsdiff had very little support for this; \u003ccode\u003eparsePatch\u003c/code\u003e would remove the quotes, and unescape any escaped backslashes, but would not unescape other escape sequences. \u003ccode\u003eformatPatch\u003c/code\u003e, meanwhile, did not quote or escape special characters at all.\u003c/p\u003e\n\u003cp\u003eNow, \u003ccode\u003eparsePatch\u003c/code\u003e parses all the possible escape sequences that GNU diff (or Git) ever output, and \u003ccode\u003eformatPatch\u003c/code\u003e quotes and escapes filenames containing special characters in the same way GNU diff does.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003eformatPatch\u003c/code\u003e now omits file headers when \u003ccode\u003eoldFileName\u003c/code\u003e or \u003ccode\u003enewFileName\u003c/code\u003e in the provided patch object are \u003ccode\u003eundefined\u003c/code\u003e\u003c/strong\u003e, regardless of the \u003ccode\u003eheaderOptions\u003c/code\u003e parameter. (Previously, it would treat the absence of \u003ccode\u003eoldFileName\u003c/code\u003e or \u003ccode\u003enewFileName\u003c/code\u003e as indicating the filename was the word \u0026quot;undefined\u0026quot; and emit headers \u003ccode\u003e--- undefined\u003c/code\u003e / \u003ccode\u003e+++ undefined\u003c/code\u003e.)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003eformatPatch\u003c/code\u003e no longer outputs trailing tab characters at the end of \u003ccode\u003e---\u003c/code\u003e/\u003ccode\u003e+++\u003c/code\u003e headers.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003ePreviously, if \u003ccode\u003eformatPatch\u003c/code\u003e was passed a patch object to serialize that had empty strings for the \u003ccode\u003eoldHeader\u003c/code\u003e or \u003ccode\u003enewHeader\u003c/code\u003e property, it would include a trailing tab character after the filename in the \u003ccode\u003e---\u003c/code\u003e and/or \u003ccode\u003e+++\u003c/code\u003e file header. Now, this scenario is treated the same as when \u003ccode\u003eoldHeader\u003c/code\u003e/\u003ccode\u003enewHeader\u003c/code\u003e is \u003ccode\u003eundefined\u003c/code\u003e - i.e. the trailing tab is omitted.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003eformatPatch\u003c/code\u003e no longer mutates its input\u003c/strong\u003e when serializing a patch containing a hunk where either the old or new content contained zero lines. (Such a hunk occurs only when the hunk has no context lines and represents a pure insertion or pure deletion, which for instance will occur whenever one of the two files being diffed is completely empty.) Previously \u003ccode\u003eformatPatch\u003c/code\u003e would provide the correct output but also mutate the \u003ccode\u003eoldLines\u003c/code\u003e or \u003ccode\u003enewLines\u003c/code\u003e property on the hunk, changing the meaning of the underlying patch.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eGit-style patches are now supported by \u003ccode\u003eparsePatch\u003c/code\u003e, \u003ccode\u003eformatPatch\u003c/code\u003e, and \u003ccode\u003ereversePatch\u003c/code\u003e\u003c/strong\u003e.\u003c/p\u003e\n\u003cp\u003ePatches output by \u003ccode\u003egit diff\u003c/code\u003e can include some features that are unlike those output by GNU \u003ccode\u003ediff\u003c/code\u003e, and therefore not handled by an ordinary unified diff format parser. An ordinary diff simply describes the differences between the \u003cem\u003econtent\u003c/em\u003e of two files, but Git diffs can also indicate, via \u0026quot;extended headers\u0026quot;, the creation or deletion of (potentially empty) files, indicate that a file was renamed, and contain information about file mode changes. Furthermore, when these changes appear in a diff in the absence of a content change (e.g. when an empty file is created, or a file is renamed without content changes), the patch will contain no associated \u003ccode\u003e---\u003c/code\u003e/\u003ccode\u003e+++\u003c/code\u003e file headers nor any hunks.\u003c/p\u003e\n\u003cp\u003ejsdiff previously did not support parsing Git's extended headers, nor hunkless patches. Now \u003ccode\u003eparsePatch\u003c/code\u003e parses some of the extended headers, parses hunkless Git patches, and can determine filenames (e.g. from the extended headers) when parsing a patch that includes no \u003ccode\u003e---\u003c/code\u003e or \u003ccode\u003e+++\u003c/code\u003e file headers. The additional information conveyed by the extended headers we support is recorded on new fields on the result object returned by \u003ccode\u003eparsePatch\u003c/code\u003e. See \u003ccode\u003eisGit\u003c/code\u003e and subsequent properties in the docs in the README.md file.\u003c/p\u003e\n\u003cp\u003e\u003ccode\u003eformatPatch\u003c/code\u003e now outputs extended headers based on these new Git-specific properties, and \u003ccode\u003ereversePatch\u003c/code\u003e respects them as far as possible (with one unavoidable caveat noted in the README.md file).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eUnpaired file headers now cause \u003ccode\u003eparsePatch\u003c/code\u003e to throw\u003c/strong\u003e.\u003c/p\u003e\n\u003cp\u003eIt remains acceptable to have a patch with no file headers whatsoever (e.g. one that begins with a \u003ccode\u003e@@\u003c/code\u003e hunk header on the very first line), but a patch with \u003cem\u003eonly\u003c/em\u003e a \u003ccode\u003e---\u003c/code\u003e header or only a \u003ccode\u003e+++\u003c/code\u003e header is now considered an error.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003eparsePatch\u003c/code\u003e is now more tolerant of \u0026quot;trailing garbage\u0026quot;\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eThat is: after a patch, or between files/indexes in a patch, it is now acceptable to have arbitrary lines of \u0026quot;garbage\u0026quot; (so long as they unambiguously have no syntactic meaning - e.g. trailing garbage that leads with a \u003ccode\u003e+\u003c/code\u003e, \u003ccode\u003e-\u003c/code\u003e, or \u003ccode\u003e \u003c/code\u003e and thus is interpretable as part of a hunk still triggers a throw).\u003c/p\u003e\n\u003cp\u003eThis means we no longer reject patches output by tools that include extra data in \u0026quot;garbage\u0026quot; lines not understood by generic unified diff parsers. (For example, SVN patches can include \u0026quot;Property changes on:\u0026quot; lines that generic unified diff parsers should discard as garbage; jsdiff previously threw errors when encountering them.)\u003c/p\u003e\n\u003cp\u003eThis change brings jsdiff's behaviour more in line with GNU \u003ccode\u003epatch\u003c/code\u003e, which is highly permissive of \u0026quot;garbage\u0026quot;.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eThe \u003ccode\u003eoldFileName\u003c/code\u003e and \u003ccode\u003enewFileName\u003c/code\u003e fields of \u003ccode\u003eStructuredPatch\u003c/code\u003e are now typed as \u003ccode\u003estring | undefined\u003c/code\u003e instead of \u003ccode\u003estring\u003c/code\u003e\u003c/strong\u003e. This type change reflects the (pre-existing) reality that \u003ccode\u003eparsePatch\u003c/code\u003e can produce patches without filenames (e.g. when parsing a patch that simply contains hunks with no file headers).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.0.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/667\"\u003e#667\u003c/a\u003e - \u003cstrong\u003efix another bug in \u003ccode\u003ediffWords\u003c/code\u003e when used with an \u003ccode\u003eIntl.Segmenter\u003c/code\u003e\u003c/strong\u003e. If the text to be diffed included a combining mark after a whitespace character (i.e. roughly speaking, an accented space), \u003ccode\u003ediffWords\u003c/code\u003e would previously crash. Now this case is handled correctly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.0.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/631\"\u003e#631\u003c/a\u003e - \u003cstrong\u003efix support for using an \u003ccode\u003eIntl.Segmenter\u003c/code\u003e with \u003ccode\u003ediffWords\u003c/code\u003e\u003c/strong\u003e. This has been almost completely broken since the feature was added in v6.0.0, since it would outright crash on any text that featured two consecutive newlines between a pair of words (a very common case).\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/635\"\u003e#635\u003c/a\u003e - \u003cstrong\u003esmall tweaks to tokenization behaviour of \u003ccode\u003ediffWords\u003c/code\u003e\u003c/strong\u003e when used \u003cem\u003ewithout\u003c/em\u003e an \u003ccode\u003eIntl.Segmenter\u003c/code\u003e. Specifically, the soft hyphen (U+00AD) is no longer considered to be a word break, and the multiplication and division signs (\u003ccode\u003e×\u003c/code\u003e and \u003ccode\u003e÷\u003c/code\u003e) are now treated as punctuation instead of as letters / word characters.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/ed13aca03aa25735fafc0645d1185e7a1c68fd8c\"\u003e\u003ccode\u003eed13aca\u003c/code\u003e\u003c/a\u003e Update version in package.json and in release notes (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/683\"\u003e#683\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/7a49317b503a932b88fc72ad9c57a481df038e24\"\u003e\u003ccode\u003e7a49317\u003c/code\u003e\u003c/a\u003e Bump dependencies again (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/682\"\u003e#682\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/afe5aecad189c9f5941ad3feb3c94c46b32ecb0a\"\u003e\u003ccode\u003eafe5aec\u003c/code\u003e\u003c/a\u003e Add Git support, and otherwise variously improve \u0026amp; fix parsePatch (and other ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/2e46779d8866ce7da1303a03db33ed038590c6f6\"\u003e\u003ccode\u003e2e46779\u003c/code\u003e\u003c/a\u003e Fix a typo (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/679\"\u003e#679\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/dd2f99497703a1540b2ae406b51c49b74b5fc1a1\"\u003e\u003ccode\u003edd2f994\u003c/code\u003e\u003c/a\u003e 8.0.4 release (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/678\"\u003e#678\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/3cc438434db53c5d1c40412b727ea7650f6f145a\"\u003e\u003ccode\u003e3cc4384\u003c/code\u003e\u003c/a\u003e Update docs on releasing to reflect migration to yarn berry (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/677\"\u003e#677\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/6fc2aa6b7672af08774b50aae00d97b99c5b5715\"\u003e\u003ccode\u003e6fc2aa6\u003c/code\u003e\u003c/a\u003e yarn up '*' \u0026amp;\u0026amp; yarn up -R '**' (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/676\"\u003e#676\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/af7393ac3404565dc8da655c2e7aeeed28c01ff7\"\u003e\u003ccode\u003eaf7393a\u003c/code\u003e\u003c/a\u003e yarn up '*' \u0026amp;\u0026amp; yarn up -R '**' (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/670\"\u003e#670\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/4b5d1800370bf29b61a3378fb8086aeb231d3ef7\"\u003e\u003ccode\u003e4b5d180\u003c/code\u003e\u003c/a\u003e Fix another bug in diffWords's \u0026quot;intlSegmenter\u0026quot; mode (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/667\"\u003e#667\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/10da50c466709e7bd4b192dac96af0af46f8b7bd\"\u003e\u003ccode\u003e10da50c\u003c/code\u003e\u003c/a\u003e yarn up '*' \u0026amp;\u0026amp; yarn up -R '**' (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/666\"\u003e#666\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kpdecker/jsdiff/compare/7.0.0...v9.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `undici` from 7.15.0 to 7.25.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodejs/undici/releases\"\u003eundici's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.25.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.24.8...v7.25.0\"\u003ehttps://github.com/nodejs/undici/compare/v7.24.8...v7.25.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.24.8\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: backport 401 stream-backed body fix to v7.x by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/5006\"\u003enodejs/undici#5006\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.24.7...v7.24.8\"\u003ehttps://github.com/nodejs/undici/compare/v7.24.7...v7.24.8\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.24.7\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: update broken links in file \u0026quot;Dispatcher.md\u0026quot; by \u003ca href=\"https://github.com/samuel871211\"\u003e\u003ccode\u003e@​samuel871211\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4924\"\u003enodejs/undici#4924\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edoc: remove unused parameter \u003ccode\u003eredirectionLimitReached\u003c/code\u003e by \u003ca href=\"https://github.com/samuel871211\"\u003e\u003ccode\u003e@​samuel871211\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4933\"\u003enodejs/undici#4933\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: skip flaky macOS Node 20 cookie fetch cases by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4932\"\u003enodejs/undici#4932\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(types): align Response with DOM fetch types by \u003ca href=\"https://github.com/theamodhshetty\"\u003e\u003ccode\u003e@​theamodhshetty\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4867\"\u003enodejs/undici#4867\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(types): Fix clone method type declaration to be an instance method rather than instance property by \u003ca href=\"https://github.com/mistval\"\u003e\u003ccode\u003e@​mistval\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4925\"\u003enodejs/undici#4925\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: skip IPv6 tests when IPv6 is not available by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4939\"\u003enodejs/undici#4939\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: correctly handle multi-value rawHeaders in fetch by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4938\"\u003enodejs/undici#4938\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eignore AGENTS.md by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4942\"\u003enodejs/undici#4942\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/samuel871211\"\u003e\u003ccode\u003e@​samuel871211\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4924\"\u003enodejs/undici#4924\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mistval\"\u003e\u003ccode\u003e@​mistval\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4925\"\u003enodejs/undici#4925\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.24.6...v7.24.7\"\u003ehttps://github.com/nodejs/undici/compare/v7.24.6...v7.24.7\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.24.6\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(test): client wasm compatible with clang 22 by \u003ca href=\"https://github.com/rozzilla\"\u003e\u003ccode\u003e@​rozzilla\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4909\"\u003enodejs/undici#4909\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(mock): improve error message when intercepts are exhausted by \u003ca href=\"https://github.com/travisbreaks\"\u003e\u003ccode\u003e@​travisbreaks\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4912\"\u003enodejs/undici#4912\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(websocket): support open diagnostics over h2 by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4921\"\u003enodejs/undici#4921\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: assume http/https scheme for scheme-less proxy env vars by \u003ca href=\"https://github.com/travisbreaks\"\u003e\u003ccode\u003e@​travisbreaks\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4914\"\u003enodejs/undici#4914\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(cache): check Authorization on request headers per RFC 9111 §3.5 by \u003ca href=\"https://github.com/metalix2\"\u003e\u003ccode\u003e@​metalix2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4911\"\u003enodejs/undici#4911\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: wrap kConnector call in try/catch to prevent client hang by \u003ca href=\"https://github.com/veeceey\"\u003e\u003ccode\u003e@​veeceey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4834\"\u003enodejs/undici#4834\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: clarify fetch and FormData pairing by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4922\"\u003enodejs/undici#4922\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: support Connection header with connection-specific header names per RFC 7230 by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4775\"\u003enodejs/undici#4775\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: avoid prototype collisions in parseHeaders by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4923\"\u003enodejs/undici#4923\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump typescript from 5.9.3 to 6.0.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4926\"\u003enodejs/undici#4926\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: auto-init WPT submodule by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4930\"\u003enodejs/undici#4930\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rozzilla\"\u003e\u003ccode\u003e@​rozzilla\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4909\"\u003enodejs/undici#4909\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/veeceey\"\u003e\u003ccode\u003e@​veeceey\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4834\"\u003enodejs/undici#4834\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.24.5...v7.24.6\"\u003ehttps://github.com/nodejs/undici/compare/v7.24.5...v7.24.6\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/12d9045923b7caebb1ae6975ef34c29dbcfd95d0\"\u003e\u003ccode\u003e12d9045\u003c/code\u003e\u003c/a\u003e Bumped v7.25.0 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/5025\"\u003e#5025\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/7a6f7febb30a30748a04f38c21e3641c77d21b0e\"\u003e\u003ccode\u003e7a6f7fe\u003c/code\u003e\u003c/a\u003e Bumped v7.24.8 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/5020\"\u003e#5020\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/1f85ae4b27ed6401e7ccc35eb546ad2e5976121f\"\u003e\u003ccode\u003e1f85ae4\u003c/code\u003e\u003c/a\u003e fix: avoid 401 failures for stream-backed request bodies (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4941\"\u003e#4941\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/5006\"\u003e#5006\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/c6610674dfad7c205ddf0f27831133973ad7894e\"\u003e\u003ccode\u003ec661067\u003c/code\u003e\u003c/a\u003e chore: update v7.x maintenance release flow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/84f23e2a19cd0f585579c4257d801e4ec2d65dbd\"\u003e\u003ccode\u003e84f23e2\u003c/code\u003e\u003c/a\u003e Bumped v7.24.7 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4947\"\u003e#4947\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/a770b1033201984b9e8082a9bf955414bff5dc2e\"\u003e\u003ccode\u003ea770b10\u003c/code\u003e\u003c/a\u003e ignore AGENTS.md (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4942\"\u003e#4942\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/6acd19beaf67c1a2d07bcd38f40d0b751a81e7cc\"\u003e\u003ccode\u003e6acd19b\u003c/code\u003e\u003c/a\u003e fix: correctly handle multi-value rawHeaders in fetch (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4938\"\u003e#4938\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/1da1c747c7d6e01b93ab295e0efb86623f3c8e06\"\u003e\u003ccode\u003e1da1c74\u003c/code\u003e\u003c/a\u003e test: skip IPv6 tests when IPv6 is not available (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4939\"\u003e#4939\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/04cb77327f7ada95c2e5b67424cddcb22d7bf882\"\u003e\u003ccode\u003e04cb773\u003c/code\u003e\u003c/a\u003e fix(types): Fix clone method type declaration to be an instance method rather...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/5145a7c47080d1715b2723591def3a75b0c3ba63\"\u003e\u003ccode\u003e5145a7c\u003c/code\u003e\u003c/a\u003e fix(types): align Response with DOM fetch types (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4867\"\u003e#4867\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nodejs/undici/compare/v7.15.0...v7.25.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for undici since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ajv` from 8.17.1 to 8.18.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ajv-validator/ajv/releases\"\u003eajv's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.18.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: allow tree-shaking by adding \u003ccode\u003e\u0026quot;sideEffects\u0026quot;: false\u003c/code\u003e to \u003ccode\u003epackage.json\u003c/code\u003e by \u003ca href=\"https://github.com/josdejong\"\u003e\u003ccode\u003e@​josdejong\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2480\"\u003eajv-validator/ajv#2480\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2482\"\u003e#2482\u003c/a\u003e Infinity and NaN serialise to null by \u003ca href=\"https://github.com/jasoniangreen\"\u003e\u003ccode\u003e@​jasoniangreen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2487\"\u003eajv-validator/ajv#2487\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: small grammatical error in managing-schemas.md by \u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2508\"\u003eajv-validator/ajv#2508\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: typos in schema-language.md by \u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2507\"\u003eajv-validator/ajv#2507\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(pattern): use configured RegExp engine with $data keyword to mitigate ReDoS attacks (CVE-2025-69873) by \u003ca href=\"https://github.com/epoberezkin\"\u003e\u003ccode\u003e@​epoberezkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2586\"\u003eajv-validator/ajv#2586\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/josdejong\"\u003e\u003ccode\u003e@​josdejong\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2480\"\u003eajv-validator/ajv#2480\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2508\"\u003eajv-validator/ajv#2508\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0\"\u003ehttps://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/142ce84b807c4fe66e619c22480a28d0e4bd50fa\"\u003e\u003ccode\u003e142ce84\u003c/code\u003e\u003c/a\u003e 8.18.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/720a23fa453ffae8340e92c9b0fe886c54cfe0d5\"\u003e\u003ccode\u003e720a23f\u003c/code\u003e\u003c/a\u003e fix(pattern): use configured RegExp engine with $data keyword to mitigate ReD...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/82735a15826a30cc51e97a1bbfb59b3d388e4b98\"\u003e\u003ccode\u003e82735a1\u003c/code\u003e\u003c/a\u003e fix: typos in schema-language.md (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2507\"\u003e#2507\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/b17ec32cd97542e90ae27231d8a8bce88b9e53b6\"\u003e\u003ccode\u003eb17ec32\u003c/code\u003e\u003c/a\u003e fix: small grammatical error in managing-schemas.md (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2508\"\u003e#2508\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/69568d08564303e2c32a2de61feb833b41075f96\"\u003e\u003ccode\u003e69568d0\u003c/code\u003e\u003c/a\u003e fix: \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2482\"\u003e#2482\u003c/a\u003e Infinity and NaN serialise to null (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2487\"\u003e#2487\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/f06766f33ed7291f84c19f22a1286a34475fbdaf\"\u003e\u003ccode\u003ef06766f\u003c/code\u003e\u003c/a\u003e feat: allow tree-shaking by adding ``\u0026quot;sideEffects\u0026quot;: false\u003ccode\u003eto\u003c/code\u003epackage.json` ...\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `picomatch` from 4.0.3 to 4.0.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/releases\"\u003epicomatch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.0.4\u003c/h2\u003e\n\u003cp\u003eThis is a security release fixing several security relevant issues.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj\"\u003eCVE-2026-33671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p\"\u003eCVE-2026-33672\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/micromatch/picomatch/compare/4.0.3...4.0.4\"\u003ehttps://github.com/micromatch/picomatch/compare/4.0.3...4.0.4\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/e5474fc1a4d7991870058170407dda8a42be5334\"\u003e\u003ccode\u003ee5474fc\u003c/code\u003e\u003c/a\u003e Publish 4.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/4516eb521f13a46b2fe1a1d2c9ef6b20ddc0e903\"\u003e\u003ccode\u003e4516eb5\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/5eceecd27543b8e056b9307d69e105ea03618a7d\"\u003e\u003ccode\u003e5eceecd\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/0db7dd70651ca7c8265601c0442a996ed32e3238\"\u003e\u003ccode\u003e0db7dd7\u003c/code\u003e\u003c/a\u003e Run benchmark again against latest minimatch version (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/161\"\u003e#161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/95003777eb1c60dec09495a8231fa2ba4054d76a\"\u003e\u003ccode\u003e9500377\u003c/code\u003e\u003c/a\u003e docs: clarify what brace expansion syntax is and isn't supported (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/134\"\u003e#134\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/2661f23eca86c8b4a2b14815b9b2b3b74bd5a171\"\u003e\u003ccode\u003e2661f23\u003c/code\u003e\u003c/a\u003e fix typo in globstars.js test name (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/138\"\u003e#138\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/1798b07e9df59500b9cf567294d44d559032f4c7\"\u003e\u003ccode\u003e1798b07\u003c/code\u003e\u003c/a\u003e docs: fix \u003ccode\u003emakeRe\u003c/code\u003e example (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/143\"\u003e#143\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/9d76bc57a03b7f57cc4ca516c8071daf632bafd8\"\u003e\u003ccode\u003e9d76bc5\u003c/code\u003e\u003c/a\u003e chore: undocument removed options (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/146\"\u003e#146\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/e4d718bbfb47e4f030ab2612b5b04a9297fe272d\"\u003e\u003ccode\u003ee4d718b\u003c/code\u003e\u003c/a\u003e Remove unused time-require (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/160\"\u003e#160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/38dffeb16221cc8eb8981524fb6895dd2aaaba76\"\u003e\u003ccode\u003e38dffeb\u003c/code\u003e\u003c/a\u003e chore(deps): pin dependencies (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/158\"\u003e#158\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/micromatch/picomatch/compare/4.0.3...4.0.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@isaacs/brace-expansion` from 5.0.0 to 5.0.1\n\nUpdates `qs` from 6.13.0 to 6.15.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ljharb/qs/blob/main/CHANGELOG.md\"\u003eqs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.1\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: \u003ccode\u003eparameterLimit: Infinity\u003c/code\u003e with \u003ccode\u003ethrowOnLimitExceeded: true\u003c/code\u003e silently drops all parameters\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eiconv-lite\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] increase coverage\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.0\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[New] \u003ccode\u003eparse\u003c/code\u003e: add \u003ccode\u003estrictMerge\u003c/code\u003e option to wrap object/primitive conflicts in an array (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/425\"\u003e#425\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/ljharb/qs/issues/122\"\u003e#122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eduplicates\u003c/code\u003e option should not apply to bracket notation keys (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/514\"\u003e#514\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.14.2\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: mark overflow objects for indexed notation exceeding \u003ccode\u003earrayLimit\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/546\"\u003e#546\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003earrayLimit\u003c/code\u003e means max count, not max index, in \u003ccode\u003ecombine\u003c/code\u003e/\u003ccode\u003emerge\u003c/code\u003e/\u003ccode\u003eparseArrayValue\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: throw on \u003ccode\u003earrayLimit\u003c/code\u003e exceeded with indexed notation when \u003ccode\u003ethrowOnLimitExceeded\u003c/code\u003e is true (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/529\"\u003e#529\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: enforce \u003ccode\u003earrayLimit\u003c/code\u003e on \u003ccode\u003ecomma\u003c/code\u003e-parsed values\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: fix error message to reflect arrayLimit as max index; remove extraneous comments (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/545\"\u003e#545\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Robustness] avoid \u003ccode\u003e.push\u003c/code\u003e, use \u003ccode\u003evoid\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[readme] document that \u003ccode\u003eaddQueryPrefix\u003c/code\u003e does not add \u003ccode\u003e?\u003c/code\u003e to empty output (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/418\"\u003e#418\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] clarify \u003ccode\u003eparseArrays\u003c/code\u003e and \u003ccode\u003earrayLimit\u003c/code\u003e documentation (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/543\"\u003e#543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] replace runkit CI badge with shields.io check-runs badge\u003c/li\u003e\n\u003cli\u003e[meta] fix changelog typo (\u003ccode\u003earrayLength\u003c/code\u003e → \u003ccode\u003earrayLimit\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e[actions] fix rebase workflow permissions\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.14.1\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] ensure \u003ccode\u003earrayLimit\u003c/code\u003e applies to \u003ccode\u003e[]\u003c/code\u003e notation as well\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: when a custom decoder returns \u003ccode\u003enull\u003c/code\u003e for a key, ignore that key\u003c/li\u003e\n\u003cli\u003e[Refactor] \u003ccode\u003eparse\u003c/code\u003e: extract key segment splitting helper\u003c/li\u003e\n\u003cli\u003e[meta] add threat model\u003c/li\u003e\n\u003cli\u003e[actions] add workflow permissions\u003c/li\u003e\n\u003cli\u003e[Tests] \u003ccode\u003estringify\u003c/code\u003e: increase coverage\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003eeslint\u003c/code\u003e, \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003enpmignore\u003c/code\u003e, \u003ccode\u003ees-value-fixtures\u003c/code\u003e, \u003ccode\u003efor-each\u003c/code\u003e, \u003ccode\u003eobject-inspect\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.14.0\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[New] \u003ccode\u003eparse\u003c/code\u003e: add \u003ccode\u003ethrowOnParameterLimitExceeded\u003c/code\u003e option (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/517\"\u003e#517\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Refactor] \u003ccode\u003eparse\u003c/code\u003e: use \u003ccode\u003eutils.combine\u003c/code\u003e more\u003c/li\u003e\n\u003cli\u003e[patch] \u003ccode\u003eparse\u003c/code\u003e: add explicit \u003ccode\u003ethrowOnLimitExceeded\u003c/code\u003e default\u003c/li\u003e\n\u003cli\u003e[actions] use shared action; re-add finishers\u003c/li\u003e\n\u003cli\u003e[meta] Fix changelog formatting bug\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003eside-channel\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003ees-value-fixtures\u003c/code\u003e, \u003ccode\u003ehas-bigints\u003c/code\u003e, \u003ccode\u003ehas-proto\u003c/code\u003e, \u003ccode\u003ehas-symbols\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] increase coverage\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.13.3\u003c/strong\u003e\u003c/h2\u003e\n\u003cp\u003e[Fix] fix regressions from robustness refactor\n[actions] update reusable workflows\u003c/p\u003e\n\u003ch2\u003e\u003cstrong\u003e6.13.2\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Robustness] avoid \u003ccode\u003e.push\u003c/code\u003e, use \u003ccode\u003evoid\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[readme] clarify \u003ccode\u003eparseArrays\u003c/code\u003e and \u003ccode\u003earrayLimit\u003c/code\u003e documentation (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/543\"\u003e#543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] document that \u003ccode\u003eaddQueryPrefix\u003c/code\u003e does not add \u003ccode\u003e?\u003c/code\u003e to empty output (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/418\"\u003e#418\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/3f5e1c528c967d915096787efbffa73cf6044170\"\u003e\u003ccode\u003e3f5e1c5\u003c/code\u003e\u003c/a\u003e v6.15.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/c85b67f0a35897c2d3d1dd2766a3c8f1bd9b371f\"\u003e\u003ccode\u003ec85b67f\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003eparse\u003c/code\u003e: \u003ccode\u003eparameterLimit: Infinity\u003c/code\u003e with \u003ccode\u003ethrowOnLimitExceeded: true\u003c/code\u003e s...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/4dfa0f09798f79b08c9727fde391b1aa4ec8572d\"\u003e\u003ccode\u003e4dfa0f0\u003c/code\u003e\u003c/a\u003e [Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/dbb05d7bd9a86b9125dd8e1e0d3dcae62abe106b\"\u003e\u003ccode\u003edbb05d7\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eiconv-lite\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/b0cfe7cc01f3f7241c1d5cb444c99c0e87b68961\"\u003e\u003ccode\u003eb0cfe7c\u003c/code\u003e\u003c/a\u003e [Tests] increase coverage\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/d9b4c66303375493c68c42d68e363e50b1753771\"\u003e\u003ccode\u003ed9b4c66\u003c/code\u003e\u003c/a\u003e v6.15.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/cb41a545a32422ad3044584d3c4fa8f953552605\"\u003e\u003ccode\u003ecb41a54\u003c/code\u003e\u003c/a\u003e [New] \u003ccode\u003eparse\u003c/code\u003e: add \u003ccode\u003estrictMerge\u003c/code\u003e option to wrap object/primitive conflicts in...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/88e15636da953397262bd3014ab8b0d17d5c8039\"\u003e\u003ccode\u003e88e1563\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003eduplicates\u003c/code\u003e option should not apply to bracket notation keys\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/9d441d270486c3cc77f17289a9e0921c0f742aff\"\u003e\u003ccode\u003e9d441d2\u003c/code\u003e\u003c/a\u003e Merge backport release tags v6.0.6–v6.13.3 into main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/85cc8cac6b444c9b4cb1172a151ac8fdee0a0301\"\u003e\u003ccode\u003e85cc8ca\u003c/code\u003e\u003c/a\u003e v6.12.5\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ljharb/qs/compare/v6.13.0...v6.15.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@opentelemetry/exporter-prometheus` from 0.203.0 to 0.218.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/releases\"\u003e@​opentelemetry/exporter-prometheus's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eexperimental/v0.218.0\u003c/h2\u003e\n\u003ch2\u003e0.218.0\u003c/h2\u003e\n\u003ch3\u003e:rocket: Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat(otlp-transformer): replace protobufjs metrics serialization with custom implementation \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6629\"\u003e#6625\u003c/a\u003e \u003ca href=\"https://github.com/pichlermarc\"\u003e\u003ccode\u003e@​pichlermarc\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(configuration): show all config validation errors, if there are multiple \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6683\"\u003e#6683\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(sdk-node): allow startNodeSDK() without an arg \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6688\"\u003e#6688\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e:house: Internal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003erefactor(sdk-logs): alias \u003ccode\u003eLoggerProviderConfig\u003c/code\u003e to \u003ccode\u003eLoggerProviderOptions\u003c/code\u003e \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6691\"\u003e#6691\u003c/a\u003e \u003ca href=\"https://github.com/david-luna\"\u003e\u003ccode\u003e@​david-luna\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erefactor(sdk-logs): use \u003ccode\u003eLogger.enabled()\u003c/code\u003e within \u003ccode\u003eLogger.emit()\u003c/code\u003e implementation \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6680\"\u003e#6680\u003c/a\u003e \u003ca href=\"https://github.com/david-luna\"\u003e\u003ccode\u003e@​david-luna\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eexperimental/v0.217.0\u003c/h2\u003e\n\u003ch2\u003e0.217.0\u003c/h2\u003e\n\u003ch3\u003e:rocket: Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat(otlp-transformer): replace protobufjs trace serialization with custom implementation \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6625\"\u003e#6625\u003c/a\u003e \u003ca href=\"https://github.com/pichlermarc\"\u003e\u003ccode\u003e@​pichlermarc\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(configuration): auto-generate TypeScript types from OTel declarative config JSON schema (stable v1.0.0) using \u003ccode\u003ejson-schema-to-typescript\u003c/code\u003e and \u003ccode\u003eajv\u003c/code\u003e \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6533\"\u003e#6533\u003c/a\u003e \u003ca href=\"https://github.com/MikeGoldsmith\"\u003e\u003ccode\u003e@​MikeGoldsmith\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(configuration, sdk-node): \u003ccode\u003estartNodeSDK()\u003c/code\u003e code path now uses \u003ccode\u003elog_level\u003c...\n\n_Description has been truncated_","html_url":"https://github.com/dinohatibovic/gemini-cli/pull/15","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/dinohatibovic%2Fgemini-cli/issues/15","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/15/packages"}},{"old_version":"4.0.0","new_version":"4.0.1","update_type":"patch","path":null,"pr_created_at":"2026-05-13T09:18:12.000Z","version_change":"4.0.0 → 4.0.1","issue":{"uuid":"4436552200","node_id":"PR_kwDOPJD-Qc7bC8Yb","number":14,"state":"closed","title":"chore(deps): bump the npm_and_yarn group across 3 directories with 21 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-23T09:54:01.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-13T09:18:12.000Z","updated_at":"2026-05-23T09:54:02.000Z","time_to_close":866149,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"npm_and_yarn","update_count":21,"packages":[{"name":"glob","old_version":"10.4.5","new_version":"10.5.0","repository_url":"https://github.com/isaacs/node-glob"},{"name":"lodash","old_version":"4.17.21","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"diff","old_version":"7.0.0","new_version":"9.0.0","repository_url":"https://github.com/kpdecker/jsdiff"},{"name":"@modelcontextprotocol/sdk","old_version":"1.15.1","new_version":"1.29.0","repository_url":"https://github.com/modelcontextprotocol/typescript-sdk"},{"name":"@opentelemetry/sdk-node","old_version":"0.52.1","new_version":"0.218.0","repository_url":"https://github.com/open-telemetry/opentelemetry-js"},{"name":"ajv","old_version":"8.17.1","new_version":"8.18.0","repository_url":"https://github.com/ajv-validator/ajv"},{"name":"simple-git","old_version":"3.28.0","new_version":"3.36.0","repository_url":"https://github.com/steveukx/git-js"},{"name":"undici","old_version":"7.10.0","new_version":"7.25.0","repository_url":"https://github.com/nodejs/undici"},{"name":"brace-expansion","old_version":"1.1.12","new_version":"1.1.14","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"minimatch","old_version":"3.1.2","new_version":"3.1.5","repository_url":"https://github.com/isaacs/minimatch"},{"name":"fast-uri","old_version":"3.0.6","new_version":"3.1.2","repository_url":"https://github.com/fastify/fast-uri"},{"name":"flatted","old_version":"3.3.3","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"js-yaml","old_version":"4.1.0","new_version":"4.1.1","repository_url":"https://github.com/nodeca/js-yaml"},{"name":"jws","old_version":"4.0.0","new_version":"4.0.1","repository_url":"https://github.com/brianloveswords/node-jws"},{"name":"path-to-regexp","old_version":"8.2.0","new_version":"8.4.2","repository_url":"https://github.com/pillarjs/path-to-regexp"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"picomatch","old_version":"4.0.2","new_version":"4.0.4","repository_url":"https://github.com/micromatch/picomatch"},{"name":"rollup","old_version":"4.44.0","new_version":"4.60.3","repository_url":"https://github.com/rollup/rollup"},{"name":"vite","old_version":"7.0.0","new_version":"7.3.3","repository_url":"https://github.com/vitejs/vite"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 18 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [glob](https://github.com/isaacs/node-glob) | `10.4.5` | `10.5.0` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [diff](https://github.com/kpdecker/jsdiff) | `7.0.0` | `9.0.0` |\n| [@modelcontextprotocol/sdk](https://github.com/modelcontextprotocol/typescript-sdk) | `1.15.1` | `1.29.0` |\n| [@opentelemetry/sdk-node](https://github.com/open-telemetry/opentelemetry-js) | `0.52.1` | `0.218.0` |\n| [ajv](https://github.com/ajv-validator/ajv) | `8.17.1` | `8.18.0` |\n| [simple-git](https://github.com/steveukx/git-js/tree/HEAD/simple-git) | `3.28.0` | `3.36.0` |\n| [undici](https://github.com/nodejs/undici) | `7.10.0` | `7.25.0` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.12` | `1.1.14` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [fast-uri](https://github.com/fastify/fast-uri) | `3.0.6` | `3.1.2` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `4.1.0` | `4.1.1` |\n| [jws](https://github.com/brianloveswords/node-jws) | `4.0.0` | `4.0.1` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `8.2.0` | `8.4.2` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [picomatch](https://github.com/micromatch/picomatch) | `4.0.2` | `4.0.4` |\n| [rollup](https://github.com/rollup/rollup) | `4.44.0` | `4.60.3` |\n| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `7.0.0` | `7.3.3` |\n\nBumps the npm_and_yarn group with 10 updates in the /packages/core directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [glob](https://github.com/isaacs/node-glob) | `10.4.5` | `12.0.0` |\n| [diff](https://github.com/kpdecker/jsdiff) | `7.0.0` | `8.0.3` |\n| [@modelcontextprotocol/sdk](https://github.com/modelcontextprotocol/typescript-sdk) | `1.12.3` | `1.29.0` |\n| [@opentelemetry/sdk-node](https://github.com/open-telemetry/opentelemetry-js) | `0.52.1` | `0.217.0` |\n| [simple-git](https://github.com/steveukx/git-js/tree/HEAD/simple-git) | `3.28.0` | `3.36.0` |\n| [undici](https://github.com/nodejs/undici) | `7.10.0` | `7.24.0` |\n| [jws](https://github.com/brianloveswords/node-jws) | `4.0.0` | `4.0.1` |\n| [protobufjs](https://github.com/protobufjs/protobuf.js) | `7.5.3` | `7.5.8` |\n| [rollup](https://github.com/rollup/rollup) | `4.43.0` | `4.60.3` |\n| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `6.3.5` | `7.3.3` |\n\nBumps the npm_and_yarn group with 8 updates in the /packages/vscode-ide-companion directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [@modelcontextprotocol/sdk](https://github.com/modelcontextprotocol/typescript-sdk) | `1.15.1` | `1.26.0` |\n| [ajv](https://github.com/ajv-validator/ajv) | `6.12.6` | `6.15.0` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.12` | `1.1.14` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `2.0.2` | `2.1.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [minimatch](https://github.com/isaacs/minimatch) | `9.0.5` | `9.0.9` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `4.1.0` | `4.1.1` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `8.2.0` | `8.4.2` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n\n\nUpdates `glob` from 10.4.5 to 10.5.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-glob/commit/56774ef73b495eb0b17cdd0f42921f5ef62297c1\"\u003e\u003ccode\u003e56774ef\u003c/code\u003e\u003c/a\u003e 10.5.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-glob/commit/1e4e297342a09f2aa0ced87fcd4a70ddc325d75f\"\u003e\u003ccode\u003e1e4e297\u003c/code\u003e\u003c/a\u003e bin: Do not expose filenames to shell expansion\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/isaacs/node-glob/compare/v10.4.5...v10.5.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lodash` from 4.17.21 to 4.18.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lodash/lodash/releases\"\u003elodash's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.18.1\u003c/h2\u003e\n\u003ch2\u003eBugs\u003c/h2\u003e\n\u003cp\u003eFixes a \u003ccode\u003eReferenceError\u003c/code\u003e issue in \u003ccode\u003elodash\u003c/code\u003e \u003ccode\u003elodash-es\u003c/code\u003e \u003ccode\u003elodash-amd\u003c/code\u003e and \u003ccode\u003elodash.template\u003c/code\u003e when using the \u003ccode\u003etemplate\u003c/code\u003e and \u003ccode\u003efromPairs\u003c/code\u003e functions from the modular builds. See \u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6167#issuecomment-4165269769\"\u003elodash/lodash#6167\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThese defects were related to how lodash distributions are built from the main branch using \u003ca href=\"https://github.com/lodash-archive/lodash-cli\"\u003ehttps://github.com/lodash-archive/lodash-cli\u003c/a\u003e. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.\u003c/p\u003e\n\u003cp\u003eThere is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003elodash\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-es\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-amd\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash.template\u003c/code\u003e\u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.18.0\u003c/h2\u003e\n\u003ch2\u003ev4.18.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.23...4.18.0\"\u003ehttps://github.com/lodash/lodash/compare/4.17.23...4.18.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.unset\u003c/code\u003e / \u003ccode\u003e_.omit\u003c/code\u003e\u003c/strong\u003e: Fixed prototype pollution via \u003ccode\u003econstructor\u003c/code\u003e/\u003ccode\u003eprototype\u003c/code\u003e path traversal (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-f23m-r3pf-42rh\"\u003eGHSA-f23m-r3pf-42rh\u003c/a\u003e, \u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003efe8d32e\u003c/a\u003e). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now \u003ccode\u003econstructor\u003c/code\u003e and \u003ccode\u003eprototype\u003c/code\u003e are blocked unconditionally as non-terminal path keys, matching \u003ccode\u003ebaseSet\u003c/code\u003e. Calls that previously returned \u003ccode\u003etrue\u003c/code\u003e and deleted the property now return \u003ccode\u003efalse\u003c/code\u003e and leave the target untouched.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.template\u003c/code\u003e\u003c/strong\u003e: Fixed code injection via \u003ccode\u003eimports\u003c/code\u003e keys (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-r5fr-rjxr-66jc\"\u003eGHSA-r5fr-rjxr-66jc\u003c/a\u003e, CVE-2026-4800, \u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e879aaa9\u003c/a\u003e). Fixes an incomplete patch for CVE-2021-23337. The \u003ccode\u003evariable\u003c/code\u003e option was validated against \u003ccode\u003ereForbiddenIdentifierChars\u003c/code\u003e but \u003ccode\u003eimportsKeys\u003c/code\u003e was left unguarded, allowing code injection via the same \u003ccode\u003eFunction()\u003c/code\u003e constructor sink. \u003ccode\u003eimports\u003c/code\u003e keys containing forbidden identifier characters now throw \u003ccode\u003e\u0026quot;Invalid imports option passed into _.template\u0026quot;\u003c/code\u003e.\u003c/p\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd security notice for \u003ccode\u003e_.template\u003c/code\u003e in threat model and API docs (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6099\"\u003e#6099\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDocument \u003ccode\u003elower \u0026gt; upper\u003c/code\u003e behavior in \u003ccode\u003e_.random\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6115\"\u003e#6115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix quotes in \u003ccode\u003e_.compact\u003c/code\u003e jsdoc (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6090\"\u003e#6090\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ccode\u003elodash.*\u003c/code\u003e modular packages\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6157\"\u003eDiff\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eWe have also regenerated and published a select number of the \u003ccode\u003elodash.*\u003c/code\u003e modular packages.\u003c/p\u003e\n\u003cp\u003eThese modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.orderby\"\u003elodash.orderby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.tonumber\"\u003elodash.tonumber\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trim\"\u003elodash.trim\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trimend\"\u003elodash.trimend\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.sortedindexby\"\u003elodash.sortedindexby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.zipobjectdeep\"\u003elodash.zipobjectdeep\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.unset\"\u003elodash.unset\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.omit\"\u003elodash.omit\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.template\"\u003elodash.template\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/cb0b9b9212521c08e3eafe7c8cb0af1b42b6649e\"\u003e\u003ccode\u003ecb0b9b9\u003c/code\u003e\u003c/a\u003e release(patch): bump main to 4.18.1 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6177\"\u003e#6177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/75535f57883b7225adb96de1cfc1cd4169cfcb51\"\u003e\u003ccode\u003e75535f5\u003c/code\u003e\u003c/a\u003e chore: prune stale advisory refs (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6170\"\u003e#6170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/62e91bc6a39c98d85b9ada8c44d40593deaf82a4\"\u003e\u003ccode\u003e62e91bc\u003c/code\u003e\u003c/a\u003e docs: remove n_ Node.js \u0026lt; 6 REPL note from README (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6165\"\u003e#6165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/59be2de61f8aa9461c7856533b51d31b7d8babc4\"\u003e\u003ccode\u003e59be2de\u003c/code\u003e\u003c/a\u003e release(minor): bump to 4.18.0 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6161\"\u003e#6161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/af634573030f979194871da7c68f79420992f53d\"\u003e\u003ccode\u003eaf63457\u003c/code\u003e\u003c/a\u003e fix: broken tests for _.template 879aaa9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/1073a7693e1727e0cf3641e5f71f75ddcf8de7c0\"\u003e\u003ccode\u003e1073a76\u003c/code\u003e\u003c/a\u003e fix: linting issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e\u003ccode\u003e879aaa9\u003c/code\u003e\u003c/a\u003e fix: validate imports keys in _.template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003e\u003ccode\u003efe8d32e\u003c/code\u003e\u003c/a\u003e fix: block prototype pollution in baseUnset via constructor/prototype traversal\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/18ba0a32f42fd02117f096b032f89c984173462d\"\u003e\u003ccode\u003e18ba0a3\u003c/code\u003e\u003c/a\u003e refactor(fromPairs): use baseAssignValue for consistent assignment (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6153\"\u003e#6153\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/b8190803d48d60b8c80ad45d39125f32fa618cb2\"\u003e\u003ccode\u003eb819080\u003c/code\u003e\u003c/a\u003e ci: add dist sync validation workflow (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6137\"\u003e#6137\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.21...4.18.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `diff` from 7.0.0 to 9.0.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kpdecker/jsdiff/blob/master/release-notes.md\"\u003ediff's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e9.0.0\u003c/h2\u003e\n\u003cp\u003e(All changes part of PR \u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/672\"\u003e#672\u003c/a\u003e.)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eES5 support is dropped\u003c/strong\u003e. \u003ccode\u003eparsePatch\u003c/code\u003e now uses \u003ccode\u003eTextDecoder\u003c/code\u003e and \u003ccode\u003eUint8Array\u003c/code\u003e, which are not available in ES5, and TypeScript is now compiled with the \u0026quot;es6\u0026quot; \u003ccode\u003etarget\u003c/code\u003e. From now on, I intend to freely use any features that are deemed \u0026quot;Widely available\u0026quot; by \u003ca href=\"https://web.dev/baseline\"\u003eBaseline\u003c/a\u003e. Users who need ES5 support should stick to version 8.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eC-style quoted strings in filename headers are now properly supported\u003c/strong\u003e.\u003c/p\u003e\n\u003cp\u003eWhen the name of either the old or new file in a patch contains \u0026quot;special characters\u0026quot;, both GNU \u003ccode\u003ediff\u003c/code\u003e and Git quote the filename in the patch's headers and escape special characters using the same escape sequences that are used in string literals in C, including octal escapes for all non-ASCII characters. Previously, jsdiff had very little support for this; \u003ccode\u003eparsePatch\u003c/code\u003e would remove the quotes, and unescape any escaped backslashes, but would not unescape other escape sequences. \u003ccode\u003eformatPatch\u003c/code\u003e, meanwhile, did not quote or escape special characters at all.\u003c/p\u003e\n\u003cp\u003eNow, \u003ccode\u003eparsePatch\u003c/code\u003e parses all the possible escape sequences that GNU diff (or Git) ever output, and \u003ccode\u003eformatPatch\u003c/code\u003e quotes and escapes filenames containing special characters in the same way GNU diff does.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003eformatPatch\u003c/code\u003e now omits file headers when \u003ccode\u003eoldFileName\u003c/code\u003e or \u003ccode\u003enewFileName\u003c/code\u003e in the provided patch object are \u003ccode\u003eundefined\u003c/code\u003e\u003c/strong\u003e, regardless of the \u003ccode\u003eheaderOptions\u003c/code\u003e parameter. (Previously, it would treat the absence of \u003ccode\u003eoldFileName\u003c/code\u003e or \u003ccode\u003enewFileName\u003c/code\u003e as indicating the filename was the word \u0026quot;undefined\u0026quot; and emit headers \u003ccode\u003e--- undefined\u003c/code\u003e / \u003ccode\u003e+++ undefined\u003c/code\u003e.)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003eformatPatch\u003c/code\u003e no longer outputs trailing tab characters at the end of \u003ccode\u003e---\u003c/code\u003e/\u003ccode\u003e+++\u003c/code\u003e headers.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003ePreviously, if \u003ccode\u003eformatPatch\u003c/code\u003e was passed a patch object to serialize that had empty strings for the \u003ccode\u003eoldHeader\u003c/code\u003e or \u003ccode\u003enewHeader\u003c/code\u003e property, it would include a trailing tab character after the filename in the \u003ccode\u003e---\u003c/code\u003e and/or \u003ccode\u003e+++\u003c/code\u003e file header. Now, this scenario is treated the same as when \u003ccode\u003eoldHeader\u003c/code\u003e/\u003ccode\u003enewHeader\u003c/code\u003e is \u003ccode\u003eundefined\u003c/code\u003e - i.e. the trailing tab is omitted.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003eformatPatch\u003c/code\u003e no longer mutates its input\u003c/strong\u003e when serializing a patch containing a hunk where either the old or new content contained zero lines. (Such a hunk occurs only when the hunk has no context lines and represents a pure insertion or pure deletion, which for instance will occur whenever one of the two files being diffed is completely empty.) Previously \u003ccode\u003eformatPatch\u003c/code\u003e would provide the correct output but also mutate the \u003ccode\u003eoldLines\u003c/code\u003e or \u003ccode\u003enewLines\u003c/code\u003e property on the hunk, changing the meaning of the underlying patch.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eGit-style patches are now supported by \u003ccode\u003eparsePatch\u003c/code\u003e, \u003ccode\u003eformatPatch\u003c/code\u003e, and \u003ccode\u003ereversePatch\u003c/code\u003e\u003c/strong\u003e.\u003c/p\u003e\n\u003cp\u003ePatches output by \u003ccode\u003egit diff\u003c/code\u003e can include some features that are unlike those output by GNU \u003ccode\u003ediff\u003c/code\u003e, and therefore not handled by an ordinary unified diff format parser. An ordinary diff simply describes the differences between the \u003cem\u003econtent\u003c/em\u003e of two files, but Git diffs can also indicate, via \u0026quot;extended headers\u0026quot;, the creation or deletion of (potentially empty) files, indicate that a file was renamed, and contain information about file mode changes. Furthermore, when these changes appear in a diff in the absence of a content change (e.g. when an empty file is created, or a file is renamed without content changes), the patch will contain no associated \u003ccode\u003e---\u003c/code\u003e/\u003ccode\u003e+++\u003c/code\u003e file headers nor any hunks.\u003c/p\u003e\n\u003cp\u003ejsdiff previously did not support parsing Git's extended headers, nor hunkless patches. Now \u003ccode\u003eparsePatch\u003c/code\u003e parses some of the extended headers, parses hunkless Git patches, and can determine filenames (e.g. from the extended headers) when parsing a patch that includes no \u003ccode\u003e---\u003c/code\u003e or \u003ccode\u003e+++\u003c/code\u003e file headers. The additional information conveyed by the extended headers we support is recorded on new fields on the result object returned by \u003ccode\u003eparsePatch\u003c/code\u003e. See \u003ccode\u003eisGit\u003c/code\u003e and subsequent properties in the docs in the README.md file.\u003c/p\u003e\n\u003cp\u003e\u003ccode\u003eformatPatch\u003c/code\u003e now outputs extended headers based on these new Git-specific properties, and \u003ccode\u003ereversePatch\u003c/code\u003e respects them as far as possible (with one unavoidable caveat noted in the README.md file).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eUnpaired file headers now cause \u003ccode\u003eparsePatch\u003c/code\u003e to throw\u003c/strong\u003e.\u003c/p\u003e\n\u003cp\u003eIt remains acceptable to have a patch with no file headers whatsoever (e.g. one that begins with a \u003ccode\u003e@@\u003c/code\u003e hunk header on the very first line), but a patch with \u003cem\u003eonly\u003c/em\u003e a \u003ccode\u003e---\u003c/code\u003e header or only a \u003ccode\u003e+++\u003c/code\u003e header is now considered an error.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003eparsePatch\u003c/code\u003e is now more tolerant of \u0026quot;trailing garbage\u0026quot;\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eThat is: after a patch, or between files/indexes in a patch, it is now acceptable to have arbitrary lines of \u0026quot;garbage\u0026quot; (so long as they unambiguously have no syntactic meaning - e.g. trailing garbage that leads with a \u003ccode\u003e+\u003c/code\u003e, \u003ccode\u003e-\u003c/code\u003e, or \u003ccode\u003e \u003c/code\u003e and thus is interpretable as part of a hunk still triggers a throw).\u003c/p\u003e\n\u003cp\u003eThis means we no longer reject patches output by tools that include extra data in \u0026quot;garbage\u0026quot; lines not understood by generic unified diff parsers. (For example, SVN patches can include \u0026quot;Property changes on:\u0026quot; lines that generic unified diff parsers should discard as garbage; jsdiff previously threw errors when encountering them.)\u003c/p\u003e\n\u003cp\u003eThis change brings jsdiff's behaviour more in line with GNU \u003ccode\u003epatch\u003c/code\u003e, which is highly permissive of \u0026quot;garbage\u0026quot;.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eThe \u003ccode\u003eoldFileName\u003c/code\u003e and \u003ccode\u003enewFileName\u003c/code\u003e fields of \u003ccode\u003eStructuredPatch\u003c/code\u003e are now typed as \u003ccode\u003estring | undefined\u003c/code\u003e instead of \u003ccode\u003estring\u003c/code\u003e\u003c/strong\u003e. This type change reflects the (pre-existing) reality that \u003ccode\u003eparsePatch\u003c/code\u003e can produce patches without filenames (e.g. when parsing a patch that simply contains hunks with no file headers).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.0.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/667\"\u003e#667\u003c/a\u003e - \u003cstrong\u003efix another bug in \u003ccode\u003ediffWords\u003c/code\u003e when used with an \u003ccode\u003eIntl.Segmenter\u003c/code\u003e\u003c/strong\u003e. If the text to be diffed included a combining mark after a whitespace character (i.e. roughly speaking, an accented space), \u003ccode\u003ediffWords\u003c/code\u003e would previously crash. Now this case is handled correctly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.0.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/631\"\u003e#631\u003c/a\u003e - \u003cstrong\u003efix support for using an \u003ccode\u003eIntl.Segmenter\u003c/code\u003e with \u003ccode\u003ediffWords\u003c/code\u003e\u003c/strong\u003e. This has been almost completely broken since the feature was added in v6.0.0, since it would outright crash on any text that featured two consecutive newlines between a pair of words (a very common case).\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/635\"\u003e#635\u003c/a\u003e - \u003cstrong\u003esmall tweaks to tokenization behaviour of \u003ccode\u003ediffWords\u003c/code\u003e\u003c/strong\u003e when used \u003cem\u003ewithout\u003c/em\u003e an \u003ccode\u003eIntl.Segmenter\u003c/code\u003e. Specifically, the soft hyphen (U+00AD) is no longer considered to be a word break, and the multiplication and division signs (\u003ccode\u003e×\u003c/code\u003e and \u003ccode\u003e÷\u003c/code\u003e) are now treated as punctuation instead of as letters / word characters.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/ed13aca03aa25735fafc0645d1185e7a1c68fd8c\"\u003e\u003ccode\u003eed13aca\u003c/code\u003e\u003c/a\u003e Update version in package.json and in release notes (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/683\"\u003e#683\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/7a49317b503a932b88fc72ad9c57a481df038e24\"\u003e\u003ccode\u003e7a49317\u003c/code\u003e\u003c/a\u003e Bump dependencies again (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/682\"\u003e#682\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/afe5aecad189c9f5941ad3feb3c94c46b32ecb0a\"\u003e\u003ccode\u003eafe5aec\u003c/code\u003e\u003c/a\u003e Add Git support, and otherwise variously improve \u0026amp; fix parsePatch (and other ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/2e46779d8866ce7da1303a03db33ed038590c6f6\"\u003e\u003ccode\u003e2e46779\u003c/code\u003e\u003c/a\u003e Fix a typo (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/679\"\u003e#679\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/dd2f99497703a1540b2ae406b51c49b74b5fc1a1\"\u003e\u003ccode\u003edd2f994\u003c/code\u003e\u003c/a\u003e 8.0.4 release (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/678\"\u003e#678\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/3cc438434db53c5d1c40412b727ea7650f6f145a\"\u003e\u003ccode\u003e3cc4384\u003c/code\u003e\u003c/a\u003e Update docs on releasing to reflect migration to yarn berry (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/677\"\u003e#677\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/6fc2aa6b7672af08774b50aae00d97b99c5b5715\"\u003e\u003ccode\u003e6fc2aa6\u003c/code\u003e\u003c/a\u003e yarn up '*' \u0026amp;\u0026amp; yarn up -R '**' (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/676\"\u003e#676\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/af7393ac3404565dc8da655c2e7aeeed28c01ff7\"\u003e\u003ccode\u003eaf7393a\u003c/code\u003e\u003c/a\u003e yarn up '*' \u0026amp;\u0026amp; yarn up -R '**' (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/670\"\u003e#670\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/4b5d1800370bf29b61a3378fb8086aeb231d3ef7\"\u003e\u003ccode\u003e4b5d180\u003c/code\u003e\u003c/a\u003e Fix another bug in diffWords's \u0026quot;intlSegmenter\u0026quot; mode (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/667\"\u003e#667\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/10da50c466709e7bd4b192dac96af0af46f8b7bd\"\u003e\u003ccode\u003e10da50c\u003c/code\u003e\u003c/a\u003e yarn up '*' \u0026amp;\u0026amp; yarn up -R '**' (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/666\"\u003e#666\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kpdecker/jsdiff/compare/7.0.0...v9.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@modelcontextprotocol/sdk` from 1.15.1 to 1.29.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/releases\"\u003e@​modelcontextprotocol/sdk's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.29.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: treat v1.x as primary branch for npm latest tag (backport \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1577\"\u003e#1577\u003c/a\u003e) by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1749\"\u003emodelcontextprotocol/typescript-sdk#1749\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[v1.x] fix: disallow null (infinite) requested TTL by \u003ca href=\"https://github.com/LucaButBoring\"\u003e\u003ccode\u003e@​LucaButBoring\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1339\"\u003emodelcontextprotocol/typescript-sdk#1339\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[v1.x] fix: add missing size field to ResourceSchema by \u003ca href=\"https://github.com/olaservo\"\u003e\u003ccode\u003e@​olaservo\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1575\"\u003emodelcontextprotocol/typescript-sdk#1575\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd typings exports by \u003ca href=\"https://github.com/tdraier\"\u003e\u003ccode\u003e@​tdraier\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1623\"\u003emodelcontextprotocol/typescript-sdk#1623\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev1.x npm audit fix by \u003ca href=\"https://github.com/KKonstantinov\"\u003e\u003ccode\u003e@​KKonstantinov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1780\"\u003emodelcontextprotocol/typescript-sdk#1780\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev1.x \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1623\"\u003e#1623\u003c/a\u003e follow up -add missing types to package.json by \u003ca href=\"https://github.com/KKonstantinov\"\u003e\u003ccode\u003e@​KKonstantinov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1773\"\u003emodelcontextprotocol/typescript-sdk#1773\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[v1.x backport] Allow servers / clients to advertise extensions in the capability object by \u003ca href=\"https://github.com/localden\"\u003e\u003ccode\u003e@​localden\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1811\"\u003emodelcontextprotocol/typescript-sdk#1811\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(stdio): always set windowsHide on Windows, not just in Electron by \u003ca href=\"https://github.com/jnMetaCode\"\u003e\u003ccode\u003e@​jnMetaCode\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1640\"\u003emodelcontextprotocol/typescript-sdk#1640\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: bump version to 1.29.0 by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1820\"\u003emodelcontextprotocol/typescript-sdk#1820\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tdraier\"\u003e\u003ccode\u003e@​tdraier\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1623\"\u003emodelcontextprotocol/typescript-sdk#1623\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jnMetaCode\"\u003e\u003ccode\u003e@​jnMetaCode\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1640\"\u003emodelcontextprotocol/typescript-sdk#1640\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/v1.28.0...v1.29.0\"\u003ehttps://github.com/modelcontextprotocol/typescript-sdk/compare/v1.28.0...v1.29.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.28.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: use scopes_supported from resource metadata by default (fixes \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/580\"\u003e#580\u003c/a\u003e) by \u003ca href=\"https://github.com/antogyn\"\u003e\u003ccode\u003e@​antogyn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/757\"\u003emodelcontextprotocol/typescript-sdk#757\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[v1.x backport] Default to client_secret_basic when server omits token_endpoint_auth_methods_supported by \u003ca href=\"https://github.com/pcarleton\"\u003e\u003ccode\u003e@​pcarleton\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1611\"\u003emodelcontextprotocol/typescript-sdk#1611\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: reject plain JSON Schema objects passed as inputSchema by \u003ca href=\"https://github.com/tiluckdave\"\u003e\u003ccode\u003e@​tiluckdave\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1596\"\u003emodelcontextprotocol/typescript-sdk#1596\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: clear _timeoutInfo in _onclose() and scope .finally() abort controller cleanup by \u003ca href=\"https://github.com/pcarleton\"\u003e\u003ccode\u003e@​pcarleton\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1462\"\u003emodelcontextprotocol/typescript-sdk#1462\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(server/auth): RFC 8252 loopback port relaxation by \u003ca href=\"https://github.com/poteat\"\u003e\u003ccode\u003e@​poteat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1738\"\u003emodelcontextprotocol/typescript-sdk#1738\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: bump version to 1.28.0 by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1746\"\u003emodelcontextprotocol/typescript-sdk#1746\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/antogyn\"\u003e\u003ccode\u003e@​antogyn\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/757\"\u003emodelcontextprotocol/typescript-sdk#757\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tiluckdave\"\u003e\u003ccode\u003e@​tiluckdave\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1596\"\u003emodelcontextprotocol/typescript-sdk#1596\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/poteat\"\u003e\u003ccode\u003e@​poteat\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1738\"\u003emodelcontextprotocol/typescript-sdk#1738\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/v1.27.1...v1.28.0\"\u003ehttps://github.com/modelcontextprotocol/typescript-sdk/compare/v1.27.1...v1.28.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.27.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: implement auth/pre-registration conformance scenario by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1545\"\u003emodelcontextprotocol/typescript-sdk#1545\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: add governance documentation for SEP-1730 by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1547\"\u003emodelcontextprotocol/typescript-sdk#1547\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: comprehensive feature documentation for SEP-1730 Tier 1 by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1548\"\u003emodelcontextprotocol/typescript-sdk#1548\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: prevent command injection in example URL opening (v1.x backport) by \u003ca href=\"https://github.com/maxisbey\"\u003e\u003ccode\u003e@​maxisbey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1579\"\u003emodelcontextprotocol/typescript-sdk#1579\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: call onerror for silently swallowed transport errors by \u003ca href=\"https://github.com/qing-ant\"\u003e\u003ccode\u003e@​qing-ant\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1580\"\u003emodelcontextprotocol/typescript-sdk#1580\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: bump version to 1.27.1 by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1581\"\u003emodelcontextprotocol/typescript-sdk#1581\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qing-ant\"\u003e\u003ccode\u003e@​qing-ant\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1580\"\u003emodelcontextprotocol/typescript-sdk#1580\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/v1.27.0...v1.27.1\"\u003ehttps://github.com/modelcontextprotocol/typescript-sdk/compare/v1.27.0...v1.27.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.27.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/e12cbd7078db388152f6e839abdbe09ba01f3f32\"\u003e\u003ccode\u003ee12cbd7\u003c/code\u003e\u003c/a\u003e chore: bump version to 1.29.0 (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1820\"\u003e#1820\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/3913fd4443a86536155e3ebef9edd2045c372c1e\"\u003e\u003ccode\u003e3913fd4\u003c/code\u003e\u003c/a\u003e fix(stdio): always set windowsHide on Windows, not just in Electron (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1640\"\u003e#1640\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/5608e78dd0d4ca6cd7dd03278419578f1780365a\"\u003e\u003ccode\u003e5608e78\u003c/code\u003e\u003c/a\u003e [v1.x backport] Allow servers / clients to advertise extensions in the capabi...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/7213816788e634ffb9d09affe50f0295093bfb73\"\u003e\u003ccode\u003e7213816\u003c/code\u003e\u003c/a\u003e v1.x \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1623\"\u003e#1623\u003c/a\u003e follow up -add missing types to package.json (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1773\"\u003e#1773\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/364f38ca2d8895aed7c37b7a0a1031bb7ae4841c\"\u003e\u003ccode\u003e364f38c\u003c/code\u003e\u003c/a\u003e v1.x npm audit fix (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1780\"\u003e#1780\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/c95cc0943b045517e4cc414baf1f168b216c3142\"\u003e\u003ccode\u003ec95cc09\u003c/code\u003e\u003c/a\u003e Add typings exports (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1623\"\u003e#1623\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/ddadaa6cc633fb5db0c094bf031b15b68a357820\"\u003e\u003ccode\u003eddadaa6\u003c/code\u003e\u003c/a\u003e [v1.x] fix: add missing size field to ResourceSchema (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1575\"\u003e#1575\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/2a158513028d9f862c4188b6957e78cd5663f26b\"\u003e\u003ccode\u003e2a15851\u003c/code\u003e\u003c/a\u003e [v1.x] fix: disallow null (infinite) requested TTL (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1339\"\u003e#1339\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/13e30f1d36de8442417fec695983bdb155c00768\"\u003e\u003ccode\u003e13e30f1\u003c/code\u003e\u003c/a\u003e fix: treat v1.x as primary branch for npm latest tag (backport \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1577\"\u003e#1577\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1749\"\u003e#1749\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/a0565695218544fc53e99bf5b544a887d373cefa\"\u003e\u003ccode\u003ea056569\u003c/code\u003e\u003c/a\u003e chore: bump version to 1.28.0 (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1746\"\u003e#1746\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/1.15.1...v1.29.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~pcarleton\"\u003epcarleton\u003c/a\u003e, a new releaser for \u003ccode\u003e@​modelcontextprotocol/sdk\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@opentelemetry/sdk-node` from 0.52.1 to 0.218.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/releases\"\u003e@​opentelemetry/sdk-node's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eexperimental/v0.218.0\u003c/h2\u003e\n\u003ch2\u003e0.218.0\u003c/h2\u003e\n\u003ch3\u003e:rocket: Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat(otlp-transformer): replace protobufjs metrics serialization with custom implementation \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6629\"\u003e#6625\u003c/a\u003e \u003ca href=\"https://github.com/pichlermarc\"\u003e\u003ccode\u003e@​pichlermarc\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(configuration): show all config validation errors, if there are multiple \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6683\"\u003e#6683\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(sdk-node): allow startNodeSDK() without an arg \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6688\"\u003e#6688\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e:house: Internal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003erefactor(sdk-logs): alias \u003ccode\u003eLoggerProviderConfig\u003c/code\u003e to \u003ccode\u003eLoggerProviderOptions\u003c/code\u003e \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6691\"\u003e#6691\u003c/a\u003e \u003ca href=\"https://github.com/david-luna\"\u003e\u003ccode\u003e@​david-luna\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erefactor(sdk-logs): use \u003ccode\u003eLogger.enabled()\u003c/code\u003e within \u003ccode\u003eLogger.emit()\u003c/code\u003e implementation \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6680\"\u003e#6680\u003c/a\u003e \u003ca href=\"https://github.com/david-luna\"\u003e\u003ccode\u003e@​david-luna\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eexperimental/v0.217.0\u003c/h2\u003e\n\u003ch2\u003e0.217.0\u003c/h2\u003e\n\u003ch3\u003e:rocket: Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat(otlp-transformer): replace protobufjs trace serialization with custom implementation \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6625\"\u003e#6625\u003c/a\u003e \u003ca href=\"https://github.com/pichlermarc\"\u003e\u003ccode\u003e@​pichlermarc\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(configuration): auto-generate TypeScript types from OTel declarative config JSON schema (stable v1.0.0) using \u003ccode\u003ejson-schema-to-typescript\u003c/code\u003e and \u003ccode\u003eajv\u003c/code\u003e \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6533\"\u003e#6533\u003c/a\u003e \u003ca href=\"https://github.com/MikeGoldsmith\"\u003e\u003ccode\u003e@​MikeGoldsmith\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(configuration, sdk-node): \u003ccode\u003estartNodeSDK()\u003c/code\u003e code path now uses \u003ccode\u003elog_level\u003c/code\u003e configuration to setup a DiagConsoleLogger \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6668\"\u003e#6668\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eNote that allowed values for \u003ccode\u003elog_level\u003c/code\u003e in a configuration YAML file are \u003cem\u003enot\u003c/em\u003e the same set as for \u003ccode\u003eOTEL_LOG_LEVEL\u003c/code\u003e. Use \u003ccode\u003elog_level: trace\u003c/code\u003e to see \u003cem\u003eall\u003c/em\u003e logs (equivalent of \u003ccode\u003eOTEL_LOG_LEVEL=ALL\u003c/code\u003e). Use \u003ccode\u003elog_level: fatal\u003c/code\u003e to effectively disable the SDK's internal diagnostic logger (equivalent of \u003ccode\u003eOTEL_LOG_LEVEL=NONE\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eIf \u003ccode\u003elog_level\u003c/code\u003e is not specified, a diagnostic console logger at \u0026quot;info\u0026quot; level will be setup.\u003c/li\u003e\n\u003cli\u003eAn invalid YAML config file will now result in a noop OTel SDK.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e:bug: Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix(configuration): do not validate \u003ccode\u003eOTEL_CONFIG_FILE\u003c/code\u003e value before using it for file config \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6643\"\u003e#6643\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(configuration): improve how 'additionalProperties' in JSON schema is translated to TS types \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6650\"\u003e#6650\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(configuration): remove stripMinItems and preprocessNullArrays from validation/parsing \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6657\"\u003e#6657\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(configuration): improve handling of enums in generated types \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6659\"\u003e#6659\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(configuration): improve the technique for removing '| null' on types the JSON Schema \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6662\"\u003e#6662\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(sampler-jaeger-remote): add missing axios dep \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6656\"\u003e#6656\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(exporter-prometheus): handle malformed URLs in Prometheus exporter request handler \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6674\"\u003e#6674\u003c/a\u003e \u003ca href=\"https://github.com/homanp\"\u003e\u003ccode\u003e@​homanp\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eexperimental/v0.216.0\u003c/h2\u003e\n\u003ch2\u003e0.216.0\u003c/h2\u003e\n\u003ch3\u003e:rocket: Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat(sdk-node): wire attribute_keys from declarative configuration to ViewOptions.attributesProcessors \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6427\"\u003e#6427\u003c/a\u003e \u003ca href=\"https://github.com/ravitheja4531-cell\"\u003e\u003ccode\u003e@​ravitheja4531-cell\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(sdk-node): set TracerProvider in startNodeSDK() \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6607\"\u003e#6607\u003c/a\u003e \u003ca href=\"https://github.com/maryliag\"\u003e\u003ccode\u003e@​maryliag\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e:bug: Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix(instrumentation-xml-http-request): avoid unwrapping \u003ccode\u003eXMLHttpRequest\u003c/code\u003e API when disabling \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6611\"\u003e#6611\u003c/a\u003e \u003ca href=\"https://github.com/david-luna\"\u003e\u003ccode\u003e@​david-luna\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(instrumentation-fetch): tolerate non-writable \u003ccode\u003eglobalThis.fetch\u003c/code\u003e and fix premature \u003ccode\u003e_isEnabled\u003c/code\u003e / \u003ccode\u003e_isFetchPatched\u003c/code\u003e flips in \u003ccode\u003eenable()\u003c/code\u003e \u003ca href=\"https://github.com/brunorodmoreira\"\u003e\u003ccode\u003e@​brunorodmoreira\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/06ad0eaaecbd49f5ead871325f852cc2a3454079\"\u003e\u003ccode\u003e06ad0ea\u003c/code\u003e\u003c/a\u003e chore: prepare next release (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6703\"\u003e#6703\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/38ca257e64ebd13f5603d5539f8a48d6d9232037\"\u003e\u003ccode\u003e38ca257\u003c/code\u003e\u003c/a\u003e feat(otlp-transformer): replace protobufjs metrics serialization with custom ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/013c60085b84351a4c1e4e4f79e3dd67c56661cd\"\u003e\u003ccode\u003e013c600\u003c/code\u003e\u003c/a\u003e chore: prepare next release (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6699\"\u003e#6699\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/b7a0c63bde39d7916fdb73cbb3d64cf1c93282c5\"\u003e\u003ccode\u003eb7a0c63\u003c/code\u003e\u003c/a\u003e feat(semantic-conventions): update semantic conventions to v1.41.1 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6695\"\u003e#6695\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/774143b2c6667c6537c000ab48ea5ce998278ca0\"\u003e\u003ccode\u003e774143b\u003c/code\u003e\u003c/a\u003e chore(renovate): add minimumReleaseAge to config (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6697\"\u003e#6697\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/e0dafe0d9fadaccf7dd8d7b02dd85531356e2ac1\"\u003e\u003ccode\u003ee0dafe0\u003c/code\u003e\u003c/a\u003e fix(otlp-exporter-base): remove brackets from IPv6 hostname in HTTP transport...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/f804c93d1d6d903036b8bf38f8c3713dbbaf0360\"\u003e\u003ccode\u003ef804c93\u003c/code\u003e\u003c/a\u003e chore(deps): update github/codeql-action digest to 68bde55 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6682\"\u003e#6682\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/95e48e7afcc475ded350b95b43070c54591ecbbb\"\u003e\u003ccode\u003e95e48e7\u003c/code\u003e\u003c/a\u003e refactor(sdk-logs): alias \u003ccode\u003eLoggerProviderConfig\u003c/code\u003e to \u003ccode\u003eLoggerProviderOptions\u003c/code\u003e (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/907b627d9ada25844b0f06551ecd9bbda5c0ea4f\"\u003e\u003ccode\u003e907b627\u003c/code\u003e\u003c/a\u003e feat(sdk-node): allow startNodeSDK() without an arg (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6688\"\u003e#6688\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/0d1526198fafe7f90078ff353103d0427e6c64d4\"\u003e\u003ccode\u003e0d15261\u003c/code\u003e\u003c/a\u003e docs: Add SIG meeting info and welcoming language (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6689\"\u003e#6689\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/compare/experimental/v0.52.1...experimental/v0.218.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for \u003ccode\u003e@​opentelemetry/sdk-node\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ajv` from 8.17.1 to 8.18.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ajv-validator/ajv/releases\"\u003eajv's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.18.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: allow tree-shaking by adding \u003ccode\u003e\u0026quot;sideEffects\u0026quot;: false\u003c/code\u003e to \u003ccode\u003epackage.json\u003c/code\u003e by \u003ca href=\"https://github.com/josdejong\"\u003e\u003ccode\u003e@​josdejong\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2480\"\u003eajv-validator/ajv#2480\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2482\"\u003e#2482\u003c/a\u003e Infinity and NaN serialise to null by \u003ca href=\"https://github.com/jasoniangreen\"\u003e\u003ccode\u003e@​jasoniangreen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2487\"\u003eajv-validator/ajv#2487\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: small grammatical error in managing-schemas.md by \u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2508\"\u003eajv-validator/ajv#2508\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: typos in schema-language.md by \u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2507\"\u003eajv-validator/ajv#2507\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(pattern): use configured RegExp engine with $data keyword to mitigate ReDoS attacks (CVE-2025-69873) by \u003ca href=\"https://github.com/epoberezkin\"\u003e\u003ccode\u003e@​epoberezkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2586\"\u003eajv-validator/ajv#2586\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/josdejong\"\u003e\u003ccode\u003e@​josdejong\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2480\"\u003eajv-validator/ajv#2480\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2508\"\u003eajv-validator/ajv#2508\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0\"\u003ehttps://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/142ce84b807c4fe66e619c22480a28d0e4bd50fa\"\u003e\u003ccode\u003e142ce84\u003c/code\u003e\u003c/a\u003e 8.18.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/720a23fa453ffae8340e92c9b0fe886c54cfe0d5\"\u003e\u003ccode\u003e720a23f\u003c/code\u003e\u003c/a\u003e fix(pattern): use configured RegExp engine with $data keyword to mitigate ReD...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/82735a15826a30cc51e97a1bbfb59b3d388e4b98\"\u003e\u003ccode\u003e82735a1\u003c/code\u003e\u003c/a\u003e fix: typos in schema-language.md (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2507\"\u003e#2507\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/b17ec32cd97542e90ae27231d8a8bce88b9e53b6\"\u003e\u003ccode\u003eb17ec32\u003c/code\u003e\u003c/a\u003e fix: small grammatical error in managing-schemas.md (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2508\"\u003e#2508\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/69568d08564303e2c32a2de61feb833b41075f96\"\u003e\u003ccode\u003e69568d0\u003c/code\u003e\u003c/a\u003e fix: \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2482\"\u003e#2482\u003c/a\u003e Infinity and NaN serialise to null (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2487\"\u003e#2487\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/f06766f33ed7291f84c19f22a1286a34475fbdaf\"\u003e\u003ccode\u003ef06766f\u003c/code\u003e\u003c/a\u003e feat: allow tree-shaking by adding ``\u0026quot;sideEffects\u0026quot;: false\u003ccode\u003eto\u003c/code\u003epackage.json` ...\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `simple-git` from 3.28.0 to 3.36.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/steveukx/git-js/releases\"\u003esimple-git's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003esimple-git@3.36.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e89a2294: Extend known exploitable configuration keys and per-task environment variables.\u003c/p\u003e\n\u003cp\u003eNote - \u003ccode\u003eParsedVulnerabilities\u003c/code\u003e from \u003ccode\u003eargv-parser\u003c/code\u003e is removed in favour of a readonly array of \u003ccode\u003eVulnerability\u003c/code\u003e to match usage in \u003ccode\u003esimple-git\u003c/code\u003e, rolled into the new \u003ccode\u003evulnerabilityCheck\u003c/code\u003e for simpler access to the identified issues.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/zebbern\"\u003e\u003ccode\u003e@​zebbern\u003c/code\u003e\u003c/a\u003e for identifying the need to block \u003ccode\u003ecore.fsmonitor\u003c/code\u003e.\nThanks to \u003ca href=\"https://github.com/kodareef5\"\u003e\u003ccode\u003e@​kodareef5\u003c/code\u003e\u003c/a\u003e for identifying the need to block \u003ccode\u003eGIT_CONFIG_COUNT\u003c/code\u003e environment variables and \u003ccode\u003e--template\u003c/code\u003e / \u003ccode\u003emerge\u003c/code\u003e related config.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e1ad57e8: Remove conflicting node:buffer import\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [89a2294]\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [675570a]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/argv-parser\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.1.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/args-pathspec\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esimple-git@3.35.2\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e0cf9d8c: Improvements for mono-repo publishing pipeline\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [0cf9d8c]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/args-pathspec\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.2\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/argv-parser\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esimple-git@3.35.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e0de400e: Update monorepo version handling during publish\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [0de400e]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/argv-parser\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.2\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esimple-git@3.33.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ea263635: Use \u003ccode\u003epathspec\u003c/code\u003e wrappers for remote and local paths when running either \u003ccode\u003egit.clone\u003c/code\u003e or \u003ccode\u003egit.mirror\u003c/code\u003e to\navoid leaving them less open for unexpected outcomes when passing unsanitised data into these tasks.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003ee253a0d: Enhanced \u003ccode\u003egit -c\u003c/code\u003e checks in \u003ccode\u003eunsafe\u003c/code\u003e plugin.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/JohannesLks\"\u003e\u003ccode\u003e@​JohannesLks\u003c/code\u003e\u003c/a\u003e for identifying the issue\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esimple-git@3.32.3\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ef704208: Enhanced \u003ccode\u003eprotocol.allow\u003c/code\u003e checks in \u003ccode\u003eallowUnsafeExtProtocol\u003c/code\u003e handling.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/steveukx/git-js/blob/main/simple-git/CHANGELOG.md\"\u003esimple-git's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.36.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e89a2294: Extend known exploitable configuration keys and per-task environment variables.\u003c/p\u003e\n\u003cp\u003eNote - \u003ccode\u003eParsedVulnerabilities\u003c/code\u003e from \u003ccode\u003eargv-parser\u003c/code\u003e is removed in favour of a readonly array of \u003ccode\u003eVulnerability\u003c/code\u003e to match usage in \u003ccode\u003esimple-git\u003c/code\u003e, rolled into the new \u003ccode\u003evulnerabilityCheck\u003c/code\u003e for simpler access to the identified issues.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/zebbern\"\u003e\u003ccode\u003e@​zebbern\u003c/code\u003e\u003c/a\u003e for identifying the need to block \u003ccode\u003ecore.fsmonitor\u003c/code\u003e.\nThanks to \u003ca href=\"https://github.com/kodareef5\"\u003e\u003ccode\u003e@​kodareef5\u003c/code\u003e\u003c/a\u003e for identifying the need to block \u003ccode\u003eGIT_CONFIG_COUNT\u003c/code\u003e environment variables and \u003ccode\u003e--template\u003c/code\u003e / \u003ccode\u003emerge\u003c/code\u003e related config.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e1ad57e8: Remove conflicting node:buffer import\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [89a2294]\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [675570a]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/argv-parser\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.1.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/args-pathspec\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.35.2\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e0cf9d8c: Improvements for mono-repo publishing pipeline\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [0cf9d8c]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/args-pathspec\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.2\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/argv-parser\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.35.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e0de400e: Update monorepo version handling during publish\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [0de400e]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/argv-parser\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.2\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.35.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e3d8708b: Updating publish config\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated dependencies [3d8708b]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/args-pathspec\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.1\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/argv-parser\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.34.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/7dc1a532a9ec92fb08c93202954be73175b07d83\"\u003e\u003ccode\u003e7dc1a53\u003c/code\u003e\u003c/a\u003e Version Packages\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/76f5376bd418cb8baf5ec32757af442d47128e22\"\u003e\u003ccode\u003e76f5376\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://github.com/steveukx/git-js/tree/HEAD/simple-git/issues/1061\"\u003e#1061\u003c/a\u003e from Vinzent03/fix/buffer-import\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/89a2294febed5dfe737c4c735d936bb6018746a8\"\u003e\u003ccode\u003e89a2294\u003c/code\u003e\u003c/a\u003e Environment Parsing (\u003ca href=\"https://github.com/steveukx/git-js/tree/HEAD/simple-git/issues/1156\"\u003e#1156\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/1b91b762f047777ca6686f34ac3f7b8a543a4780\"\u003e\u003ccode\u003e1b91b76\u003c/code\u003e\u003c/a\u003e fix: remove explicit node:buffer import\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/e390685960a3461875dce89d87ab80e3143d79fe\"\u003e\u003ccode\u003ee390685\u003c/code\u003e\u003c/a\u003e Version Packages\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/3c9e4b8309667d0cb4102cda770f92075fc781dd\"\u003e\u003ccode\u003e3c9e4b8\u003c/code\u003e\u003c/a\u003e Pin version of \u003ccode\u003e@​simple-git/args-pathspec\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/94ee21fd5a2a6182fbf0f218a5efca2057b567cd\"\u003e\u003ccode\u003e94ee21f\u003c/code\u003e\u003c/a\u003e Export \u003ccode\u003epathspec\u003c/code\u003e types through \u003ccode\u003esimple-git\u003c/code\u003e for backward compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/6d7cb5174273aa33d131172d3770cb386e795171\"\u003e\u003ccode\u003e6d7cb51\u003c/code\u003e\u003c/a\u003e Version Packages\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/0de400e7b014a48113acf673b3409a95b9c87a15\"\u003e\u003ccode\u003e0de400e\u003c/code\u003e\u003c/a\u003e Switch to semver from workspace revisions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/2264722abcb637042dd4cc50d903d69e4ee14b38\"\u003e\u003ccode\u003e2264722\u003c/code\u003e\u003c/a\u003e Version Packages\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/steveukx/git-js/commits/simple-git@3.36.0/simple-git\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for simple-git since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `undici` from 7.10.0 to 7.25.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodejs/undici/releases\"\u003eundici's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.25.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.24.8...v7.25.0\"\u003ehttps://github.com/nodejs/undici/compare/v7.24.8...v7.25.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.24.8\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: backport 401 stream-backed body fix to v7.x by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/5006\"\u003enodejs/undici#5006\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.24.7...v7.24.8\"\u003ehttps://github.com/nodejs/undici/compare/v7.24.7...v7.24.8\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.24.7\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: update broken links in file \u0026quot;Dispatcher.md\u0026quot; by \u003ca href=\"https://github.com/samuel871211\"\u003e\u003ccode\u003e@​samuel871211\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4924\"\u003enodejs/undici#4924\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edoc: remove unused parameter \u003ccode\u003eredirectionLimitReached\u003c/code\u003e by \u003ca href=\"https://github.com/samuel871211\"\u003e\u003ccode\u003e@​samuel871211\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4933\"\u003enodejs/undici#4933\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: skip flaky macOS Node 20 cookie fetch cases by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4932\"\u003enodejs/undici#4932\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(types): align Response with DOM fetch types by \u003ca href=\"https://github.com/theamodhshetty\"\u003e\u003ccode\u003e@​theamodhshetty\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4867\"\u003enodejs/undici#4867\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(types): Fix clone method type declaration to be an instance method rather than instance property by \u003ca href=\"https://github.com/mistval\"\u003e\u003ccode\u003e@​mistval\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4925\"\u003enodejs/undici#4925\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: skip IPv6 tests when IPv6 is not available by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4939\"\u003enodejs/undici#4939\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: correctly handle multi-value rawHeaders in fetch by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4938\"\u003enodejs/undici#4938\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eignore AGENTS.md by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4942\"\u003enodejs/undici#4942\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/samuel871211\"\u003e\u003ccode\u003e@​samuel871211\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4924\"\u003enodejs/undici#4924\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mistval\"\u003e\u003ccode\u003e@​mistval\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4925\"\u003enodejs/undici#4925\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.24.6...v7.24.7\"\u003ehttps://github.com/nodejs/undici/compare/v7.24.6...v7.24.7\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.24.6\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(test): client wasm compatible with clang 22 by \u003ca href=\"https://github.com/rozzilla\"\u003e\u003ccode\u003e@​rozzilla\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4909\"\u003enodejs/undici#4909\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(mock): improve error message when intercepts are exhausted by \u003ca href=\"https://github.com/travisbreaks\"\u003e\u003ccode\u003e@​travisbreaks\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4912\"\u003enodejs/undici#4912\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(websocket): support open diagnostics over h2 by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4921\"\u003enodejs/undici#4921\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: assume http/https scheme for scheme-less proxy env vars by \u003ca href=\"https://github.com/travisbreaks\"\u003e\u003ccode\u003e@​travisbreaks\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4914\"\u003enodejs/undici#4914\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(cache): check Authorization on request headers per RFC 9111 §3.5 by \u003ca href=\"https://github.com/metalix2\"\u003e\u003ccode\u003e@​metalix2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4911\"\u003enodejs/undici#4911\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: wrap kConnector call in try/catch to prevent client hang by \u003ca href=\"https://github.com/veeceey\"\u003e\u003ccode\u003e@​veeceey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4834\"\u003enodejs/undici#4834\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: clarify fetch and FormData pairing by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4922\"\u003enodejs/undici#4922\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: support Connection header with connection-specific header names per RFC 7230 by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4775\"\u003enodejs/undici#4775\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: avoid prototype collisions in parseHeaders by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4923\"\u003enodejs/undici#4923\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump typescript from 5.9.3 to 6.0.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4926\"\u003enodejs/undici#4926\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: auto-init WPT submodule by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4930\"\u003enodejs/undici#4930\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rozzilla\"\u003e\u003ccode\u003e@​rozzilla\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4909\"\u003enodejs/undici#4909\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/veeceey\"\u003e\u003ccode\u003e@​veeceey\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4834\"\u003enodejs/undici#4834\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.24.5...v7.24.6\"\u003ehttps://github.com/nodejs/undici/compare/v7.24.5...v7.24.6\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/12d9045923b7caebb1ae6975ef34c29dbcfd95d0\"\u003e\u003ccode\u003e12d9045\u003c/code\u003e\u003c/a\u003e Bumped v7.25.0 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/5025\"\u003e#5025\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/7a6f7febb30a30748a04f38c21e3641c77d21b0e\"\u003e\u003ccode\u003e7a6f7fe\u003c/code\u003e\u003c/a\u003e Bumped v7.24.8 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/5020\"\u003e#5020\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/1f85ae4b27ed6401e7ccc35eb546ad2e5976121f\"\u003e\u003ccode\u003e1f85ae4\u003c/code\u003e\u003c/a\u003e fix: avoid 401 failures for stream-backed request bodies (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4941\"\u003e#4941\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/5006\"\u003e#5006\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/c6610674dfad7c205ddf0f27831133973ad7894e\"\u003e\u003ccode\u003ec661067\u003c/code\u003e\u003c/a\u003e chore: update v7.x maintenance release flow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/84f23e2a19cd0f585579c4257d801e4ec2d65dbd\"\u003e\u003ccode\u003e84f23e2\u003c/code\u003e\u003c/a\u003e Bumped v7.24.7 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4947\"\u003e#4947\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/a770b1033201984b9e8082a9bf955414bff5dc2e\"\u003e\u003ccode\u003ea770b10\u003c/code\u003e\u003c/a\u003e ignore AGENTS.md (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4942\"\u003e#4942\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/6acd19beaf67c1a2d07bcd38f40d0b751a81e7cc\"\u003e\u003ccode\u003e6acd19b\u003c/code\u003e\u003c/a\u003e fix: correctly handle multi-value rawHeaders in fetch (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4938\"\u003e#4938\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/1da1c747c7d6e01b93ab295e0efb86623f3c8e06\"\u003e\u003ccode\u003e1da1c74\u003c/code\u003e\u003c/a\u003e test: skip IPv6 tests when IPv6 is not available (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4939\"\u003e#4939\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/04cb77327f7ada95c2e5b67424cddcb22d7bf882\"\u003e\u003ccode\u003e04cb773\u003c/code\u003e\u003c/a\u003e fix(types): Fix clone method type declaration to be an instance method rather...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/5145a7c47080d1715b2723591def3a75b0c3ba63\"\u003e\u003ccode\u003e5145a7c\u003c/code\u003e\u003c/a\u003e fix(types): align Response with DOM fetch types (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4867\"\u003e#4867\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nodejs/undici/compare/v7.10.0...v7.25.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for undici since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `brace-expansion` from 1.1.12 to 1.1.14\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/10c05fcf3699b1a29ef5e611c011af3d3c97e6e3\"\u003e\u003ccode\u003e10c05fc\u003c/code\u003e\u003c/a\u003e 1.1.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/1afa1b22ead12f6a7a02f25bf0f7d64c2439b007\"\u003e\u003ccode\u003e1afa1b2\u003c/code\u003e\u003c/a\u003e Add opt-in { max } mitigation to v1 l...\n\n_Description has been truncated_","html_url":"https://github.com/vroonhof/gemini-cli/pull/14","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/vroonhof%2Fgemini-cli/issues/14","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/14/packages"}},{"old_version":"4.0.0","new_version":"4.0.1","update_type":"patch","path":null,"pr_created_at":"2026-05-13T09:04:22.000Z","version_change":"4.0.0 → 4.0.1","issue":{"uuid":"4436451191","node_id":"PR_kwDOPFeS3s7bCnRK","number":24,"state":"closed","title":"build(deps): bump the npm_and_yarn group across 3 directories with 21 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-05-23T09:51:50.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-13T09:04:22.000Z","updated_at":"2026-05-23T09:51:52.000Z","time_to_close":866848,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"npm_and_yarn","update_count":21,"packages":[{"name":"glob","old_version":"10.4.5","new_version":"10.5.0","repository_url":"https://github.com/isaacs/node-glob"},{"name":"lodash","old_version":"4.17.21","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"diff","old_version":"7.0.0","new_version":"9.0.0","repository_url":"https://github.com/kpdecker/jsdiff"},{"name":"@modelcontextprotocol/sdk","old_version":"1.15.1","new_version":"1.29.0","repository_url":"https://github.com/modelcontextprotocol/typescript-sdk"},{"name":"@opentelemetry/sdk-node","old_version":"0.52.1","new_version":"0.218.0","repository_url":"https://github.com/open-telemetry/opentelemetry-js"},{"name":"ajv","old_version":"8.17.1","new_version":"8.18.0","repository_url":"https://github.com/ajv-validator/ajv"},{"name":"simple-git","old_version":"3.28.0","new_version":"3.36.0","repository_url":"https://github.com/steveukx/git-js"},{"name":"undici","old_version":"7.10.0","new_version":"7.25.0","repository_url":"https://github.com/nodejs/undici"},{"name":"brace-expansion","old_version":"1.1.12","new_version":"1.1.14","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"minimatch","old_version":"3.1.2","new_version":"3.1.5","repository_url":"https://github.com/isaacs/minimatch"},{"name":"fast-uri","old_version":"3.0.6","new_version":"3.1.2","repository_url":"https://github.com/fastify/fast-uri"},{"name":"flatted","old_version":"3.3.3","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"js-yaml","old_version":"4.1.0","new_version":"4.1.1","repository_url":"https://github.com/nodeca/js-yaml"},{"name":"jws","old_version":"4.0.0","new_version":"4.0.1","repository_url":"https://github.com/brianloveswords/node-jws"},{"name":"path-to-regexp","old_version":"8.2.0","new_version":"8.4.2","repository_url":"https://github.com/pillarjs/path-to-regexp"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"picomatch","old_version":"4.0.2","new_version":"4.0.4","repository_url":"https://github.com/micromatch/picomatch"},{"name":"rollup","old_version":"4.44.0","new_version":"4.60.3","repository_url":"https://github.com/rollup/rollup"},{"name":"vite","old_version":"7.0.0","new_version":"7.3.3","repository_url":"https://github.com/vitejs/vite"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 18 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [glob](https://github.com/isaacs/node-glob) | `10.4.5` | `10.5.0` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [diff](https://github.com/kpdecker/jsdiff) | `7.0.0` | `9.0.0` |\n| [@modelcontextprotocol/sdk](https://github.com/modelcontextprotocol/typescript-sdk) | `1.15.1` | `1.29.0` |\n| [@opentelemetry/sdk-node](https://github.com/open-telemetry/opentelemetry-js) | `0.52.1` | `0.218.0` |\n| [ajv](https://github.com/ajv-validator/ajv) | `8.17.1` | `8.18.0` |\n| [simple-git](https://github.com/steveukx/git-js/tree/HEAD/simple-git) | `3.28.0` | `3.36.0` |\n| [undici](https://github.com/nodejs/undici) | `7.10.0` | `7.25.0` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.12` | `1.1.14` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [fast-uri](https://github.com/fastify/fast-uri) | `3.0.6` | `3.1.2` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `4.1.0` | `4.1.1` |\n| [jws](https://github.com/brianloveswords/node-jws) | `4.0.0` | `4.0.1` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `8.2.0` | `8.4.2` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [picomatch](https://github.com/micromatch/picomatch) | `4.0.2` | `4.0.4` |\n| [rollup](https://github.com/rollup/rollup) | `4.44.0` | `4.60.3` |\n| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `7.0.0` | `7.3.3` |\n\nBumps the npm_and_yarn group with 10 updates in the /packages/core directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [glob](https://github.com/isaacs/node-glob) | `10.4.5` | `12.0.0` |\n| [diff](https://github.com/kpdecker/jsdiff) | `7.0.0` | `8.0.3` |\n| [@modelcontextprotocol/sdk](https://github.com/modelcontextprotocol/typescript-sdk) | `1.12.3` | `1.29.0` |\n| [@opentelemetry/sdk-node](https://github.com/open-telemetry/opentelemetry-js) | `0.52.1` | `0.217.0` |\n| [simple-git](https://github.com/steveukx/git-js/tree/HEAD/simple-git) | `3.28.0` | `3.36.0` |\n| [undici](https://github.com/nodejs/undici) | `7.10.0` | `7.24.0` |\n| [jws](https://github.com/brianloveswords/node-jws) | `4.0.0` | `4.0.1` |\n| [protobufjs](https://github.com/protobufjs/protobuf.js) | `7.5.3` | `7.5.8` |\n| [rollup](https://github.com/rollup/rollup) | `4.43.0` | `4.60.3` |\n| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `6.3.5` | `7.3.3` |\n\nBumps the npm_and_yarn group with 8 updates in the /packages/vscode-ide-companion directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [@modelcontextprotocol/sdk](https://github.com/modelcontextprotocol/typescript-sdk) | `1.15.1` | `1.26.0` |\n| [ajv](https://github.com/ajv-validator/ajv) | `6.12.6` | `6.15.0` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.12` | `1.1.14` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `2.0.2` | `2.1.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [minimatch](https://github.com/isaacs/minimatch) | `9.0.5` | `9.0.9` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `4.1.0` | `4.1.1` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `8.2.0` | `8.4.2` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n\n\nUpdates `glob` from 10.4.5 to 10.5.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-glob/commit/56774ef73b495eb0b17cdd0f42921f5ef62297c1\"\u003e\u003ccode\u003e56774ef\u003c/code\u003e\u003c/a\u003e 10.5.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-glob/commit/1e4e297342a09f2aa0ced87fcd4a70ddc325d75f\"\u003e\u003ccode\u003e1e4e297\u003c/code\u003e\u003c/a\u003e bin: Do not expose filenames to shell expansion\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/isaacs/node-glob/compare/v10.4.5...v10.5.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lodash` from 4.17.21 to 4.18.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lodash/lodash/releases\"\u003elodash's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.18.1\u003c/h2\u003e\n\u003ch2\u003eBugs\u003c/h2\u003e\n\u003cp\u003eFixes a \u003ccode\u003eReferenceError\u003c/code\u003e issue in \u003ccode\u003elodash\u003c/code\u003e \u003ccode\u003elodash-es\u003c/code\u003e \u003ccode\u003elodash-amd\u003c/code\u003e and \u003ccode\u003elodash.template\u003c/code\u003e when using the \u003ccode\u003etemplate\u003c/code\u003e and \u003ccode\u003efromPairs\u003c/code\u003e functions from the modular builds. See \u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6167#issuecomment-4165269769\"\u003elodash/lodash#6167\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThese defects were related to how lodash distributions are built from the main branch using \u003ca href=\"https://github.com/lodash-archive/lodash-cli\"\u003ehttps://github.com/lodash-archive/lodash-cli\u003c/a\u003e. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.\u003c/p\u003e\n\u003cp\u003eThere is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003elodash\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-es\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-amd\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash.template\u003c/code\u003e\u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.18.0\u003c/h2\u003e\n\u003ch2\u003ev4.18.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.23...4.18.0\"\u003ehttps://github.com/lodash/lodash/compare/4.17.23...4.18.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.unset\u003c/code\u003e / \u003ccode\u003e_.omit\u003c/code\u003e\u003c/strong\u003e: Fixed prototype pollution via \u003ccode\u003econstructor\u003c/code\u003e/\u003ccode\u003eprototype\u003c/code\u003e path traversal (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-f23m-r3pf-42rh\"\u003eGHSA-f23m-r3pf-42rh\u003c/a\u003e, \u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003efe8d32e\u003c/a\u003e). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now \u003ccode\u003econstructor\u003c/code\u003e and \u003ccode\u003eprototype\u003c/code\u003e are blocked unconditionally as non-terminal path keys, matching \u003ccode\u003ebaseSet\u003c/code\u003e. Calls that previously returned \u003ccode\u003etrue\u003c/code\u003e and deleted the property now return \u003ccode\u003efalse\u003c/code\u003e and leave the target untouched.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.template\u003c/code\u003e\u003c/strong\u003e: Fixed code injection via \u003ccode\u003eimports\u003c/code\u003e keys (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-r5fr-rjxr-66jc\"\u003eGHSA-r5fr-rjxr-66jc\u003c/a\u003e, CVE-2026-4800, \u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e879aaa9\u003c/a\u003e). Fixes an incomplete patch for CVE-2021-23337. The \u003ccode\u003evariable\u003c/code\u003e option was validated against \u003ccode\u003ereForbiddenIdentifierChars\u003c/code\u003e but \u003ccode\u003eimportsKeys\u003c/code\u003e was left unguarded, allowing code injection via the same \u003ccode\u003eFunction()\u003c/code\u003e constructor sink. \u003ccode\u003eimports\u003c/code\u003e keys containing forbidden identifier characters now throw \u003ccode\u003e\u0026quot;Invalid imports option passed into _.template\u0026quot;\u003c/code\u003e.\u003c/p\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd security notice for \u003ccode\u003e_.template\u003c/code\u003e in threat model and API docs (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6099\"\u003e#6099\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDocument \u003ccode\u003elower \u0026gt; upper\u003c/code\u003e behavior in \u003ccode\u003e_.random\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6115\"\u003e#6115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix quotes in \u003ccode\u003e_.compact\u003c/code\u003e jsdoc (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6090\"\u003e#6090\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ccode\u003elodash.*\u003c/code\u003e modular packages\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6157\"\u003eDiff\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eWe have also regenerated and published a select number of the \u003ccode\u003elodash.*\u003c/code\u003e modular packages.\u003c/p\u003e\n\u003cp\u003eThese modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.orderby\"\u003elodash.orderby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.tonumber\"\u003elodash.tonumber\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trim\"\u003elodash.trim\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trimend\"\u003elodash.trimend\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.sortedindexby\"\u003elodash.sortedindexby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.zipobjectdeep\"\u003elodash.zipobjectdeep\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.unset\"\u003elodash.unset\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.omit\"\u003elodash.omit\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.template\"\u003elodash.template\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/cb0b9b9212521c08e3eafe7c8cb0af1b42b6649e\"\u003e\u003ccode\u003ecb0b9b9\u003c/code\u003e\u003c/a\u003e release(patch): bump main to 4.18.1 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6177\"\u003e#6177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/75535f57883b7225adb96de1cfc1cd4169cfcb51\"\u003e\u003ccode\u003e75535f5\u003c/code\u003e\u003c/a\u003e chore: prune stale advisory refs (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6170\"\u003e#6170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/62e91bc6a39c98d85b9ada8c44d40593deaf82a4\"\u003e\u003ccode\u003e62e91bc\u003c/code\u003e\u003c/a\u003e docs: remove n_ Node.js \u0026lt; 6 REPL note from README (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6165\"\u003e#6165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/59be2de61f8aa9461c7856533b51d31b7d8babc4\"\u003e\u003ccode\u003e59be2de\u003c/code\u003e\u003c/a\u003e release(minor): bump to 4.18.0 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6161\"\u003e#6161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/af634573030f979194871da7c68f79420992f53d\"\u003e\u003ccode\u003eaf63457\u003c/code\u003e\u003c/a\u003e fix: broken tests for _.template 879aaa9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/1073a7693e1727e0cf3641e5f71f75ddcf8de7c0\"\u003e\u003ccode\u003e1073a76\u003c/code\u003e\u003c/a\u003e fix: linting issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e\u003ccode\u003e879aaa9\u003c/code\u003e\u003c/a\u003e fix: validate imports keys in _.template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003e\u003ccode\u003efe8d32e\u003c/code\u003e\u003c/a\u003e fix: block prototype pollution in baseUnset via constructor/prototype traversal\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/18ba0a32f42fd02117f096b032f89c984173462d\"\u003e\u003ccode\u003e18ba0a3\u003c/code\u003e\u003c/a\u003e refactor(fromPairs): use baseAssignValue for consistent assignment (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6153\"\u003e#6153\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/b8190803d48d60b8c80ad45d39125f32fa618cb2\"\u003e\u003ccode\u003eb819080\u003c/code\u003e\u003c/a\u003e ci: add dist sync validation workflow (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6137\"\u003e#6137\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.21...4.18.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `diff` from 7.0.0 to 9.0.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kpdecker/jsdiff/blob/master/release-notes.md\"\u003ediff's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e9.0.0\u003c/h2\u003e\n\u003cp\u003e(All changes part of PR \u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/672\"\u003e#672\u003c/a\u003e.)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eES5 support is dropped\u003c/strong\u003e. \u003ccode\u003eparsePatch\u003c/code\u003e now uses \u003ccode\u003eTextDecoder\u003c/code\u003e and \u003ccode\u003eUint8Array\u003c/code\u003e, which are not available in ES5, and TypeScript is now compiled with the \u0026quot;es6\u0026quot; \u003ccode\u003etarget\u003c/code\u003e. From now on, I intend to freely use any features that are deemed \u0026quot;Widely available\u0026quot; by \u003ca href=\"https://web.dev/baseline\"\u003eBaseline\u003c/a\u003e. Users who need ES5 support should stick to version 8.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eC-style quoted strings in filename headers are now properly supported\u003c/strong\u003e.\u003c/p\u003e\n\u003cp\u003eWhen the name of either the old or new file in a patch contains \u0026quot;special characters\u0026quot;, both GNU \u003ccode\u003ediff\u003c/code\u003e and Git quote the filename in the patch's headers and escape special characters using the same escape sequences that are used in string literals in C, including octal escapes for all non-ASCII characters. Previously, jsdiff had very little support for this; \u003ccode\u003eparsePatch\u003c/code\u003e would remove the quotes, and unescape any escaped backslashes, but would not unescape other escape sequences. \u003ccode\u003eformatPatch\u003c/code\u003e, meanwhile, did not quote or escape special characters at all.\u003c/p\u003e\n\u003cp\u003eNow, \u003ccode\u003eparsePatch\u003c/code\u003e parses all the possible escape sequences that GNU diff (or Git) ever output, and \u003ccode\u003eformatPatch\u003c/code\u003e quotes and escapes filenames containing special characters in the same way GNU diff does.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003eformatPatch\u003c/code\u003e now omits file headers when \u003ccode\u003eoldFileName\u003c/code\u003e or \u003ccode\u003enewFileName\u003c/code\u003e in the provided patch object are \u003ccode\u003eundefined\u003c/code\u003e\u003c/strong\u003e, regardless of the \u003ccode\u003eheaderOptions\u003c/code\u003e parameter. (Previously, it would treat the absence of \u003ccode\u003eoldFileName\u003c/code\u003e or \u003ccode\u003enewFileName\u003c/code\u003e as indicating the filename was the word \u0026quot;undefined\u0026quot; and emit headers \u003ccode\u003e--- undefined\u003c/code\u003e / \u003ccode\u003e+++ undefined\u003c/code\u003e.)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003eformatPatch\u003c/code\u003e no longer outputs trailing tab characters at the end of \u003ccode\u003e---\u003c/code\u003e/\u003ccode\u003e+++\u003c/code\u003e headers.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003ePreviously, if \u003ccode\u003eformatPatch\u003c/code\u003e was passed a patch object to serialize that had empty strings for the \u003ccode\u003eoldHeader\u003c/code\u003e or \u003ccode\u003enewHeader\u003c/code\u003e property, it would include a trailing tab character after the filename in the \u003ccode\u003e---\u003c/code\u003e and/or \u003ccode\u003e+++\u003c/code\u003e file header. Now, this scenario is treated the same as when \u003ccode\u003eoldHeader\u003c/code\u003e/\u003ccode\u003enewHeader\u003c/code\u003e is \u003ccode\u003eundefined\u003c/code\u003e - i.e. the trailing tab is omitted.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003eformatPatch\u003c/code\u003e no longer mutates its input\u003c/strong\u003e when serializing a patch containing a hunk where either the old or new content contained zero lines. (Such a hunk occurs only when the hunk has no context lines and represents a pure insertion or pure deletion, which for instance will occur whenever one of the two files being diffed is completely empty.) Previously \u003ccode\u003eformatPatch\u003c/code\u003e would provide the correct output but also mutate the \u003ccode\u003eoldLines\u003c/code\u003e or \u003ccode\u003enewLines\u003c/code\u003e property on the hunk, changing the meaning of the underlying patch.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eGit-style patches are now supported by \u003ccode\u003eparsePatch\u003c/code\u003e, \u003ccode\u003eformatPatch\u003c/code\u003e, and \u003ccode\u003ereversePatch\u003c/code\u003e\u003c/strong\u003e.\u003c/p\u003e\n\u003cp\u003ePatches output by \u003ccode\u003egit diff\u003c/code\u003e can include some features that are unlike those output by GNU \u003ccode\u003ediff\u003c/code\u003e, and therefore not handled by an ordinary unified diff format parser. An ordinary diff simply describes the differences between the \u003cem\u003econtent\u003c/em\u003e of two files, but Git diffs can also indicate, via \u0026quot;extended headers\u0026quot;, the creation or deletion of (potentially empty) files, indicate that a file was renamed, and contain information about file mode changes. Furthermore, when these changes appear in a diff in the absence of a content change (e.g. when an empty file is created, or a file is renamed without content changes), the patch will contain no associated \u003ccode\u003e---\u003c/code\u003e/\u003ccode\u003e+++\u003c/code\u003e file headers nor any hunks.\u003c/p\u003e\n\u003cp\u003ejsdiff previously did not support parsing Git's extended headers, nor hunkless patches. Now \u003ccode\u003eparsePatch\u003c/code\u003e parses some of the extended headers, parses hunkless Git patches, and can determine filenames (e.g. from the extended headers) when parsing a patch that includes no \u003ccode\u003e---\u003c/code\u003e or \u003ccode\u003e+++\u003c/code\u003e file headers. The additional information conveyed by the extended headers we support is recorded on new fields on the result object returned by \u003ccode\u003eparsePatch\u003c/code\u003e. See \u003ccode\u003eisGit\u003c/code\u003e and subsequent properties in the docs in the README.md file.\u003c/p\u003e\n\u003cp\u003e\u003ccode\u003eformatPatch\u003c/code\u003e now outputs extended headers based on these new Git-specific properties, and \u003ccode\u003ereversePatch\u003c/code\u003e respects them as far as possible (with one unavoidable caveat noted in the README.md file).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eUnpaired file headers now cause \u003ccode\u003eparsePatch\u003c/code\u003e to throw\u003c/strong\u003e.\u003c/p\u003e\n\u003cp\u003eIt remains acceptable to have a patch with no file headers whatsoever (e.g. one that begins with a \u003ccode\u003e@@\u003c/code\u003e hunk header on the very first line), but a patch with \u003cem\u003eonly\u003c/em\u003e a \u003ccode\u003e---\u003c/code\u003e header or only a \u003ccode\u003e+++\u003c/code\u003e header is now considered an error.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003eparsePatch\u003c/code\u003e is now more tolerant of \u0026quot;trailing garbage\u0026quot;\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eThat is: after a patch, or between files/indexes in a patch, it is now acceptable to have arbitrary lines of \u0026quot;garbage\u0026quot; (so long as they unambiguously have no syntactic meaning - e.g. trailing garbage that leads with a \u003ccode\u003e+\u003c/code\u003e, \u003ccode\u003e-\u003c/code\u003e, or \u003ccode\u003e \u003c/code\u003e and thus is interpretable as part of a hunk still triggers a throw).\u003c/p\u003e\n\u003cp\u003eThis means we no longer reject patches output by tools that include extra data in \u0026quot;garbage\u0026quot; lines not understood by generic unified diff parsers. (For example, SVN patches can include \u0026quot;Property changes on:\u0026quot; lines that generic unified diff parsers should discard as garbage; jsdiff previously threw errors when encountering them.)\u003c/p\u003e\n\u003cp\u003eThis change brings jsdiff's behaviour more in line with GNU \u003ccode\u003epatch\u003c/code\u003e, which is highly permissive of \u0026quot;garbage\u0026quot;.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eThe \u003ccode\u003eoldFileName\u003c/code\u003e and \u003ccode\u003enewFileName\u003c/code\u003e fields of \u003ccode\u003eStructuredPatch\u003c/code\u003e are now typed as \u003ccode\u003estring | undefined\u003c/code\u003e instead of \u003ccode\u003estring\u003c/code\u003e\u003c/strong\u003e. This type change reflects the (pre-existing) reality that \u003ccode\u003eparsePatch\u003c/code\u003e can produce patches without filenames (e.g. when parsing a patch that simply contains hunks with no file headers).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.0.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/667\"\u003e#667\u003c/a\u003e - \u003cstrong\u003efix another bug in \u003ccode\u003ediffWords\u003c/code\u003e when used with an \u003ccode\u003eIntl.Segmenter\u003c/code\u003e\u003c/strong\u003e. If the text to be diffed included a combining mark after a whitespace character (i.e. roughly speaking, an accented space), \u003ccode\u003ediffWords\u003c/code\u003e would previously crash. Now this case is handled correctly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.0.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/631\"\u003e#631\u003c/a\u003e - \u003cstrong\u003efix support for using an \u003ccode\u003eIntl.Segmenter\u003c/code\u003e with \u003ccode\u003ediffWords\u003c/code\u003e\u003c/strong\u003e. This has been almost completely broken since the feature was added in v6.0.0, since it would outright crash on any text that featured two consecutive newlines between a pair of words (a very common case).\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/635\"\u003e#635\u003c/a\u003e - \u003cstrong\u003esmall tweaks to tokenization behaviour of \u003ccode\u003ediffWords\u003c/code\u003e\u003c/strong\u003e when used \u003cem\u003ewithout\u003c/em\u003e an \u003ccode\u003eIntl.Segmenter\u003c/code\u003e. Specifically, the soft hyphen (U+00AD) is no longer considered to be a word break, and the multiplication and division signs (\u003ccode\u003e×\u003c/code\u003e and \u003ccode\u003e÷\u003c/code\u003e) are now treated as punctuation instead of as letters / word characters.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/ed13aca03aa25735fafc0645d1185e7a1c68fd8c\"\u003e\u003ccode\u003eed13aca\u003c/code\u003e\u003c/a\u003e Update version in package.json and in release notes (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/683\"\u003e#683\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/7a49317b503a932b88fc72ad9c57a481df038e24\"\u003e\u003ccode\u003e7a49317\u003c/code\u003e\u003c/a\u003e Bump dependencies again (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/682\"\u003e#682\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/afe5aecad189c9f5941ad3feb3c94c46b32ecb0a\"\u003e\u003ccode\u003eafe5aec\u003c/code\u003e\u003c/a\u003e Add Git support, and otherwise variously improve \u0026amp; fix parsePatch (and other ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/2e46779d8866ce7da1303a03db33ed038590c6f6\"\u003e\u003ccode\u003e2e46779\u003c/code\u003e\u003c/a\u003e Fix a typo (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/679\"\u003e#679\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/dd2f99497703a1540b2ae406b51c49b74b5fc1a1\"\u003e\u003ccode\u003edd2f994\u003c/code\u003e\u003c/a\u003e 8.0.4 release (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/678\"\u003e#678\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/3cc438434db53c5d1c40412b727ea7650f6f145a\"\u003e\u003ccode\u003e3cc4384\u003c/code\u003e\u003c/a\u003e Update docs on releasing to reflect migration to yarn berry (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/677\"\u003e#677\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/6fc2aa6b7672af08774b50aae00d97b99c5b5715\"\u003e\u003ccode\u003e6fc2aa6\u003c/code\u003e\u003c/a\u003e yarn up '*' \u0026amp;\u0026amp; yarn up -R '**' (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/676\"\u003e#676\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/af7393ac3404565dc8da655c2e7aeeed28c01ff7\"\u003e\u003ccode\u003eaf7393a\u003c/code\u003e\u003c/a\u003e yarn up '*' \u0026amp;\u0026amp; yarn up -R '**' (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/670\"\u003e#670\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/4b5d1800370bf29b61a3378fb8086aeb231d3ef7\"\u003e\u003ccode\u003e4b5d180\u003c/code\u003e\u003c/a\u003e Fix another bug in diffWords's \u0026quot;intlSegmenter\u0026quot; mode (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/667\"\u003e#667\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/10da50c466709e7bd4b192dac96af0af46f8b7bd\"\u003e\u003ccode\u003e10da50c\u003c/code\u003e\u003c/a\u003e yarn up '*' \u0026amp;\u0026amp; yarn up -R '**' (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/666\"\u003e#666\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kpdecker/jsdiff/compare/7.0.0...v9.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@modelcontextprotocol/sdk` from 1.15.1 to 1.29.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/releases\"\u003e@​modelcontextprotocol/sdk's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.29.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: treat v1.x as primary branch for npm latest tag (backport \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1577\"\u003e#1577\u003c/a\u003e) by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1749\"\u003emodelcontextprotocol/typescript-sdk#1749\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[v1.x] fix: disallow null (infinite) requested TTL by \u003ca href=\"https://github.com/LucaButBoring\"\u003e\u003ccode\u003e@​LucaButBoring\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1339\"\u003emodelcontextprotocol/typescript-sdk#1339\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[v1.x] fix: add missing size field to ResourceSchema by \u003ca href=\"https://github.com/olaservo\"\u003e\u003ccode\u003e@​olaservo\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1575\"\u003emodelcontextprotocol/typescript-sdk#1575\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd typings exports by \u003ca href=\"https://github.com/tdraier\"\u003e\u003ccode\u003e@​tdraier\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1623\"\u003emodelcontextprotocol/typescript-sdk#1623\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev1.x npm audit fix by \u003ca href=\"https://github.com/KKonstantinov\"\u003e\u003ccode\u003e@​KKonstantinov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1780\"\u003emodelcontextprotocol/typescript-sdk#1780\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev1.x \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1623\"\u003e#1623\u003c/a\u003e follow up -add missing types to package.json by \u003ca href=\"https://github.com/KKonstantinov\"\u003e\u003ccode\u003e@​KKonstantinov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1773\"\u003emodelcontextprotocol/typescript-sdk#1773\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[v1.x backport] Allow servers / clients to advertise extensions in the capability object by \u003ca href=\"https://github.com/localden\"\u003e\u003ccode\u003e@​localden\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1811\"\u003emodelcontextprotocol/typescript-sdk#1811\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(stdio): always set windowsHide on Windows, not just in Electron by \u003ca href=\"https://github.com/jnMetaCode\"\u003e\u003ccode\u003e@​jnMetaCode\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1640\"\u003emodelcontextprotocol/typescript-sdk#1640\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: bump version to 1.29.0 by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1820\"\u003emodelcontextprotocol/typescript-sdk#1820\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tdraier\"\u003e\u003ccode\u003e@​tdraier\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1623\"\u003emodelcontextprotocol/typescript-sdk#1623\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jnMetaCode\"\u003e\u003ccode\u003e@​jnMetaCode\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1640\"\u003emodelcontextprotocol/typescript-sdk#1640\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/v1.28.0...v1.29.0\"\u003ehttps://github.com/modelcontextprotocol/typescript-sdk/compare/v1.28.0...v1.29.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.28.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: use scopes_supported from resource metadata by default (fixes \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/580\"\u003e#580\u003c/a\u003e) by \u003ca href=\"https://github.com/antogyn\"\u003e\u003ccode\u003e@​antogyn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/757\"\u003emodelcontextprotocol/typescript-sdk#757\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[v1.x backport] Default to client_secret_basic when server omits token_endpoint_auth_methods_supported by \u003ca href=\"https://github.com/pcarleton\"\u003e\u003ccode\u003e@​pcarleton\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1611\"\u003emodelcontextprotocol/typescript-sdk#1611\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: reject plain JSON Schema objects passed as inputSchema by \u003ca href=\"https://github.com/tiluckdave\"\u003e\u003ccode\u003e@​tiluckdave\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1596\"\u003emodelcontextprotocol/typescript-sdk#1596\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: clear _timeoutInfo in _onclose() and scope .finally() abort controller cleanup by \u003ca href=\"https://github.com/pcarleton\"\u003e\u003ccode\u003e@​pcarleton\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1462\"\u003emodelcontextprotocol/typescript-sdk#1462\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(server/auth): RFC 8252 loopback port relaxation by \u003ca href=\"https://github.com/poteat\"\u003e\u003ccode\u003e@​poteat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1738\"\u003emodelcontextprotocol/typescript-sdk#1738\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: bump version to 1.28.0 by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1746\"\u003emodelcontextprotocol/typescript-sdk#1746\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/antogyn\"\u003e\u003ccode\u003e@​antogyn\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/757\"\u003emodelcontextprotocol/typescript-sdk#757\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tiluckdave\"\u003e\u003ccode\u003e@​tiluckdave\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1596\"\u003emodelcontextprotocol/typescript-sdk#1596\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/poteat\"\u003e\u003ccode\u003e@​poteat\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1738\"\u003emodelcontextprotocol/typescript-sdk#1738\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/v1.27.1...v1.28.0\"\u003ehttps://github.com/modelcontextprotocol/typescript-sdk/compare/v1.27.1...v1.28.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.27.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: implement auth/pre-registration conformance scenario by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1545\"\u003emodelcontextprotocol/typescript-sdk#1545\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: add governance documentation for SEP-1730 by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1547\"\u003emodelcontextprotocol/typescript-sdk#1547\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: comprehensive feature documentation for SEP-1730 Tier 1 by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1548\"\u003emodelcontextprotocol/typescript-sdk#1548\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: prevent command injection in example URL opening (v1.x backport) by \u003ca href=\"https://github.com/maxisbey\"\u003e\u003ccode\u003e@​maxisbey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1579\"\u003emodelcontextprotocol/typescript-sdk#1579\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: call onerror for silently swallowed transport errors by \u003ca href=\"https://github.com/qing-ant\"\u003e\u003ccode\u003e@​qing-ant\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1580\"\u003emodelcontextprotocol/typescript-sdk#1580\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: bump version to 1.27.1 by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1581\"\u003emodelcontextprotocol/typescript-sdk#1581\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qing-ant\"\u003e\u003ccode\u003e@​qing-ant\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1580\"\u003emodelcontextprotocol/typescript-sdk#1580\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/v1.27.0...v1.27.1\"\u003ehttps://github.com/modelcontextprotocol/typescript-sdk/compare/v1.27.0...v1.27.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.27.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/e12cbd7078db388152f6e839abdbe09ba01f3f32\"\u003e\u003ccode\u003ee12cbd7\u003c/code\u003e\u003c/a\u003e chore: bump version to 1.29.0 (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1820\"\u003e#1820\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/3913fd4443a86536155e3ebef9edd2045c372c1e\"\u003e\u003ccode\u003e3913fd4\u003c/code\u003e\u003c/a\u003e fix(stdio): always set windowsHide on Windows, not just in Electron (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1640\"\u003e#1640\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/5608e78dd0d4ca6cd7dd03278419578f1780365a\"\u003e\u003ccode\u003e5608e78\u003c/code\u003e\u003c/a\u003e [v1.x backport] Allow servers / clients to advertise extensions in the capabi...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/7213816788e634ffb9d09affe50f0295093bfb73\"\u003e\u003ccode\u003e7213816\u003c/code\u003e\u003c/a\u003e v1.x \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1623\"\u003e#1623\u003c/a\u003e follow up -add missing types to package.json (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1773\"\u003e#1773\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/364f38ca2d8895aed7c37b7a0a1031bb7ae4841c\"\u003e\u003ccode\u003e364f38c\u003c/code\u003e\u003c/a\u003e v1.x npm audit fix (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1780\"\u003e#1780\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/c95cc0943b045517e4cc414baf1f168b216c3142\"\u003e\u003ccode\u003ec95cc09\u003c/code\u003e\u003c/a\u003e Add typings exports (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1623\"\u003e#1623\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/ddadaa6cc633fb5db0c094bf031b15b68a357820\"\u003e\u003ccode\u003eddadaa6\u003c/code\u003e\u003c/a\u003e [v1.x] fix: add missing size field to ResourceSchema (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1575\"\u003e#1575\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/2a158513028d9f862c4188b6957e78cd5663f26b\"\u003e\u003ccode\u003e2a15851\u003c/code\u003e\u003c/a\u003e [v1.x] fix: disallow null (infinite) requested TTL (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1339\"\u003e#1339\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/13e30f1d36de8442417fec695983bdb155c00768\"\u003e\u003ccode\u003e13e30f1\u003c/code\u003e\u003c/a\u003e fix: treat v1.x as primary branch for npm latest tag (backport \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1577\"\u003e#1577\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1749\"\u003e#1749\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/a0565695218544fc53e99bf5b544a887d373cefa\"\u003e\u003ccode\u003ea056569\u003c/code\u003e\u003c/a\u003e chore: bump version to 1.28.0 (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1746\"\u003e#1746\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/1.15.1...v1.29.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~pcarleton\"\u003epcarleton\u003c/a\u003e, a new releaser for \u003ccode\u003e@​modelcontextprotocol/sdk\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@opentelemetry/sdk-node` from 0.52.1 to 0.218.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/releases\"\u003e@​opentelemetry/sdk-node's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eexperimental/v0.218.0\u003c/h2\u003e\n\u003ch2\u003e0.218.0\u003c/h2\u003e\n\u003ch3\u003e:rocket: Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat(otlp-transformer): replace protobufjs metrics serialization with custom implementation \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6629\"\u003e#6625\u003c/a\u003e \u003ca href=\"https://github.com/pichlermarc\"\u003e\u003ccode\u003e@​pichlermarc\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(configuration): show all config validation errors, if there are multiple \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6683\"\u003e#6683\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(sdk-node): allow startNodeSDK() without an arg \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6688\"\u003e#6688\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e:house: Internal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003erefactor(sdk-logs): alias \u003ccode\u003eLoggerProviderConfig\u003c/code\u003e to \u003ccode\u003eLoggerProviderOptions\u003c/code\u003e \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6691\"\u003e#6691\u003c/a\u003e \u003ca href=\"https://github.com/david-luna\"\u003e\u003ccode\u003e@​david-luna\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erefactor(sdk-logs): use \u003ccode\u003eLogger.enabled()\u003c/code\u003e within \u003ccode\u003eLogger.emit()\u003c/code\u003e implementation \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6680\"\u003e#6680\u003c/a\u003e \u003ca href=\"https://github.com/david-luna\"\u003e\u003ccode\u003e@​david-luna\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eexperimental/v0.217.0\u003c/h2\u003e\n\u003ch2\u003e0.217.0\u003c/h2\u003e\n\u003ch3\u003e:rocket: Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat(otlp-transformer): replace protobufjs trace serialization with custom implementation \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6625\"\u003e#6625\u003c/a\u003e \u003ca href=\"https://github.com/pichlermarc\"\u003e\u003ccode\u003e@​pichlermarc\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(configuration): auto-generate TypeScript types from OTel declarative config JSON schema (stable v1.0.0) using \u003ccode\u003ejson-schema-to-typescript\u003c/code\u003e and \u003ccode\u003eajv\u003c/code\u003e \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6533\"\u003e#6533\u003c/a\u003e \u003ca href=\"https://github.com/MikeGoldsmith\"\u003e\u003ccode\u003e@​MikeGoldsmith\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(configuration, sdk-node): \u003ccode\u003estartNodeSDK()\u003c/code\u003e code path now uses \u003ccode\u003elog_level\u003c/code\u003e configuration to setup a DiagConsoleLogger \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6668\"\u003e#6668\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eNote that allowed values for \u003ccode\u003elog_level\u003c/code\u003e in a configuration YAML file are \u003cem\u003enot\u003c/em\u003e the same set as for \u003ccode\u003eOTEL_LOG_LEVEL\u003c/code\u003e. Use \u003ccode\u003elog_level: trace\u003c/code\u003e to see \u003cem\u003eall\u003c/em\u003e logs (equivalent of \u003ccode\u003eOTEL_LOG_LEVEL=ALL\u003c/code\u003e). Use \u003ccode\u003elog_level: fatal\u003c/code\u003e to effectively disable the SDK's internal diagnostic logger (equivalent of \u003ccode\u003eOTEL_LOG_LEVEL=NONE\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eIf \u003ccode\u003elog_level\u003c/code\u003e is not specified, a diagnostic console logger at \u0026quot;info\u0026quot; level will be setup.\u003c/li\u003e\n\u003cli\u003eAn invalid YAML config file will now result in a noop OTel SDK.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e:bug: Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix(configuration): do not validate \u003ccode\u003eOTEL_CONFIG_FILE\u003c/code\u003e value before using it for file config \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6643\"\u003e#6643\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(configuration): improve how 'additionalProperties' in JSON schema is translated to TS types \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6650\"\u003e#6650\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(configuration): remove stripMinItems and preprocessNullArrays from validation/parsing \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6657\"\u003e#6657\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(configuration): improve handling of enums in generated types \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6659\"\u003e#6659\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(configuration): improve the technique for removing '| null' on types the JSON Schema \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6662\"\u003e#6662\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(sampler-jaeger-remote): add missing axios dep \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6656\"\u003e#6656\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(exporter-prometheus): handle malformed URLs in Prometheus exporter request handler \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6674\"\u003e#6674\u003c/a\u003e \u003ca href=\"https://github.com/homanp\"\u003e\u003ccode\u003e@​homanp\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eexperimental/v0.216.0\u003c/h2\u003e\n\u003ch2\u003e0.216.0\u003c/h2\u003e\n\u003ch3\u003e:rocket: Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat(sdk-node): wire attribute_keys from declarative configuration to ViewOptions.attributesProcessors \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6427\"\u003e#6427\u003c/a\u003e \u003ca href=\"https://github.com/ravitheja4531-cell\"\u003e\u003ccode\u003e@​ravitheja4531-cell\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(sdk-node): set TracerProvider in startNodeSDK() \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6607\"\u003e#6607\u003c/a\u003e \u003ca href=\"https://github.com/maryliag\"\u003e\u003ccode\u003e@​maryliag\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e:bug: Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix(instrumentation-xml-http-request): avoid unwrapping \u003ccode\u003eXMLHttpRequest\u003c/code\u003e API when disabling \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6611\"\u003e#6611\u003c/a\u003e \u003ca href=\"https://github.com/david-luna\"\u003e\u003ccode\u003e@​david-luna\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(instrumentation-fetch): tolerate non-writable \u003ccode\u003eglobalThis.fetch\u003c/code\u003e and fix premature \u003ccode\u003e_isEnabled\u003c/code\u003e / \u003ccode\u003e_isFetchPatched\u003c/code\u003e flips in \u003ccode\u003eenable()\u003c/code\u003e \u003ca href=\"https://github.com/brunorodmoreira\"\u003e\u003ccode\u003e@​brunorodmoreira\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/06ad0eaaecbd49f5ead871325f852cc2a3454079\"\u003e\u003ccode\u003e06ad0ea\u003c/code\u003e\u003c/a\u003e chore: prepare next release (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6703\"\u003e#6703\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/38ca257e64ebd13f5603d5539f8a48d6d9232037\"\u003e\u003ccode\u003e38ca257\u003c/code\u003e\u003c/a\u003e feat(otlp-transformer): replace protobufjs metrics serialization with custom ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/013c60085b84351a4c1e4e4f79e3dd67c56661cd\"\u003e\u003ccode\u003e013c600\u003c/code\u003e\u003c/a\u003e chore: prepare next release (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6699\"\u003e#6699\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/b7a0c63bde39d7916fdb73cbb3d64cf1c93282c5\"\u003e\u003ccode\u003eb7a0c63\u003c/code\u003e\u003c/a\u003e feat(semantic-conventions): update semantic conventions to v1.41.1 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6695\"\u003e#6695\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/774143b2c6667c6537c000ab48ea5ce998278ca0\"\u003e\u003ccode\u003e774143b\u003c/code\u003e\u003c/a\u003e chore(renovate): add minimumReleaseAge to config (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6697\"\u003e#6697\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/e0dafe0d9fadaccf7dd8d7b02dd85531356e2ac1\"\u003e\u003ccode\u003ee0dafe0\u003c/code\u003e\u003c/a\u003e fix(otlp-exporter-base): remove brackets from IPv6 hostname in HTTP transport...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/f804c93d1d6d903036b8bf38f8c3713dbbaf0360\"\u003e\u003ccode\u003ef804c93\u003c/code\u003e\u003c/a\u003e chore(deps): update github/codeql-action digest to 68bde55 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6682\"\u003e#6682\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/95e48e7afcc475ded350b95b43070c54591ecbbb\"\u003e\u003ccode\u003e95e48e7\u003c/code\u003e\u003c/a\u003e refactor(sdk-logs): alias \u003ccode\u003eLoggerProviderConfig\u003c/code\u003e to \u003ccode\u003eLoggerProviderOptions\u003c/code\u003e (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/907b627d9ada25844b0f06551ecd9bbda5c0ea4f\"\u003e\u003ccode\u003e907b627\u003c/code\u003e\u003c/a\u003e feat(sdk-node): allow startNodeSDK() without an arg (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6688\"\u003e#6688\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/0d1526198fafe7f90078ff353103d0427e6c64d4\"\u003e\u003ccode\u003e0d15261\u003c/code\u003e\u003c/a\u003e docs: Add SIG meeting info and welcoming language (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6689\"\u003e#6689\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/compare/experimental/v0.52.1...experimental/v0.218.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for \u003ccode\u003e@​opentelemetry/sdk-node\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ajv` from 8.17.1 to 8.18.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ajv-validator/ajv/releases\"\u003eajv's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.18.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: allow tree-shaking by adding \u003ccode\u003e\u0026quot;sideEffects\u0026quot;: false\u003c/code\u003e to \u003ccode\u003epackage.json\u003c/code\u003e by \u003ca href=\"https://github.com/josdejong\"\u003e\u003ccode\u003e@​josdejong\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2480\"\u003eajv-validator/ajv#2480\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2482\"\u003e#2482\u003c/a\u003e Infinity and NaN serialise to null by \u003ca href=\"https://github.com/jasoniangreen\"\u003e\u003ccode\u003e@​jasoniangreen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2487\"\u003eajv-validator/ajv#2487\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: small grammatical error in managing-schemas.md by \u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2508\"\u003eajv-validator/ajv#2508\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: typos in schema-language.md by \u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2507\"\u003eajv-validator/ajv#2507\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(pattern): use configured RegExp engine with $data keyword to mitigate ReDoS attacks (CVE-2025-69873) by \u003ca href=\"https://github.com/epoberezkin\"\u003e\u003ccode\u003e@​epoberezkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2586\"\u003eajv-validator/ajv#2586\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/josdejong\"\u003e\u003ccode\u003e@​josdejong\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2480\"\u003eajv-validator/ajv#2480\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2508\"\u003eajv-validator/ajv#2508\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0\"\u003ehttps://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/142ce84b807c4fe66e619c22480a28d0e4bd50fa\"\u003e\u003ccode\u003e142ce84\u003c/code\u003e\u003c/a\u003e 8.18.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/720a23fa453ffae8340e92c9b0fe886c54cfe0d5\"\u003e\u003ccode\u003e720a23f\u003c/code\u003e\u003c/a\u003e fix(pattern): use configured RegExp engine with $data keyword to mitigate ReD...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/82735a15826a30cc51e97a1bbfb59b3d388e4b98\"\u003e\u003ccode\u003e82735a1\u003c/code\u003e\u003c/a\u003e fix: typos in schema-language.md (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2507\"\u003e#2507\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/b17ec32cd97542e90ae27231d8a8bce88b9e53b6\"\u003e\u003ccode\u003eb17ec32\u003c/code\u003e\u003c/a\u003e fix: small grammatical error in managing-schemas.md (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2508\"\u003e#2508\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/69568d08564303e2c32a2de61feb833b41075f96\"\u003e\u003ccode\u003e69568d0\u003c/code\u003e\u003c/a\u003e fix: \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2482\"\u003e#2482\u003c/a\u003e Infinity and NaN serialise to null (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2487\"\u003e#2487\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/f06766f33ed7291f84c19f22a1286a34475fbdaf\"\u003e\u003ccode\u003ef06766f\u003c/code\u003e\u003c/a\u003e feat: allow tree-shaking by adding ``\u0026quot;sideEffects\u0026quot;: false\u003ccode\u003eto\u003c/code\u003epackage.json` ...\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `simple-git` from 3.28.0 to 3.36.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/steveukx/git-js/releases\"\u003esimple-git's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003esimple-git@3.36.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e89a2294: Extend known exploitable configuration keys and per-task environment variables.\u003c/p\u003e\n\u003cp\u003eNote - \u003ccode\u003eParsedVulnerabilities\u003c/code\u003e from \u003ccode\u003eargv-parser\u003c/code\u003e is removed in favour of a readonly array of \u003ccode\u003eVulnerability\u003c/code\u003e to match usage in \u003ccode\u003esimple-git\u003c/code\u003e, rolled into the new \u003ccode\u003evulnerabilityCheck\u003c/code\u003e for simpler access to the identified issues.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/zebbern\"\u003e\u003ccode\u003e@​zebbern\u003c/code\u003e\u003c/a\u003e for identifying the need to block \u003ccode\u003ecore.fsmonitor\u003c/code\u003e.\nThanks to \u003ca href=\"https://github.com/kodareef5\"\u003e\u003ccode\u003e@​kodareef5\u003c/code\u003e\u003c/a\u003e for identifying the need to block \u003ccode\u003eGIT_CONFIG_COUNT\u003c/code\u003e environment variables and \u003ccode\u003e--template\u003c/code\u003e / \u003ccode\u003emerge\u003c/code\u003e related config.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e1ad57e8: Remove conflicting node:buffer import\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [89a2294]\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [675570a]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/argv-parser\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.1.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/args-pathspec\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esimple-git@3.35.2\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e0cf9d8c: Improvements for mono-repo publishing pipeline\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [0cf9d8c]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/args-pathspec\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.2\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/argv-parser\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esimple-git@3.35.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e0de400e: Update monorepo version handling during publish\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [0de400e]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/argv-parser\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.2\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esimple-git@3.33.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ea263635: Use \u003ccode\u003epathspec\u003c/code\u003e wrappers for remote and local paths when running either \u003ccode\u003egit.clone\u003c/code\u003e or \u003ccode\u003egit.mirror\u003c/code\u003e to\navoid leaving them less open for unexpected outcomes when passing unsanitised data into these tasks.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003ee253a0d: Enhanced \u003ccode\u003egit -c\u003c/code\u003e checks in \u003ccode\u003eunsafe\u003c/code\u003e plugin.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/JohannesLks\"\u003e\u003ccode\u003e@​JohannesLks\u003c/code\u003e\u003c/a\u003e for identifying the issue\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esimple-git@3.32.3\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ef704208: Enhanced \u003ccode\u003eprotocol.allow\u003c/code\u003e checks in \u003ccode\u003eallowUnsafeExtProtocol\u003c/code\u003e handling.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/steveukx/git-js/blob/main/simple-git/CHANGELOG.md\"\u003esimple-git's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.36.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e89a2294: Extend known exploitable configuration keys and per-task environment variables.\u003c/p\u003e\n\u003cp\u003eNote - \u003ccode\u003eParsedVulnerabilities\u003c/code\u003e from \u003ccode\u003eargv-parser\u003c/code\u003e is removed in favour of a readonly array of \u003ccode\u003eVulnerability\u003c/code\u003e to match usage in \u003ccode\u003esimple-git\u003c/code\u003e, rolled into the new \u003ccode\u003evulnerabilityCheck\u003c/code\u003e for simpler access to the identified issues.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/zebbern\"\u003e\u003ccode\u003e@​zebbern\u003c/code\u003e\u003c/a\u003e for identifying the need to block \u003ccode\u003ecore.fsmonitor\u003c/code\u003e.\nThanks to \u003ca href=\"https://github.com/kodareef5\"\u003e\u003ccode\u003e@​kodareef5\u003c/code\u003e\u003c/a\u003e for identifying the need to block \u003ccode\u003eGIT_CONFIG_COUNT\u003c/code\u003e environment variables and \u003ccode\u003e--template\u003c/code\u003e / \u003ccode\u003emerge\u003c/code\u003e related config.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e1ad57e8: Remove conflicting node:buffer import\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [89a2294]\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [675570a]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/argv-parser\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.1.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/args-pathspec\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.35.2\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e0cf9d8c: Improvements for mono-repo publishing pipeline\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [0cf9d8c]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/args-pathspec\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.2\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/argv-parser\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.35.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e0de400e: Update monorepo version handling during publish\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [0de400e]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/argv-parser\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.2\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.35.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e3d8708b: Updating publish config\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated dependencies [3d8708b]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/args-pathspec\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.1\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/argv-parser\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.34.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/7dc1a532a9ec92fb08c93202954be73175b07d83\"\u003e\u003ccode\u003e7dc1a53\u003c/code\u003e\u003c/a\u003e Version Packages\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/76f5376bd418cb8baf5ec32757af442d47128e22\"\u003e\u003ccode\u003e76f5376\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://github.com/steveukx/git-js/tree/HEAD/simple-git/issues/1061\"\u003e#1061\u003c/a\u003e from Vinzent03/fix/buffer-import\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/89a2294febed5dfe737c4c735d936bb6018746a8\"\u003e\u003ccode\u003e89a2294\u003c/code\u003e\u003c/a\u003e Environment Parsing (\u003ca href=\"https://github.com/steveukx/git-js/tree/HEAD/simple-git/issues/1156\"\u003e#1156\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/1b91b762f047777ca6686f34ac3f7b8a543a4780\"\u003e\u003ccode\u003e1b91b76\u003c/code\u003e\u003c/a\u003e fix: remove explicit node:buffer import\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/e390685960a3461875dce89d87ab80e3143d79fe\"\u003e\u003ccode\u003ee390685\u003c/code\u003e\u003c/a\u003e Version Packages\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/3c9e4b8309667d0cb4102cda770f92075fc781dd\"\u003e\u003ccode\u003e3c9e4b8\u003c/code\u003e\u003c/a\u003e Pin version of \u003ccode\u003e@​simple-git/args-pathspec\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/94ee21fd5a2a6182fbf0f218a5efca2057b567cd\"\u003e\u003ccode\u003e94ee21f\u003c/code\u003e\u003c/a\u003e Export \u003ccode\u003epathspec\u003c/code\u003e types through \u003ccode\u003esimple-git\u003c/code\u003e for backward compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/6d7cb5174273aa33d131172d3770cb386e795171\"\u003e\u003ccode\u003e6d7cb51\u003c/code\u003e\u003c/a\u003e Version Packages\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/0de400e7b014a48113acf673b3409a95b9c87a15\"\u003e\u003ccode\u003e0de400e\u003c/code\u003e\u003c/a\u003e Switch to semver from workspace revisions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/2264722abcb637042dd4cc50d903d69e4ee14b38\"\u003e\u003ccode\u003e2264722\u003c/code\u003e\u003c/a\u003e Version Packages\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/steveukx/git-js/commits/simple-git@3.36.0/simple-git\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for simple-git since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `undici` from 7.10.0 to 7.25.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodejs/undici/releases\"\u003eundici's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.25.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.24.8...v7.25.0\"\u003ehttps://github.com/nodejs/undici/compare/v7.24.8...v7.25.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.24.8\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: backport 401 stream-backed body fix to v7.x by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/5006\"\u003enodejs/undici#5006\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.24.7...v7.24.8\"\u003ehttps://github.com/nodejs/undici/compare/v7.24.7...v7.24.8\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.24.7\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: update broken links in file \u0026quot;Dispatcher.md\u0026quot; by \u003ca href=\"https://github.com/samuel871211\"\u003e\u003ccode\u003e@​samuel871211\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4924\"\u003enodejs/undici#4924\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edoc: remove unused parameter \u003ccode\u003eredirectionLimitReached\u003c/code\u003e by \u003ca href=\"https://github.com/samuel871211\"\u003e\u003ccode\u003e@​samuel871211\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4933\"\u003enodejs/undici#4933\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: skip flaky macOS Node 20 cookie fetch cases by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4932\"\u003enodejs/undici#4932\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(types): align Response with DOM fetch types by \u003ca href=\"https://github.com/theamodhshetty\"\u003e\u003ccode\u003e@​theamodhshetty\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4867\"\u003enodejs/undici#4867\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(types): Fix clone method type declaration to be an instance method rather than instance property by \u003ca href=\"https://github.com/mistval\"\u003e\u003ccode\u003e@​mistval\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4925\"\u003enodejs/undici#4925\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: skip IPv6 tests when IPv6 is not available by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4939\"\u003enodejs/undici#4939\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: correctly handle multi-value rawHeaders in fetch by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4938\"\u003enodejs/undici#4938\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eignore AGENTS.md by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4942\"\u003enodejs/undici#4942\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/samuel871211\"\u003e\u003ccode\u003e@​samuel871211\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4924\"\u003enodejs/undici#4924\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mistval\"\u003e\u003ccode\u003e@​mistval\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4925\"\u003enodejs/undici#4925\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.24.6...v7.24.7\"\u003ehttps://github.com/nodejs/undici/compare/v7.24.6...v7.24.7\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.24.6\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(test): client wasm compatible with clang 22 by \u003ca href=\"https://github.com/rozzilla\"\u003e\u003ccode\u003e@​rozzilla\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4909\"\u003enodejs/undici#4909\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(mock): improve error message when intercepts are exhausted by \u003ca href=\"https://github.com/travisbreaks\"\u003e\u003ccode\u003e@​travisbreaks\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4912\"\u003enodejs/undici#4912\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(websocket): support open diagnostics over h2 by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4921\"\u003enodejs/undici#4921\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: assume http/https scheme for scheme-less proxy env vars by \u003ca href=\"https://github.com/travisbreaks\"\u003e\u003ccode\u003e@​travisbreaks\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4914\"\u003enodejs/undici#4914\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(cache): check Authorization on request headers per RFC 9111 §3.5 by \u003ca href=\"https://github.com/metalix2\"\u003e\u003ccode\u003e@​metalix2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4911\"\u003enodejs/undici#4911\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: wrap kConnector call in try/catch to prevent client hang by \u003ca href=\"https://github.com/veeceey\"\u003e\u003ccode\u003e@​veeceey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4834\"\u003enodejs/undici#4834\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: clarify fetch and FormData pairing by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4922\"\u003enodejs/undici#4922\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: support Connection header with connection-specific header names per RFC 7230 by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4775\"\u003enodejs/undici#4775\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: avoid prototype collisions in parseHeaders by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4923\"\u003enodejs/undici#4923\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump typescript from 5.9.3 to 6.0.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4926\"\u003enodejs/undici#4926\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: auto-init WPT submodule by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4930\"\u003enodejs/undici#4930\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rozzilla\"\u003e\u003ccode\u003e@​rozzilla\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4909\"\u003enodejs/undici#4909\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/veeceey\"\u003e\u003ccode\u003e@​veeceey\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4834\"\u003enodejs/undici#4834\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.24.5...v7.24.6\"\u003ehttps://github.com/nodejs/undici/compare/v7.24.5...v7.24.6\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/12d9045923b7caebb1ae6975ef34c29dbcfd95d0\"\u003e\u003ccode\u003e12d9045\u003c/code\u003e\u003c/a\u003e Bumped v7.25.0 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/5025\"\u003e#5025\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/7a6f7febb30a30748a04f38c21e3641c77d21b0e\"\u003e\u003ccode\u003e7a6f7fe\u003c/code\u003e\u003c/a\u003e Bumped v7.24.8 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/5020\"\u003e#5020\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/1f85ae4b27ed6401e7ccc35eb546ad2e5976121f\"\u003e\u003ccode\u003e1f85ae4\u003c/code\u003e\u003c/a\u003e fix: avoid 401 failures for stream-backed request bodies (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4941\"\u003e#4941\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/5006\"\u003e#5006\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/c6610674dfad7c205ddf0f27831133973ad7894e\"\u003e\u003ccode\u003ec661067\u003c/code\u003e\u003c/a\u003e chore: update v7.x maintenance release flow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/84f23e2a19cd0f585579c4257d801e4ec2d65dbd\"\u003e\u003ccode\u003e84f23e2\u003c/code\u003e\u003c/a\u003e Bumped v7.24.7 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4947\"\u003e#4947\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/a770b1033201984b9e8082a9bf955414bff5dc2e\"\u003e\u003ccode\u003ea770b10\u003c/code\u003e\u003c/a\u003e ignore AGENTS.md (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4942\"\u003e#4942\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/6acd19beaf67c1a2d07bcd38f40d0b751a81e7cc\"\u003e\u003ccode\u003e6acd19b\u003c/code\u003e\u003c/a\u003e fix: correctly handle multi-value rawHeaders in fetch (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4938\"\u003e#4938\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/1da1c747c7d6e01b93ab295e0efb86623f3c8e06\"\u003e\u003ccode\u003e1da1c74\u003c/code\u003e\u003c/a\u003e test: skip IPv6 tests when IPv6 is not available (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4939\"\u003e#4939\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/04cb77327f7ada95c2e5b67424cddcb22d7bf882\"\u003e\u003ccode\u003e04cb773\u003c/code\u003e\u003c/a\u003e fix(types): Fix clone method type declaration to be an instance method rather...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/5145a7c47080d1715b2723591def3a75b0c3ba63\"\u003e\u003ccode\u003e5145a7c\u003c/code\u003e\u003c/a\u003e fix(types): align Response with DOM fetch types (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4867\"\u003e#4867\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nodejs/undici/compare/v7.10.0...v7.25.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for undici since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `brace-expansion` from 1.1.12 to 1.1.14\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/10c05fcf3699b1a29ef5e611c011af3d3c97e6e3\"\u003e\u003ccode\u003e10c05fc\u003c/code\u003e\u003c/a\u003e 1.1.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/1afa1b22ead12f6a7a02f25bf0f7d64c2439b007\"\u003e\u003ccode\u003e1afa1b2\u003c/code\u003e\u003c/a\u003e Add opt-in { max } mitigation to v1 l...\n\n_Description has been truncated_","html_url":"https://github.com/ahump20/gemini-cli/pull/24","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/ahump20%2Fgemini-cli/issues/24","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/24/packages"}},{"old_version":"4.0.0","new_version":"4.0.1","update_type":"patch","path":null,"pr_created_at":"2026-05-13T04:43:07.000Z","version_change":"4.0.0 → 4.0.1","issue":{"uuid":"4434883572","node_id":"PR_kwDOPT2Fs87a9f30","number":33,"state":"open","title":"build(deps): bump the npm_and_yarn group across 3 directories with 17 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":6,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-13T04:43:07.000Z","updated_at":"2026-05-13T04:46:59.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"npm_and_yarn","update_count":17,"packages":[{"name":"lodash","old_version":"4.17.21","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"diff","old_version":"7.0.0","new_version":"9.0.0","repository_url":"https://github.com/kpdecker/jsdiff"},{"name":"@modelcontextprotocol/sdk","old_version":"1.15.1","new_version":"1.29.0","repository_url":"https://github.com/modelcontextprotocol/typescript-sdk"},{"name":"@opentelemetry/sdk-node","old_version":"0.52.1","new_version":"0.217.0","repository_url":"https://github.com/open-telemetry/opentelemetry-js"},{"name":"ajv","old_version":"8.17.1","new_version":"8.18.0","repository_url":"https://github.com/ajv-validator/ajv"},{"name":"simple-git","old_version":"3.28.0","new_version":"3.36.0","repository_url":"https://github.com/steveukx/git-js"},{"name":"undici","old_version":"7.10.0","new_version":"7.25.0","repository_url":"https://github.com/nodejs/undici"},{"name":"brace-expansion","old_version":"1.1.12","new_version":"1.1.14","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"minimatch","old_version":"3.1.2","new_version":"3.1.5","repository_url":"https://github.com/isaacs/minimatch"},{"name":"fast-uri","old_version":"3.0.6","new_version":"3.1.2","repository_url":"https://github.com/fastify/fast-uri"},{"name":"flatted","old_version":"3.3.3","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"jws","old_version":"4.0.0","new_version":"4.0.1","repository_url":"https://github.com/brianloveswords/node-jws"},{"name":"path-to-regexp","old_version":"8.2.0","new_version":"8.4.2","repository_url":"https://github.com/pillarjs/path-to-regexp"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"picomatch","old_version":"4.0.2","new_version":"4.0.4","repository_url":"https://github.com/micromatch/picomatch"},{"name":"rollup","old_version":"4.44.0","new_version":"4.60.3","repository_url":"https://github.com/rollup/rollup"},{"name":"vite","old_version":"7.0.0","new_version":"7.3.3","repository_url":"https://github.com/vitejs/vite"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 16 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [diff](https://github.com/kpdecker/jsdiff) | `7.0.0` | `9.0.0` |\n| [@modelcontextprotocol/sdk](https://github.com/modelcontextprotocol/typescript-sdk) | `1.15.1` | `1.29.0` |\n| [@opentelemetry/sdk-node](https://github.com/open-telemetry/opentelemetry-js) | `0.52.1` | `0.217.0` |\n| [ajv](https://github.com/ajv-validator/ajv) | `8.17.1` | `8.18.0` |\n| [simple-git](https://github.com/steveukx/git-js/tree/HEAD/simple-git) | `3.28.0` | `3.36.0` |\n| [undici](https://github.com/nodejs/undici) | `7.10.0` | `7.25.0` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.12` | `1.1.14` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [fast-uri](https://github.com/fastify/fast-uri) | `3.0.6` | `3.1.2` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` |\n| [jws](https://github.com/brianloveswords/node-jws) | `4.0.0` | `4.0.1` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `8.2.0` | `8.4.2` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [picomatch](https://github.com/micromatch/picomatch) | `4.0.2` | `4.0.4` |\n| [rollup](https://github.com/rollup/rollup) | `4.44.0` | `4.60.3` |\n| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `7.0.0` | `7.3.3` |\n\nBumps the npm_and_yarn group with 10 updates in the /packages/core directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [diff](https://github.com/kpdecker/jsdiff) | `7.0.0` | `8.0.3` |\n| [@modelcontextprotocol/sdk](https://github.com/modelcontextprotocol/typescript-sdk) | `1.12.3` | `1.29.0` |\n| [@opentelemetry/sdk-node](https://github.com/open-telemetry/opentelemetry-js) | `0.52.1` | `0.217.0` |\n| [simple-git](https://github.com/steveukx/git-js/tree/HEAD/simple-git) | `3.28.0` | `3.36.0` |\n| [undici](https://github.com/nodejs/undici) | `7.10.0` | `7.24.0` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `2.0.2` | `2.1.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `9.0.5` | `9.0.9` |\n| [jws](https://github.com/brianloveswords/node-jws) | `4.0.0` | `4.0.1` |\n| [rollup](https://github.com/rollup/rollup) | `4.43.0` | `4.60.3` |\n| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `6.3.5` | `7.3.3` |\n\nBumps the npm_and_yarn group with 7 updates in the /packages/vscode-ide-companion directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [@modelcontextprotocol/sdk](https://github.com/modelcontextprotocol/typescript-sdk) | `1.15.1` | `1.26.0` |\n| [ajv](https://github.com/ajv-validator/ajv) | `6.12.6` | `6.15.0` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.12` | `1.1.14` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `2.0.2` | `2.1.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [minimatch](https://github.com/isaacs/minimatch) | `9.0.5` | `9.0.9` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `8.2.0` | `8.4.2` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n\n\nUpdates `lodash` from 4.17.21 to 4.18.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lodash/lodash/releases\"\u003elodash's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.18.1\u003c/h2\u003e\n\u003ch2\u003eBugs\u003c/h2\u003e\n\u003cp\u003eFixes a \u003ccode\u003eReferenceError\u003c/code\u003e issue in \u003ccode\u003elodash\u003c/code\u003e \u003ccode\u003elodash-es\u003c/code\u003e \u003ccode\u003elodash-amd\u003c/code\u003e and \u003ccode\u003elodash.template\u003c/code\u003e when using the \u003ccode\u003etemplate\u003c/code\u003e and \u003ccode\u003efromPairs\u003c/code\u003e functions from the modular builds. See \u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6167#issuecomment-4165269769\"\u003elodash/lodash#6167\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThese defects were related to how lodash distributions are built from the main branch using \u003ca href=\"https://github.com/lodash-archive/lodash-cli\"\u003ehttps://github.com/lodash-archive/lodash-cli\u003c/a\u003e. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.\u003c/p\u003e\n\u003cp\u003eThere is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003elodash\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-es\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-amd\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash.template\u003c/code\u003e\u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.18.0\u003c/h2\u003e\n\u003ch2\u003ev4.18.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.23...4.18.0\"\u003ehttps://github.com/lodash/lodash/compare/4.17.23...4.18.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.unset\u003c/code\u003e / \u003ccode\u003e_.omit\u003c/code\u003e\u003c/strong\u003e: Fixed prototype pollution via \u003ccode\u003econstructor\u003c/code\u003e/\u003ccode\u003eprototype\u003c/code\u003e path traversal (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-f23m-r3pf-42rh\"\u003eGHSA-f23m-r3pf-42rh\u003c/a\u003e, \u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003efe8d32e\u003c/a\u003e). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now \u003ccode\u003econstructor\u003c/code\u003e and \u003ccode\u003eprototype\u003c/code\u003e are blocked unconditionally as non-terminal path keys, matching \u003ccode\u003ebaseSet\u003c/code\u003e. Calls that previously returned \u003ccode\u003etrue\u003c/code\u003e and deleted the property now return \u003ccode\u003efalse\u003c/code\u003e and leave the target untouched.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.template\u003c/code\u003e\u003c/strong\u003e: Fixed code injection via \u003ccode\u003eimports\u003c/code\u003e keys (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-r5fr-rjxr-66jc\"\u003eGHSA-r5fr-rjxr-66jc\u003c/a\u003e, CVE-2026-4800, \u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e879aaa9\u003c/a\u003e). Fixes an incomplete patch for CVE-2021-23337. The \u003ccode\u003evariable\u003c/code\u003e option was validated against \u003ccode\u003ereForbiddenIdentifierChars\u003c/code\u003e but \u003ccode\u003eimportsKeys\u003c/code\u003e was left unguarded, allowing code injection via the same \u003ccode\u003eFunction()\u003c/code\u003e constructor sink. \u003ccode\u003eimports\u003c/code\u003e keys containing forbidden identifier characters now throw \u003ccode\u003e\u0026quot;Invalid imports option passed into _.template\u0026quot;\u003c/code\u003e.\u003c/p\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd security notice for \u003ccode\u003e_.template\u003c/code\u003e in threat model and API docs (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6099\"\u003e#6099\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDocument \u003ccode\u003elower \u0026gt; upper\u003c/code\u003e behavior in \u003ccode\u003e_.random\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6115\"\u003e#6115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix quotes in \u003ccode\u003e_.compact\u003c/code\u003e jsdoc (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6090\"\u003e#6090\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ccode\u003elodash.*\u003c/code\u003e modular packages\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6157\"\u003eDiff\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eWe have also regenerated and published a select number of the \u003ccode\u003elodash.*\u003c/code\u003e modular packages.\u003c/p\u003e\n\u003cp\u003eThese modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.orderby\"\u003elodash.orderby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.tonumber\"\u003elodash.tonumber\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trim\"\u003elodash.trim\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trimend\"\u003elodash.trimend\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.sortedindexby\"\u003elodash.sortedindexby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.zipobjectdeep\"\u003elodash.zipobjectdeep\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.unset\"\u003elodash.unset\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.omit\"\u003elodash.omit\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.template\"\u003elodash.template\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/cb0b9b9212521c08e3eafe7c8cb0af1b42b6649e\"\u003e\u003ccode\u003ecb0b9b9\u003c/code\u003e\u003c/a\u003e release(patch): bump main to 4.18.1 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6177\"\u003e#6177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/75535f57883b7225adb96de1cfc1cd4169cfcb51\"\u003e\u003ccode\u003e75535f5\u003c/code\u003e\u003c/a\u003e chore: prune stale advisory refs (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6170\"\u003e#6170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/62e91bc6a39c98d85b9ada8c44d40593deaf82a4\"\u003e\u003ccode\u003e62e91bc\u003c/code\u003e\u003c/a\u003e docs: remove n_ Node.js \u0026lt; 6 REPL note from README (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6165\"\u003e#6165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/59be2de61f8aa9461c7856533b51d31b7d8babc4\"\u003e\u003ccode\u003e59be2de\u003c/code\u003e\u003c/a\u003e release(minor): bump to 4.18.0 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6161\"\u003e#6161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/af634573030f979194871da7c68f79420992f53d\"\u003e\u003ccode\u003eaf63457\u003c/code\u003e\u003c/a\u003e fix: broken tests for _.template 879aaa9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/1073a7693e1727e0cf3641e5f71f75ddcf8de7c0\"\u003e\u003ccode\u003e1073a76\u003c/code\u003e\u003c/a\u003e fix: linting issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e\u003ccode\u003e879aaa9\u003c/code\u003e\u003c/a\u003e fix: validate imports keys in _.template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003e\u003ccode\u003efe8d32e\u003c/code\u003e\u003c/a\u003e fix: block prototype pollution in baseUnset via constructor/prototype traversal\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/18ba0a32f42fd02117f096b032f89c984173462d\"\u003e\u003ccode\u003e18ba0a3\u003c/code\u003e\u003c/a\u003e refactor(fromPairs): use baseAssignValue for consistent assignment (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6153\"\u003e#6153\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/b8190803d48d60b8c80ad45d39125f32fa618cb2\"\u003e\u003ccode\u003eb819080\u003c/code\u003e\u003c/a\u003e ci: add dist sync validation workflow (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6137\"\u003e#6137\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.21...4.18.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `diff` from 7.0.0 to 9.0.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kpdecker/jsdiff/blob/master/release-notes.md\"\u003ediff's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e9.0.0\u003c/h2\u003e\n\u003cp\u003e(All changes part of PR \u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/672\"\u003e#672\u003c/a\u003e.)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eES5 support is dropped\u003c/strong\u003e. \u003ccode\u003eparsePatch\u003c/code\u003e now uses \u003ccode\u003eTextDecoder\u003c/code\u003e and \u003ccode\u003eUint8Array\u003c/code\u003e, which are not available in ES5, and TypeScript is now compiled with the \u0026quot;es6\u0026quot; \u003ccode\u003etarget\u003c/code\u003e. From now on, I intend to freely use any features that are deemed \u0026quot;Widely available\u0026quot; by \u003ca href=\"https://web.dev/baseline\"\u003eBaseline\u003c/a\u003e. Users who need ES5 support should stick to version 8.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eC-style quoted strings in filename headers are now properly supported\u003c/strong\u003e.\u003c/p\u003e\n\u003cp\u003eWhen the name of either the old or new file in a patch contains \u0026quot;special characters\u0026quot;, both GNU \u003ccode\u003ediff\u003c/code\u003e and Git quote the filename in the patch's headers and escape special characters using the same escape sequences that are used in string literals in C, including octal escapes for all non-ASCII characters. Previously, jsdiff had very little support for this; \u003ccode\u003eparsePatch\u003c/code\u003e would remove the quotes, and unescape any escaped backslashes, but would not unescape other escape sequences. \u003ccode\u003eformatPatch\u003c/code\u003e, meanwhile, did not quote or escape special characters at all.\u003c/p\u003e\n\u003cp\u003eNow, \u003ccode\u003eparsePatch\u003c/code\u003e parses all the possible escape sequences that GNU diff (or Git) ever output, and \u003ccode\u003eformatPatch\u003c/code\u003e quotes and escapes filenames containing special characters in the same way GNU diff does.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003eformatPatch\u003c/code\u003e now omits file headers when \u003ccode\u003eoldFileName\u003c/code\u003e or \u003ccode\u003enewFileName\u003c/code\u003e in the provided patch object are \u003ccode\u003eundefined\u003c/code\u003e\u003c/strong\u003e, regardless of the \u003ccode\u003eheaderOptions\u003c/code\u003e parameter. (Previously, it would treat the absence of \u003ccode\u003eoldFileName\u003c/code\u003e or \u003ccode\u003enewFileName\u003c/code\u003e as indicating the filename was the word \u0026quot;undefined\u0026quot; and emit headers \u003ccode\u003e--- undefined\u003c/code\u003e / \u003ccode\u003e+++ undefined\u003c/code\u003e.)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003eformatPatch\u003c/code\u003e no longer outputs trailing tab characters at the end of \u003ccode\u003e---\u003c/code\u003e/\u003ccode\u003e+++\u003c/code\u003e headers.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003ePreviously, if \u003ccode\u003eformatPatch\u003c/code\u003e was passed a patch object to serialize that had empty strings for the \u003ccode\u003eoldHeader\u003c/code\u003e or \u003ccode\u003enewHeader\u003c/code\u003e property, it would include a trailing tab character after the filename in the \u003ccode\u003e---\u003c/code\u003e and/or \u003ccode\u003e+++\u003c/code\u003e file header. Now, this scenario is treated the same as when \u003ccode\u003eoldHeader\u003c/code\u003e/\u003ccode\u003enewHeader\u003c/code\u003e is \u003ccode\u003eundefined\u003c/code\u003e - i.e. the trailing tab is omitted.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003eformatPatch\u003c/code\u003e no longer mutates its input\u003c/strong\u003e when serializing a patch containing a hunk where either the old or new content contained zero lines. (Such a hunk occurs only when the hunk has no context lines and represents a pure insertion or pure deletion, which for instance will occur whenever one of the two files being diffed is completely empty.) Previously \u003ccode\u003eformatPatch\u003c/code\u003e would provide the correct output but also mutate the \u003ccode\u003eoldLines\u003c/code\u003e or \u003ccode\u003enewLines\u003c/code\u003e property on the hunk, changing the meaning of the underlying patch.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eGit-style patches are now supported by \u003ccode\u003eparsePatch\u003c/code\u003e, \u003ccode\u003eformatPatch\u003c/code\u003e, and \u003ccode\u003ereversePatch\u003c/code\u003e\u003c/strong\u003e.\u003c/p\u003e\n\u003cp\u003ePatches output by \u003ccode\u003egit diff\u003c/code\u003e can include some features that are unlike those output by GNU \u003ccode\u003ediff\u003c/code\u003e, and therefore not handled by an ordinary unified diff format parser. An ordinary diff simply describes the differences between the \u003cem\u003econtent\u003c/em\u003e of two files, but Git diffs can also indicate, via \u0026quot;extended headers\u0026quot;, the creation or deletion of (potentially empty) files, indicate that a file was renamed, and contain information about file mode changes. Furthermore, when these changes appear in a diff in the absence of a content change (e.g. when an empty file is created, or a file is renamed without content changes), the patch will contain no associated \u003ccode\u003e---\u003c/code\u003e/\u003ccode\u003e+++\u003c/code\u003e file headers nor any hunks.\u003c/p\u003e\n\u003cp\u003ejsdiff previously did not support parsing Git's extended headers, nor hunkless patches. Now \u003ccode\u003eparsePatch\u003c/code\u003e parses some of the extended headers, parses hunkless Git patches, and can determine filenames (e.g. from the extended headers) when parsing a patch that includes no \u003ccode\u003e---\u003c/code\u003e or \u003ccode\u003e+++\u003c/code\u003e file headers. The additional information conveyed by the extended headers we support is recorded on new fields on the result object returned by \u003ccode\u003eparsePatch\u003c/code\u003e. See \u003ccode\u003eisGit\u003c/code\u003e and subsequent properties in the docs in the README.md file.\u003c/p\u003e\n\u003cp\u003e\u003ccode\u003eformatPatch\u003c/code\u003e now outputs extended headers based on these new Git-specific properties, and \u003ccode\u003ereversePatch\u003c/code\u003e respects them as far as possible (with one unavoidable caveat noted in the README.md file).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eUnpaired file headers now cause \u003ccode\u003eparsePatch\u003c/code\u003e to throw\u003c/strong\u003e.\u003c/p\u003e\n\u003cp\u003eIt remains acceptable to have a patch with no file headers whatsoever (e.g. one that begins with a \u003ccode\u003e@@\u003c/code\u003e hunk header on the very first line), but a patch with \u003cem\u003eonly\u003c/em\u003e a \u003ccode\u003e---\u003c/code\u003e header or only a \u003ccode\u003e+++\u003c/code\u003e header is now considered an error.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003eparsePatch\u003c/code\u003e is now more tolerant of \u0026quot;trailing garbage\u0026quot;\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eThat is: after a patch, or between files/indexes in a patch, it is now acceptable to have arbitrary lines of \u0026quot;garbage\u0026quot; (so long as they unambiguously have no syntactic meaning - e.g. trailing garbage that leads with a \u003ccode\u003e+\u003c/code\u003e, \u003ccode\u003e-\u003c/code\u003e, or \u003ccode\u003e \u003c/code\u003e and thus is interpretable as part of a hunk still triggers a throw).\u003c/p\u003e\n\u003cp\u003eThis means we no longer reject patches output by tools that include extra data in \u0026quot;garbage\u0026quot; lines not understood by generic unified diff parsers. (For example, SVN patches can include \u0026quot;Property changes on:\u0026quot; lines that generic unified diff parsers should discard as garbage; jsdiff previously threw errors when encountering them.)\u003c/p\u003e\n\u003cp\u003eThis change brings jsdiff's behaviour more in line with GNU \u003ccode\u003epatch\u003c/code\u003e, which is highly permissive of \u0026quot;garbage\u0026quot;.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eThe \u003ccode\u003eoldFileName\u003c/code\u003e and \u003ccode\u003enewFileName\u003c/code\u003e fields of \u003ccode\u003eStructuredPatch\u003c/code\u003e are now typed as \u003ccode\u003estring | undefined\u003c/code\u003e instead of \u003ccode\u003estring\u003c/code\u003e\u003c/strong\u003e. This type change reflects the (pre-existing) reality that \u003ccode\u003eparsePatch\u003c/code\u003e can produce patches without filenames (e.g. when parsing a patch that simply contains hunks with no file headers).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.0.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/667\"\u003e#667\u003c/a\u003e - \u003cstrong\u003efix another bug in \u003ccode\u003ediffWords\u003c/code\u003e when used with an \u003ccode\u003eIntl.Segmenter\u003c/code\u003e\u003c/strong\u003e. If the text to be diffed included a combining mark after a whitespace character (i.e. roughly speaking, an accented space), \u003ccode\u003ediffWords\u003c/code\u003e would previously crash. Now this case is handled correctly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.0.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/631\"\u003e#631\u003c/a\u003e - \u003cstrong\u003efix support for using an \u003ccode\u003eIntl.Segmenter\u003c/code\u003e with \u003ccode\u003ediffWords\u003c/code\u003e\u003c/strong\u003e. This has been almost completely broken since the feature was added in v6.0.0, since it would outright crash on any text that featured two consecutive newlines between a pair of words (a very common case).\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/635\"\u003e#635\u003c/a\u003e - \u003cstrong\u003esmall tweaks to tokenization behaviour of \u003ccode\u003ediffWords\u003c/code\u003e\u003c/strong\u003e when used \u003cem\u003ewithout\u003c/em\u003e an \u003ccode\u003eIntl.Segmenter\u003c/code\u003e. Specifically, the soft hyphen (U+00AD) is no longer considered to be a word break, and the multiplication and division signs (\u003ccode\u003e×\u003c/code\u003e and \u003ccode\u003e÷\u003c/code\u003e) are now treated as punctuation instead of as letters / word characters.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/ed13aca03aa25735fafc0645d1185e7a1c68fd8c\"\u003e\u003ccode\u003eed13aca\u003c/code\u003e\u003c/a\u003e Update version in package.json and in release notes (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/683\"\u003e#683\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/7a49317b503a932b88fc72ad9c57a481df038e24\"\u003e\u003ccode\u003e7a49317\u003c/code\u003e\u003c/a\u003e Bump dependencies again (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/682\"\u003e#682\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/afe5aecad189c9f5941ad3feb3c94c46b32ecb0a\"\u003e\u003ccode\u003eafe5aec\u003c/code\u003e\u003c/a\u003e Add Git support, and otherwise variously improve \u0026amp; fix parsePatch (and other ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/2e46779d8866ce7da1303a03db33ed038590c6f6\"\u003e\u003ccode\u003e2e46779\u003c/code\u003e\u003c/a\u003e Fix a typo (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/679\"\u003e#679\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/dd2f99497703a1540b2ae406b51c49b74b5fc1a1\"\u003e\u003ccode\u003edd2f994\u003c/code\u003e\u003c/a\u003e 8.0.4 release (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/678\"\u003e#678\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/3cc438434db53c5d1c40412b727ea7650f6f145a\"\u003e\u003ccode\u003e3cc4384\u003c/code\u003e\u003c/a\u003e Update docs on releasing to reflect migration to yarn berry (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/677\"\u003e#677\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/6fc2aa6b7672af08774b50aae00d97b99c5b5715\"\u003e\u003ccode\u003e6fc2aa6\u003c/code\u003e\u003c/a\u003e yarn up '*' \u0026amp;\u0026amp; yarn up -R '**' (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/676\"\u003e#676\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/af7393ac3404565dc8da655c2e7aeeed28c01ff7\"\u003e\u003ccode\u003eaf7393a\u003c/code\u003e\u003c/a\u003e yarn up '*' \u0026amp;\u0026amp; yarn up -R '**' (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/670\"\u003e#670\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/4b5d1800370bf29b61a3378fb8086aeb231d3ef7\"\u003e\u003ccode\u003e4b5d180\u003c/code\u003e\u003c/a\u003e Fix another bug in diffWords's \u0026quot;intlSegmenter\u0026quot; mode (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/667\"\u003e#667\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/10da50c466709e7bd4b192dac96af0af46f8b7bd\"\u003e\u003ccode\u003e10da50c\u003c/code\u003e\u003c/a\u003e yarn up '*' \u0026amp;\u0026amp; yarn up -R '**' (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/666\"\u003e#666\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kpdecker/jsdiff/compare/7.0.0...v9.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@modelcontextprotocol/sdk` from 1.15.1 to 1.29.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/releases\"\u003e@​modelcontextprotocol/sdk's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.29.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: treat v1.x as primary branch for npm latest tag (backport \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1577\"\u003e#1577\u003c/a\u003e) by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1749\"\u003emodelcontextprotocol/typescript-sdk#1749\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[v1.x] fix: disallow null (infinite) requested TTL by \u003ca href=\"https://github.com/LucaButBoring\"\u003e\u003ccode\u003e@​LucaButBoring\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1339\"\u003emodelcontextprotocol/typescript-sdk#1339\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[v1.x] fix: add missing size field to ResourceSchema by \u003ca href=\"https://github.com/olaservo\"\u003e\u003ccode\u003e@​olaservo\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1575\"\u003emodelcontextprotocol/typescript-sdk#1575\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd typings exports by \u003ca href=\"https://github.com/tdraier\"\u003e\u003ccode\u003e@​tdraier\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1623\"\u003emodelcontextprotocol/typescript-sdk#1623\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev1.x npm audit fix by \u003ca href=\"https://github.com/KKonstantinov\"\u003e\u003ccode\u003e@​KKonstantinov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1780\"\u003emodelcontextprotocol/typescript-sdk#1780\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev1.x \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1623\"\u003e#1623\u003c/a\u003e follow up -add missing types to package.json by \u003ca href=\"https://github.com/KKonstantinov\"\u003e\u003ccode\u003e@​KKonstantinov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1773\"\u003emodelcontextprotocol/typescript-sdk#1773\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[v1.x backport] Allow servers / clients to advertise extensions in the capability object by \u003ca href=\"https://github.com/localden\"\u003e\u003ccode\u003e@​localden\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1811\"\u003emodelcontextprotocol/typescript-sdk#1811\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(stdio): always set windowsHide on Windows, not just in Electron by \u003ca href=\"https://github.com/jnMetaCode\"\u003e\u003ccode\u003e@​jnMetaCode\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1640\"\u003emodelcontextprotocol/typescript-sdk#1640\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: bump version to 1.29.0 by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1820\"\u003emodelcontextprotocol/typescript-sdk#1820\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tdraier\"\u003e\u003ccode\u003e@​tdraier\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1623\"\u003emodelcontextprotocol/typescript-sdk#1623\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jnMetaCode\"\u003e\u003ccode\u003e@​jnMetaCode\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1640\"\u003emodelcontextprotocol/typescript-sdk#1640\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/v1.28.0...v1.29.0\"\u003ehttps://github.com/modelcontextprotocol/typescript-sdk/compare/v1.28.0...v1.29.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.28.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: use scopes_supported from resource metadata by default (fixes \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/580\"\u003e#580\u003c/a\u003e) by \u003ca href=\"https://github.com/antogyn\"\u003e\u003ccode\u003e@​antogyn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/757\"\u003emodelcontextprotocol/typescript-sdk#757\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[v1.x backport] Default to client_secret_basic when server omits token_endpoint_auth_methods_supported by \u003ca href=\"https://github.com/pcarleton\"\u003e\u003ccode\u003e@​pcarleton\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1611\"\u003emodelcontextprotocol/typescript-sdk#1611\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: reject plain JSON Schema objects passed as inputSchema by \u003ca href=\"https://github.com/tiluckdave\"\u003e\u003ccode\u003e@​tiluckdave\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1596\"\u003emodelcontextprotocol/typescript-sdk#1596\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: clear _timeoutInfo in _onclose() and scope .finally() abort controller cleanup by \u003ca href=\"https://github.com/pcarleton\"\u003e\u003ccode\u003e@​pcarleton\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1462\"\u003emodelcontextprotocol/typescript-sdk#1462\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(server/auth): RFC 8252 loopback port relaxation by \u003ca href=\"https://github.com/poteat\"\u003e\u003ccode\u003e@​poteat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1738\"\u003emodelcontextprotocol/typescript-sdk#1738\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: bump version to 1.28.0 by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1746\"\u003emodelcontextprotocol/typescript-sdk#1746\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/antogyn\"\u003e\u003ccode\u003e@​antogyn\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/757\"\u003emodelcontextprotocol/typescript-sdk#757\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tiluckdave\"\u003e\u003ccode\u003e@​tiluckdave\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1596\"\u003emodelcontextprotocol/typescript-sdk#1596\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/poteat\"\u003e\u003ccode\u003e@​poteat\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1738\"\u003emodelcontextprotocol/typescript-sdk#1738\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/v1.27.1...v1.28.0\"\u003ehttps://github.com/modelcontextprotocol/typescript-sdk/compare/v1.27.1...v1.28.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.27.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: implement auth/pre-registration conformance scenario by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1545\"\u003emodelcontextprotocol/typescript-sdk#1545\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: add governance documentation for SEP-1730 by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1547\"\u003emodelcontextprotocol/typescript-sdk#1547\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: comprehensive feature documentation for SEP-1730 Tier 1 by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1548\"\u003emodelcontextprotocol/typescript-sdk#1548\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: prevent command injection in example URL opening (v1.x backport) by \u003ca href=\"https://github.com/maxisbey\"\u003e\u003ccode\u003e@​maxisbey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1579\"\u003emodelcontextprotocol/typescript-sdk#1579\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: call onerror for silently swallowed transport errors by \u003ca href=\"https://github.com/qing-ant\"\u003e\u003ccode\u003e@​qing-ant\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1580\"\u003emodelcontextprotocol/typescript-sdk#1580\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: bump version to 1.27.1 by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1581\"\u003emodelcontextprotocol/typescript-sdk#1581\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qing-ant\"\u003e\u003ccode\u003e@​qing-ant\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1580\"\u003emodelcontextprotocol/typescript-sdk#1580\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/v1.27.0...v1.27.1\"\u003ehttps://github.com/modelcontextprotocol/typescript-sdk/compare/v1.27.0...v1.27.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.27.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/e12cbd7078db388152f6e839abdbe09ba01f3f32\"\u003e\u003ccode\u003ee12cbd7\u003c/code\u003e\u003c/a\u003e chore: bump version to 1.29.0 (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1820\"\u003e#1820\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/3913fd4443a86536155e3ebef9edd2045c372c1e\"\u003e\u003ccode\u003e3913fd4\u003c/code\u003e\u003c/a\u003e fix(stdio): always set windowsHide on Windows, not just in Electron (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1640\"\u003e#1640\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/5608e78dd0d4ca6cd7dd03278419578f1780365a\"\u003e\u003ccode\u003e5608e78\u003c/code\u003e\u003c/a\u003e [v1.x backport] Allow servers / clients to advertise extensions in the capabi...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/7213816788e634ffb9d09affe50f0295093bfb73\"\u003e\u003ccode\u003e7213816\u003c/code\u003e\u003c/a\u003e v1.x \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1623\"\u003e#1623\u003c/a\u003e follow up -add missing types to package.json (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1773\"\u003e#1773\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/364f38ca2d8895aed7c37b7a0a1031bb7ae4841c\"\u003e\u003ccode\u003e364f38c\u003c/code\u003e\u003c/a\u003e v1.x npm audit fix (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1780\"\u003e#1780\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/c95cc0943b045517e4cc414baf1f168b216c3142\"\u003e\u003ccode\u003ec95cc09\u003c/code\u003e\u003c/a\u003e Add typings exports (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1623\"\u003e#1623\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/ddadaa6cc633fb5db0c094bf031b15b68a357820\"\u003e\u003ccode\u003eddadaa6\u003c/code\u003e\u003c/a\u003e [v1.x] fix: add missing size field to ResourceSchema (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1575\"\u003e#1575\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/2a158513028d9f862c4188b6957e78cd5663f26b\"\u003e\u003ccode\u003e2a15851\u003c/code\u003e\u003c/a\u003e [v1.x] fix: disallow null (infinite) requested TTL (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1339\"\u003e#1339\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/13e30f1d36de8442417fec695983bdb155c00768\"\u003e\u003ccode\u003e13e30f1\u003c/code\u003e\u003c/a\u003e fix: treat v1.x as primary branch for npm latest tag (backport \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1577\"\u003e#1577\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1749\"\u003e#1749\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/a0565695218544fc53e99bf5b544a887d373cefa\"\u003e\u003ccode\u003ea056569\u003c/code\u003e\u003c/a\u003e chore: bump version to 1.28.0 (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1746\"\u003e#1746\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/1.15.1...v1.29.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~pcarleton\"\u003epcarleton\u003c/a\u003e, a new releaser for \u003ccode\u003e@​modelcontextprotocol/sdk\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@opentelemetry/sdk-node` from 0.52.1 to 0.217.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/releases\"\u003e@​opentelemetry/sdk-node's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eexperimental/v0.217.0\u003c/h2\u003e\n\u003ch2\u003e0.217.0\u003c/h2\u003e\n\u003ch3\u003e:rocket: Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat(otlp-transformer): replace protobufjs trace serialization with custom implementation \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6625\"\u003e#6625\u003c/a\u003e \u003ca href=\"https://github.com/pichlermarc\"\u003e\u003ccode\u003e@​pichlermarc\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(configuration): auto-generate TypeScript types from OTel declarative config JSON schema (stable v1.0.0) using \u003ccode\u003ejson-schema-to-typescript\u003c/code\u003e and \u003ccode\u003eajv\u003c/code\u003e \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6533\"\u003e#6533\u003c/a\u003e \u003ca href=\"https://github.com/MikeGoldsmith\"\u003e\u003ccode\u003e@​MikeGoldsmith\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(configuration, sdk-node): \u003ccode\u003estartNodeSDK()\u003c/code\u003e code path now uses \u003ccode\u003elog_level\u003c/code\u003e configuration to setup a DiagConsoleLogger \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6668\"\u003e#6668\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eNote that allowed values for \u003ccode\u003elog_level\u003c/code\u003e in a configuration YAML file are \u003cem\u003enot\u003c/em\u003e the same set as for \u003ccode\u003eOTEL_LOG_LEVEL\u003c/code\u003e. Use \u003ccode\u003elog_level: trace\u003c/code\u003e to see \u003cem\u003eall\u003c/em\u003e logs (equivalent of \u003ccode\u003eOTEL_LOG_LEVEL=ALL\u003c/code\u003e). Use \u003ccode\u003elog_level: fatal\u003c/code\u003e to effectively disable the SDK's internal diagnostic logger (equivalent of \u003ccode\u003eOTEL_LOG_LEVEL=NONE\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eIf \u003ccode\u003elog_level\u003c/code\u003e is not specified, a diagnostic console logger at \u0026quot;info\u0026quot; level will be setup.\u003c/li\u003e\n\u003cli\u003eAn invalid YAML config file will now result in a noop OTel SDK.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e:bug: Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix(configuration): do not validate \u003ccode\u003eOTEL_CONFIG_FILE\u003c/code\u003e value before using it for file config \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6643\"\u003e#6643\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(configuration): improve how 'additionalProperties' in JSON schema is translated to TS types \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6650\"\u003e#6650\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(configuration): remove stripMinItems and preprocessNullArrays from validation/parsing \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6657\"\u003e#6657\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(configuration): improve handling of enums in generated types \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6659\"\u003e#6659\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(configuration): improve the technique for removing '| null' on types the JSON Schema \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6662\"\u003e#6662\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(sampler-jaeger-remote): add missing axios dep \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6656\"\u003e#6656\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(exporter-prometheus): handle malformed URLs in Prometheus exporter request handler \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6674\"\u003e#6674\u003c/a\u003e \u003ca href=\"https://github.com/homanp\"\u003e\u003ccode\u003e@​homanp\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eexperimental/v0.216.0\u003c/h2\u003e\n\u003ch2\u003e0.216.0\u003c/h2\u003e\n\u003ch3\u003e:rocket: Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat(sdk-node): wire attribute_keys from declarative configuration to ViewOptions.attributesProcessors \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6427\"\u003e#6427\u003c/a\u003e \u003ca href=\"https://github.com/ravitheja4531-cell\"\u003e\u003ccode\u003e@​ravitheja4531-cell\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(sdk-node): set TracerProvider in startNodeSDK() \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6607\"\u003e#6607\u003c/a\u003e \u003ca href=\"https://github.com/maryliag\"\u003e\u003ccode\u003e@​maryliag\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e:bug: Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix(instrumentation-xml-http-request): avoid unwrapping \u003ccode\u003eXMLHttpRequest\u003c/code\u003e API when disabling \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6611\"\u003e#6611\u003c/a\u003e \u003ca href=\"https://github.com/david-luna\"\u003e\u003ccode\u003e@​david-luna\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(instrumentation-fetch): tolerate non-writable \u003ccode\u003eglobalThis.fetch\u003c/code\u003e and fix premature \u003ccode\u003e_isEnabled\u003c/code\u003e / \u003ccode\u003e_isFetchPatched\u003c/code\u003e flips in \u003ccode\u003eenable()\u003c/code\u003e \u003ca href=\"https://github.com/brunorodmoreira\"\u003e\u003ccode\u003e@​brunorodmoreira\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(instrumentation-xhr): resolve relative URLs before matching \u003ccode\u003eignoreUrls\u003c/code\u003e \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6551\"\u003e#6551\u003c/a\u003e \u003ca href=\"https://github.com/Maximiliano-Zeballos\"\u003e\u003ccode\u003e@​Maximiliano-Zeballos\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(sdk-node): fix setting of ViewOption#name from ConfigurationModel \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6620\"\u003e#6620\u003c/a\u003e \u003ca href=\"https://github.com/trentm\"\u003e\u003ccode\u003e@​trentm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(web-common): add limit for timeout \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6601\"\u003e#6601\u003c/a\u003e \u003ca href=\"https://github.com/maryliag\"\u003e\u003ccode\u003e@​maryliag\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(otlp-transformer): pin protobufjs@8.0.1 as protobufjs@8.0.3 is broken for browser use \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6646\"\u003e#6646\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e:house: Internal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003etest(otlp-transformer): add metrics transform benchmark \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6628\"\u003e#6628\u003c/a\u003e \u003ca href=\"https://github.com/pichlermarc\"\u003e\u003ccode\u003e@​pichlermarc\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erefactor(opentelemetry-exporter-prometheus): do not call enforcePrometheusNamingConvention() multiple times per metric \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/pull/6636\"\u003e#6636\u003c/a\u003e \u003ca href=\"https://github.com/cjihrig\"\u003e\u003ccode\u003e@​cjihrig\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eexperimental/v0.215.0\u003c/h2\u003e\n\u003ch2\u003e0.215.0\u003c/h2\u003e\n\u003ch3\u003e:boom: Breaking Changes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/74cde1b674508ccc0ed2601ac43a80ff2d35114c\"\u003e\u003ccode\u003e74cde1b\u003c/code\u003e\u003c/a\u003e chore: prepare next release (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6675\"\u003e#6675\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/e8f439adcbec23261d26fcc205f4d2a6d74f16c7\"\u003e\u003ccode\u003ee8f439a\u003c/code\u003e\u003c/a\u003e fix: handle malformed URLs in Prometheus exporter request handler (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6674\"\u003e#6674\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/ab3a2e280e589a43d705278be5e8c8308b1b4081\"\u003e\u003ccode\u003eab3a2e2\u003c/code\u003e\u003c/a\u003e feat(sdk-node, configuration): diag log handling updates for startNodeSDK(), ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/d5b7d1e5c6cd3c9547137d0cc6a5185b7b5a8155\"\u003e\u003ccode\u003ed5b7d1e\u003c/code\u003e\u003c/a\u003e fix(deps): update dependency axios to v1.15.2 [security] (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6670\"\u003e#6670\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/c16361877b77828d324733a4c8bed6d2ed10c884\"\u003e\u003ccode\u003ec163618\u003c/code\u003e\u003c/a\u003e chore(deps): update github/codeql-action digest to e46ed2c (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6661\"\u003e#6661\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/ec2bfbe0b2afb9d29725140b2d0350e47e23250d\"\u003e\u003ccode\u003eec2bfbe\u003c/code\u003e\u003c/a\u003e chore(configuration): move config generation scripts into the configuration p...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/acc9ecd99591c054e9f3b9d9e36cbd4333bb1411\"\u003e\u003ccode\u003eacc9ecd\u003c/code\u003e\u003c/a\u003e chore(configuration): cosmetic changes to generated types.ts (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6663\"\u003e#6663\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/8f008ece4ee20ad7ef55f673c208010ddb59f751\"\u003e\u003ccode\u003e8f008ec\u003c/code\u003e\u003c/a\u003e chore: Move inactive members to emeritus (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6649\"\u003e#6649\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/435431e4705fd1fb45eec009a3f831b91e6673cd\"\u003e\u003ccode\u003e435431e\u003c/code\u003e\u003c/a\u003e fix(configuration): improve the technique for removing '| null' on types due ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/commit/42220244e99c5ace5c2ac7365d232d3b9d1038b2\"\u003e\u003ccode\u003e4222024\u003c/code\u003e\u003c/a\u003e fix(configuration): improve handling of enums in generated types (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-js/issues/6659\"\u003e#6659\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-js/compare/experimental/v0.52.1...experimental/v0.217.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for \u003ccode\u003e@​opentelemetry/sdk-node\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ajv` from 8.17.1 to 8.18.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ajv-validator/ajv/releases\"\u003eajv's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.18.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: allow tree-shaking by adding \u003ccode\u003e\u0026quot;sideEffects\u0026quot;: false\u003c/code\u003e to \u003ccode\u003epackage.json\u003c/code\u003e by \u003ca href=\"https://github.com/josdejong\"\u003e\u003ccode\u003e@​josdejong\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2480\"\u003eajv-validator/ajv#2480\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2482\"\u003e#2482\u003c/a\u003e Infinity and NaN serialise to null by \u003ca href=\"https://github.com/jasoniangreen\"\u003e\u003ccode\u003e@​jasoniangreen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2487\"\u003eajv-validator/ajv#2487\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: small grammatical error in managing-schemas.md by \u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2508\"\u003eajv-validator/ajv#2508\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: typos in schema-language.md by \u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2507\"\u003eajv-validator/ajv#2507\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(pattern): use configured RegExp engine with $data keyword to mitigate ReDoS attacks (CVE-2025-69873) by \u003ca href=\"https://github.com/epoberezkin\"\u003e\u003ccode\u003e@​epoberezkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2586\"\u003eajv-validator/ajv#2586\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/josdejong\"\u003e\u003ccode\u003e@​josdejong\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2480\"\u003eajv-validator/ajv#2480\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2508\"\u003eajv-validator/ajv#2508\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0\"\u003ehttps://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/142ce84b807c4fe66e619c22480a28d0e4bd50fa\"\u003e\u003ccode\u003e142ce84\u003c/code\u003e\u003c/a\u003e 8.18.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/720a23fa453ffae8340e92c9b0fe886c54cfe0d5\"\u003e\u003ccode\u003e720a23f\u003c/code\u003e\u003c/a\u003e fix(pattern): use configured RegExp engine with $data keyword to mitigate ReD...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/82735a15826a30cc51e97a1bbfb59b3d388e4b98\"\u003e\u003ccode\u003e82735a1\u003c/code\u003e\u003c/a\u003e fix: typos in schema-language.md (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2507\"\u003e#2507\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/b17ec32cd97542e90ae27231d8a8bce88b9e53b6\"\u003e\u003ccode\u003eb17ec32\u003c/code\u003e\u003c/a\u003e fix: small grammatical error in managing-schemas.md (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2508\"\u003e#2508\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/69568d08564303e2c32a2de61feb833b41075f96\"\u003e\u003ccode\u003e69568d0\u003c/code\u003e\u003c/a\u003e fix: \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2482\"\u003e#2482\u003c/a\u003e Infinity and NaN serialise to null (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2487\"\u003e#2487\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/f06766f33ed7291f84c19f22a1286a34475fbdaf\"\u003e\u003ccode\u003ef06766f\u003c/code\u003e\u003c/a\u003e feat: allow tree-shaking by adding ``\u0026quot;sideEffects\u0026quot;: false\u003ccode\u003eto\u003c/code\u003epackage.json` ...\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `simple-git` from 3.28.0 to 3.36.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/steveukx/git-js/releases\"\u003esimple-git's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003esimple-git@3.36.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e89a2294: Extend known exploitable configuration keys and per-task environment variables.\u003c/p\u003e\n\u003cp\u003eNote - \u003ccode\u003eParsedVulnerabilities\u003c/code\u003e from \u003ccode\u003eargv-parser\u003c/code\u003e is removed in favour of a readonly array of \u003ccode\u003eVulnerability\u003c/code\u003e to match usage in \u003ccode\u003esimple-git\u003c/code\u003e, rolled into the new \u003ccode\u003evulnerabilityCheck\u003c/code\u003e for simpler access to the identified issues.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/zebbern\"\u003e\u003ccode\u003e@​zebbern\u003c/code\u003e\u003c/a\u003e for identifying the need to block \u003ccode\u003ecore.fsmonitor\u003c/code\u003e.\nThanks to \u003ca href=\"https://github.com/kodareef5\"\u003e\u003ccode\u003e@​kodareef5\u003c/code\u003e\u003c/a\u003e for identifying the need to block \u003ccode\u003eGIT_CONFIG_COUNT\u003c/code\u003e environment variables and \u003ccode\u003e--template\u003c/code\u003e / \u003ccode\u003emerge\u003c/code\u003e related config.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e1ad57e8: Remove conflicting node:buffer import\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [89a2294]\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [675570a]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/argv-parser\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.1.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/args-pathspec\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esimple-git@3.35.2\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e0cf9d8c: Improvements for mono-repo publishing pipeline\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [0cf9d8c]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/args-pathspec\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.2\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/argv-parser\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esimple-git@3.35.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e0de400e: Update monorepo version handling during publish\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [0de400e]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/argv-parser\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.2\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esimple-git@3.33.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ea263635: Use \u003ccode\u003epathspec\u003c/code\u003e wrappers for remote and local paths when running either \u003ccode\u003egit.clone\u003c/code\u003e or \u003ccode\u003egit.mirror\u003c/code\u003e to\navoid leaving them less open for unexpected outcomes when passing unsanitised data into these tasks.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003ee253a0d: Enhanced \u003ccode\u003egit -c\u003c/code\u003e checks in \u003ccode\u003eunsafe\u003c/code\u003e plugin.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/JohannesLks\"\u003e\u003ccode\u003e@​JohannesLks\u003c/code\u003e\u003c/a\u003e for identifying the issue\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esimple-git@3.32.3\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ef704208: Enhanced \u003ccode\u003eprotocol.allow\u003c/code\u003e checks in \u003ccode\u003eallowUnsafeExtProtocol\u003c/code\u003e handling.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/steveukx/git-js/blob/main/simple-git/CHANGELOG.md\"\u003esimple-git's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.36.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e89a2294: Extend known exploitable configuration keys and per-task environment variables.\u003c/p\u003e\n\u003cp\u003eNote - \u003ccode\u003eParsedVulnerabilities\u003c/code\u003e from \u003ccode\u003eargv-parser\u003c/code\u003e is removed in favour of a readonly array of \u003ccode\u003eVulnerability\u003c/code\u003e to match usage in \u003ccode\u003esimple-git\u003c/code\u003e, rolled into the new \u003ccode\u003evulnerabilityCheck\u003c/code\u003e for simpler access to the identified issues.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/zebbern\"\u003e\u003ccode\u003e@​zebbern\u003c/code\u003e\u003c/a\u003e for identifying the need to block \u003ccode\u003ecore.fsmonitor\u003c/code\u003e.\nThanks to \u003ca href=\"https://github.com/kodareef5\"\u003e\u003ccode\u003e@​kodareef5\u003c/code\u003e\u003c/a\u003e for identifying the need to block \u003ccode\u003eGIT_CONFIG_COUNT\u003c/code\u003e environment variables and \u003ccode\u003e--template\u003c/code\u003e / \u003ccode\u003emerge\u003c/code\u003e related config.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e1ad57e8: Remove conflicting node:buffer import\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [89a2294]\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [675570a]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/argv-parser\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.1.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/args-pathspec\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.35.2\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e0cf9d8c: Improvements for mono-repo publishing pipeline\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [0cf9d8c]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/args-pathspec\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.2\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/argv-parser\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.35.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e0de400e: Update monorepo version handling during publish\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [0de400e]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/argv-parser\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.2\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.35.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e3d8708b: Updating publish config\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated dependencies [3d8708b]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/args-pathspec\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.1\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/argv-parser\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.34.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/7dc1a532a9ec92fb08c93202954be73175b07d83\"\u003e\u003ccode\u003e7dc1a53\u003c/code\u003e\u003c/a\u003e Version Packages\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/76f5376bd418cb8baf5ec32757af442d47128e22\"\u003e\u003ccode\u003e76f5376\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://github.com/steveukx/git-js/tree/HEAD/simple-git/issues/1061\"\u003e#1061\u003c/a\u003e from Vinzent03/fix/buffer-import\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/89a2294febed5dfe737c4c735d936bb6018746a8\"\u003e\u003ccode\u003e89a2294\u003c/code\u003e\u003c/a\u003e Environment Parsing (\u003ca href=\"https://github.com/steveukx/git-js/tree/HEAD/simple-git/issues/1156\"\u003e#1156\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/1b91b762f047777ca6686f34ac3f7b8a543a4780\"\u003e\u003ccode\u003e1b91b76\u003c/code\u003e\u003c/a\u003e fix: remove explicit node:buffer import\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/e390685960a3461875dce89d87ab80e3143d79fe\"\u003e\u003ccode\u003ee390685\u003c/code\u003e\u003c/a\u003e Version Packages\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/3c9e4b8309667d0cb4102cda770f92075fc781dd\"\u003e\u003ccode\u003e3c9e4b8\u003c/code\u003e\u003c/a\u003e Pin version of \u003ccode\u003e@​simple-git/args-pathspec\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/94ee21fd5a2a6182fbf0f218a5efca2057b567cd\"\u003e\u003ccode\u003e94ee21f\u003c/code\u003e\u003c/a\u003e Export \u003ccode\u003epathspec\u003c/code\u003e types through \u003ccode\u003esimple-git\u003c/code\u003e for backward compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/6d7cb5174273aa33d131172d3770cb386e795171\"\u003e\u003ccode\u003e6d7cb51\u003c/code\u003e\u003c/a\u003e Version Packages\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/0de400e7b014a48113acf673b3409a95b9c87a15\"\u003e\u003ccode\u003e0de400e\u003c/code\u003e\u003c/a\u003e Switch to semver from workspace revisions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/2264722abcb637042dd4cc50d903d69e4ee14b38\"\u003e\u003ccode\u003e2264722\u003c/code\u003e\u003c/a\u003e Version Packages\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/steveukx/git-js/commits/simple-git@3.36.0/simple-git\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for simple-git since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `undici` from 7.10.0 to 7.25.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodejs/undici/releases\"\u003eundici's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.25.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.24.8...v7.25.0\"\u003ehttps://github.com/nodejs/undici/compare/v7.24.8...v7.25.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.24.8\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: backport 401 stream-backed body fix to v7.x by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/5006\"\u003enodejs/undici#5006\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.24.7...v7.24.8\"\u003ehttps://github.com/nodejs/undici/compare/v7.24.7...v7.24.8\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.24.7\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: update broken links in file \u0026quot;Dispatcher.md\u0026quot; by \u003ca href=\"https://github.com/samuel871211\"\u003e\u003ccode\u003e@​samuel871211\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4924\"\u003enodejs/undici#4924\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edoc: remove unused parameter \u003ccode\u003eredirectionLimitReached\u003c/code\u003e by \u003ca href=\"https://github.com/samuel871211\"\u003e\u003ccode\u003e@​samuel871211\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4933\"\u003enodejs/undici#4933\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: skip flaky macOS Node 20 cookie fetch cases by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4932\"\u003enodejs/undici#4932\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(types): align Response with DOM fetch types by \u003ca href=\"https://github.com/theamodhshetty\"\u003e\u003ccode\u003e@​theamodhshetty\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4867\"\u003enodejs/undici#4867\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(types): Fix clone method type declaration to be an instance method rather than instance property by \u003ca href=\"https://github.com/mistval\"\u003e\u003ccode\u003e@​mistval\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4925\"\u003enodejs/undici#4925\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: skip IPv6 tests when IPv6 is not available by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4939\"\u003enodejs/undici#4939\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: correctly handle multi-value rawHeaders in fetch by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4938\"\u003enodejs/undici#4938\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eignore AGENTS.md by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4942\"\u003enodejs/undici#4942\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/samuel871211\"\u003e\u003ccode\u003e@​samuel871211\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4924\"\u003enodejs/undici#4924\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mistval\"\u003e\u003ccode\u003e@​mistval\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4925\"\u003enodejs/undici#4925\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.24.6...v7.24.7\"\u003ehttps://github.com/nodejs/undici/compare/v7.24.6...v7.24.7\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.24.6\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(test): client wasm compatible with clang 22 by \u003ca href=\"https://github.com/rozzilla\"\u003e\u003ccode\u003e@​rozzilla\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4909\"\u003enodejs/undici#4909\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(mock): improve error message when intercepts are exhausted by \u003ca href=\"https://github.com/travisbreaks\"\u003e\u003ccode\u003e@​travisbreaks\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4912\"\u003enodejs/undici#4912\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(websocket): support open diagnostics over h2 by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4921\"\u003enodejs/undici#4921\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: assume http/https scheme for scheme-less proxy env vars by \u003ca href=\"https://github.com/travisbreaks\"\u003e\u003ccode\u003e@​travisbreaks\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4914\"\u003enodejs/undici#4914\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(cache): check Authorization on request headers per RFC 9111 §3.5 by \u003ca href=\"https://github.com/metalix2\"\u003e\u003ccode\u003e@​metalix2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4911\"\u003enodejs/undici#4911\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: wrap kConnector call in try/catch to prevent client hang by \u003ca href=\"https://github.com/veeceey\"\u003e\u003ccode\u003e@​veeceey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4834\"\u003enodejs/undici#4834\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: clarify fetch and FormData pairing by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4922\"\u003enodejs/undici#4922\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: support Connection header with connection-specific header names per RFC 7230 by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4775\"\u003enodejs/undici#4775\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: avoid prototype collisions in parseHeaders by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4923\"\u003enodejs/undici#4923\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump typescript from 5.9.3 to 6.0.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4926\"\u003enodejs/undici#4926\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: auto-init WPT submodule by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4930\"\u003enodejs/undici#4930\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rozzilla\"\u003e\u003ccode\u003e@​rozzilla\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4909\"\u003enodejs/undici#4909\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/veeceey\"\u003e\u003ccode\u003e@​veeceey\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4834\"\u003enodejs/undici#4834\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.24.5...v7.24.6\"\u003ehttps://github.com/nodejs/undici/compare/v7.24.5...v7.24.6\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/12d9045923b7caebb1ae6975ef34c29dbcfd95d0\"\u003e\u003ccode\u003e12d9045\u003c/code\u003e\u003c/a\u003e Bumped v7.25.0 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/5025\"\u003e#5025\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/7a6f7febb30a30748a04f38c21e3641c77d21b0e\"\u003e\u003ccode\u003e7a6f7fe\u003c/code\u003e\u003c/a\u003e Bumped v7.24.8 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/5020\"\u003e#5020\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/1f85ae4b27ed6401e7ccc35eb546ad2e5976121f\"\u003e\u003ccode\u003e1f85ae4\u003c/code\u003e\u003c/a\u003e fix: avoid 401 failures for stream-backed request bodies (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4941\"\u003e#4941\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/5006\"\u003e#5006\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/c6610674dfad7c205ddf0f27831133973ad7894e\"\u003e\u003ccode\u003ec661067\u003c/code\u003e\u003c/a\u003e chore: update v7.x maintenance release flow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/84f23e2a19cd0f585579c4257d801e4ec2d65dbd\"\u003e\u003ccode\u003e84f23e2\u003c/code\u003e\u003c/a\u003e Bumped v7.24.7 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4947\"\u003e#4947\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/a770b1033201984b9e8082a9bf955414bff5dc2e\"\u003e\u003ccode\u003ea770b10\u003c/code\u003e\u003c/a\u003e ignore AGENTS.md (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4942\"\u003e#4942\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/6acd19beaf67c1a2d07bcd38f40d0b751a81e7cc\"\u003e\u003ccode\u003e6acd19b\u003c/code\u003e\u003c/a\u003e fix: correctly handle multi-value rawHeaders in fetch (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4938\"\u003e#4938\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/1da1c747c7d6e01b93ab295e0efb86623f3c8e06\"\u003e\u003ccode\u003e1da1c74\u003c/code\u003e\u003c/a\u003e test: skip IPv6 tests when IPv6 is not available (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4939\"\u003e#4939\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/04cb77327f7ada95c2e5b67424cddcb22d7bf882\"\u003e\u003ccode\u003e04cb773\u003c/code\u003e\u003c/a\u003e fix(types): Fix clone method type declaration to be an instance method rather...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/5145a7c47080d1715b2723591def3a75b0c3ba63\"\u003e\u003ccode\u003e5145a7c\u003c/code\u003e\u003c/a\u003e fix(types): align Response with DOM fetch types (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4867\"\u003e#4867\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nodejs/undici/compare/v7.10.0...v7.25.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for undici since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `brace-expansion` from 1.1.12 to 1.1.14\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/10c05fcf3699b1a29ef5e611c011af3d3c97e6e3\"\u003e\u003ccode\u003e10c05fc\u003c/code\u003e\u003c/a\u003e 1.1.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/1afa1b22ead12f6a7a02f25bf0f7d64c2439b007\"\u003e\u003ccode\u003e1afa1b2\u003c/code\u003e\u003c/a\u003e Add opt-in { max } mitigation to v1 legacy line (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/2fbb6a2aa0f984bb2fb5f60252ca6cba3e1368ec\"\u003e\u003ccode\u003e2fbb6a2\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commi...\n\n_Description has been truncated_\n\n\u003c!-- This is an auto-generated description by cubic. --\u003e\n---\n## Summary by cubic\nUpgrade dependency group across root, core, and VS Code companion to pick up security fixes and keep tooling current. Notable bumps include `lodash` 4.18.1, `diff` 9.x/8.x, `@opentelemetry/sdk-node` 0.217.0, and `@modelcontextprotocol/sdk` 1.29.0 (root/core) and 1.26.0 (VS Code).\n\n- **Dependencies**\n  - `lodash` → 4.18.1 (security fixes for prototype pollution and template injection).\n  - `diff` → 9.0.0 in `packages/cli`, 8.0.3 in `packages/core` (ES5 dropped; better Git patch support; stricter header handling).\n  - `@opentelemetry/sdk-node` → 0.217.0 (updated declarative config, diag logging behavior).\n  - `@modelcontextprotocol/sdk` → 1.29.0 (root/core), `1.26.0` (`packages/vscode-ide-companion`).\n  - Tooling and libs: `simple-git` 3.36.0, `undici` 7.25.0, `rollup` 4.60.3, `vite` 7.3.3, plus minor `minimatch`/`brace-expansion`/`ajv` updates.\n\n- **Migration**\n  - If you use `diff.parsePatch/formatPatch`, review Git-style headers and filename quoting; unpaired headers now throw and filename fields can be `undefined`.\n  - Verify OpenTelemetry config: check `log_level` values and YAML validity (invalid config now yields a noop SDK); confirm tracing/metrics still export.\n  - Reinstall deps and rebuild the workspace to update lockfiles across all packages.\n\n\u003csup\u003eWritten for commit 480058b30dcde60a7280fee00e253c7dc559ce92. Summary will update on new commits.\u003c/sup\u003e\n\n\u003c!-- End of auto-generated description by cubic. --\u003e\n\n\n\n\u003c!-- Macroscope's pull request summary starts here --\u003e\n\u003c!-- Macroscope will only edit the content between these invisible markers, and the markers themselves will not be visible in the GitHub rendered markdown. --\u003e\n\u003c!-- If you delete either of the start / end markers from your PR's description, Macroscope will append its summary at the bottom of the description. --\u003e\n\u003e [!NOTE]\n\u003e ### Bump npm dependencies including `@opentelemetry/sdk-node`, `@modelcontextprotocol/sdk`, `lodash`, and `diff`\n\u003e - Updates `lodash` from `^4.17.21` to `^4.18.1` in the root package\n\u003e - Updates `diff` from `^7.0.0` to `^9.0.0` in `packages/cli` and to `^8.0.3` in `packages/core`\n\u003e - Updates `@opentelemetry/sdk-node` from `^0.52.0` to `^0.217.0` in `packages/core`\n\u003e - Updates `@modelcontextprotocol/sdk` from `^1.15.1` to `^1.26.0` in `packages/vscode-ide-companion`\n\u003e\n\u003e \u003c!-- Macroscope's review summary starts here --\u003e\n\u003e\n\u003e \u003csup\u003e\u003ca href=\"https://app.macroscope.com\"\u003eMacroscope\u003c/a\u003e summarized 480058b.\u003c/sup\u003e\n\u003e \u003c!-- Macroscope's review summary ends here --\u003e\n\u003e\n\u003c!-- macroscope-ui-refresh --\u003e\n\u003c!-- Macroscope's pull request summary ends here --\u003e","html_url":"https://github.com/RemyLoveLogicAI/gemini-cli/pull/33","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/RemyLoveLogicAI%2Fgemini-cli/issues/33","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/33/packages"}},{"old_version":"4.0.0","new_version":"4.0.1","update_type":"patch","path":null,"pr_created_at":"2026-05-13T00:16:16.000Z","version_change":"4.0.0 → 4.0.1","issue":{"uuid":"4433525844","node_id":"PR_kwDOPk9Rs87a5QmI","number":26,"state":"open","title":"chore(deps): bump the npm_and_yarn group across 2 directories with 20 updates","user":"dependabot[bot]","labels":["dependencies","javascript","size/S"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-13T00:16:16.000Z","updated_at":"2026-05-13T00:16:21.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"npm_and_yarn","update_count":20,"packages":[{"name":"simple-git","old_version":"3.28.0","new_version":"3.36.0","repository_url":"https://github.com/steveukx/git-js"},{"name":"glob","old_version":"10.4.5","new_version":"10.5.0","repository_url":"https://github.com/isaacs/node-glob"},{"name":"lodash","old_version":"4.17.21","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"tar","old_version":"7.4.3","new_version":"7.5.11","repository_url":"https://github.com/isaacs/node-tar"},{"name":"@modelcontextprotocol/sdk","old_version":"1.15.1","new_version":"1.29.0","repository_url":"https://github.com/modelcontextprotocol/typescript-sdk"},{"name":"diff","old_version":"7.0.0","new_version":"9.0.0","repository_url":"https://github.com/kpdecker/jsdiff"},{"name":"undici","old_version":"7.10.0","new_version":"7.25.0","repository_url":"https://github.com/nodejs/undici"},{"name":"ajv","old_version":"8.17.1","new_version":"8.18.0","repository_url":"https://github.com/ajv-validator/ajv"},{"name":"fast-uri","old_version":"3.0.6","new_version":"3.1.2","repository_url":"https://github.com/fastify/fast-uri"},{"name":"picomatch","old_version":"4.0.3","new_version":"4.0.4","repository_url":"https://github.com/micromatch/picomatch"},{"name":"brace-expansion","old_version":"1.1.12","new_version":"1.1.14","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"minimatch","old_version":"3.1.2","new_version":"3.1.5","repository_url":"https://github.com/isaacs/minimatch"},{"name":"fast-xml-parser","old_version":"4.5.3","new_version":"5.8.0","repository_url":"https://github.com/NaturalIntelligence/fast-xml-parser"},{"name":"flatted","old_version":"3.3.3","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"js-yaml","old_version":"4.1.0","new_version":"4.1.1","repository_url":"https://github.com/nodeca/js-yaml"},{"name":"jws","old_version":"4.0.0","new_version":"4.0.1","repository_url":"https://github.com/brianloveswords/node-jws"},{"name":"path-to-regexp","old_version":"8.2.0","new_version":"8.4.2","repository_url":"https://github.com/pillarjs/path-to-regexp"},{"name":"rollup","old_version":"4.44.0","new_version":"4.60.3","repository_url":"https://github.com/rollup/rollup"},{"name":"vite","old_version":"7.1.5","new_version":"7.3.3","repository_url":"https://github.com/vitejs/vite"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 19 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [simple-git](https://github.com/steveukx/git-js/tree/HEAD/simple-git) | `3.28.0` | `3.36.0` |\n| [glob](https://github.com/isaacs/node-glob) | `10.4.5` | `10.5.0` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [tar](https://github.com/isaacs/node-tar) | `7.4.3` | `7.5.11` |\n| [@modelcontextprotocol/sdk](https://github.com/modelcontextprotocol/typescript-sdk) | `1.15.1` | `1.29.0` |\n| [diff](https://github.com/kpdecker/jsdiff) | `7.0.0` | `9.0.0` |\n| [undici](https://github.com/nodejs/undici) | `7.10.0` | `7.25.0` |\n| [ajv](https://github.com/ajv-validator/ajv) | `8.17.1` | `8.18.0` |\n| [fast-uri](https://github.com/fastify/fast-uri) | `3.0.6` | `3.1.2` |\n| [picomatch](https://github.com/micromatch/picomatch) | `4.0.3` | `4.0.4` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.12` | `1.1.14` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) | `4.5.3` | `5.8.0` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `4.1.0` | `4.1.1` |\n| [jws](https://github.com/brianloveswords/node-jws) | `4.0.0` | `4.0.1` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `8.2.0` | `8.4.2` |\n| [rollup](https://github.com/rollup/rollup) | `4.44.0` | `4.60.3` |\n| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `7.1.5` | `7.3.3` |\n\nBumps the npm_and_yarn group with 1 update in the /packages/core directory: [diff](https://github.com/kpdecker/jsdiff).\n\nUpdates `simple-git` from 3.28.0 to 3.36.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/steveukx/git-js/releases\"\u003esimple-git's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003esimple-git@3.36.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e89a2294: Extend known exploitable configuration keys and per-task environment variables.\u003c/p\u003e\n\u003cp\u003eNote - \u003ccode\u003eParsedVulnerabilities\u003c/code\u003e from \u003ccode\u003eargv-parser\u003c/code\u003e is removed in favour of a readonly array of \u003ccode\u003eVulnerability\u003c/code\u003e to match usage in \u003ccode\u003esimple-git\u003c/code\u003e, rolled into the new \u003ccode\u003evulnerabilityCheck\u003c/code\u003e for simpler access to the identified issues.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/zebbern\"\u003e\u003ccode\u003e@​zebbern\u003c/code\u003e\u003c/a\u003e for identifying the need to block \u003ccode\u003ecore.fsmonitor\u003c/code\u003e.\nThanks to \u003ca href=\"https://github.com/kodareef5\"\u003e\u003ccode\u003e@​kodareef5\u003c/code\u003e\u003c/a\u003e for identifying the need to block \u003ccode\u003eGIT_CONFIG_COUNT\u003c/code\u003e environment variables and \u003ccode\u003e--template\u003c/code\u003e / \u003ccode\u003emerge\u003c/code\u003e related config.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e1ad57e8: Remove conflicting node:buffer import\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [89a2294]\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [675570a]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/argv-parser\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.1.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/args-pathspec\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esimple-git@3.35.2\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e0cf9d8c: Improvements for mono-repo publishing pipeline\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [0cf9d8c]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/args-pathspec\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.2\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/argv-parser\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esimple-git@3.35.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e0de400e: Update monorepo version handling during publish\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [0de400e]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/argv-parser\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.2\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esimple-git@3.33.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ea263635: Use \u003ccode\u003epathspec\u003c/code\u003e wrappers for remote and local paths when running either \u003ccode\u003egit.clone\u003c/code\u003e or \u003ccode\u003egit.mirror\u003c/code\u003e to\navoid leaving them less open for unexpected outcomes when passing unsanitised data into these tasks.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003ee253a0d: Enhanced \u003ccode\u003egit -c\u003c/code\u003e checks in \u003ccode\u003eunsafe\u003c/code\u003e plugin.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/JohannesLks\"\u003e\u003ccode\u003e@​JohannesLks\u003c/code\u003e\u003c/a\u003e for identifying the issue\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esimple-git@3.32.3\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ef704208: Enhanced \u003ccode\u003eprotocol.allow\u003c/code\u003e checks in \u003ccode\u003eallowUnsafeExtProtocol\u003c/code\u003e handling.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/steveukx/git-js/blob/main/simple-git/CHANGELOG.md\"\u003esimple-git's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.36.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e89a2294: Extend known exploitable configuration keys and per-task environment variables.\u003c/p\u003e\n\u003cp\u003eNote - \u003ccode\u003eParsedVulnerabilities\u003c/code\u003e from \u003ccode\u003eargv-parser\u003c/code\u003e is removed in favour of a readonly array of \u003ccode\u003eVulnerability\u003c/code\u003e to match usage in \u003ccode\u003esimple-git\u003c/code\u003e, rolled into the new \u003ccode\u003evulnerabilityCheck\u003c/code\u003e for simpler access to the identified issues.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/zebbern\"\u003e\u003ccode\u003e@​zebbern\u003c/code\u003e\u003c/a\u003e for identifying the need to block \u003ccode\u003ecore.fsmonitor\u003c/code\u003e.\nThanks to \u003ca href=\"https://github.com/kodareef5\"\u003e\u003ccode\u003e@​kodareef5\u003c/code\u003e\u003c/a\u003e for identifying the need to block \u003ccode\u003eGIT_CONFIG_COUNT\u003c/code\u003e environment variables and \u003ccode\u003e--template\u003c/code\u003e / \u003ccode\u003emerge\u003c/code\u003e related config.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e1ad57e8: Remove conflicting node:buffer import\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [89a2294]\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [675570a]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/argv-parser\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.1.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/args-pathspec\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.35.2\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e0cf9d8c: Improvements for mono-repo publishing pipeline\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [0cf9d8c]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/args-pathspec\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.2\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/argv-parser\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.35.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e0de400e: Update monorepo version handling during publish\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [0de400e]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/argv-parser\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.2\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.35.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e3d8708b: Updating publish config\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated dependencies [3d8708b]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/args-pathspec\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.1\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​simple-git/argv-parser\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.34.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/7dc1a532a9ec92fb08c93202954be73175b07d83\"\u003e\u003ccode\u003e7dc1a53\u003c/code\u003e\u003c/a\u003e Version Packages\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/76f5376bd418cb8baf5ec32757af442d47128e22\"\u003e\u003ccode\u003e76f5376\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://github.com/steveukx/git-js/tree/HEAD/simple-git/issues/1061\"\u003e#1061\u003c/a\u003e from Vinzent03/fix/buffer-import\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/89a2294febed5dfe737c4c735d936bb6018746a8\"\u003e\u003ccode\u003e89a2294\u003c/code\u003e\u003c/a\u003e Environment Parsing (\u003ca href=\"https://github.com/steveukx/git-js/tree/HEAD/simple-git/issues/1156\"\u003e#1156\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/1b91b762f047777ca6686f34ac3f7b8a543a4780\"\u003e\u003ccode\u003e1b91b76\u003c/code\u003e\u003c/a\u003e fix: remove explicit node:buffer import\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/e390685960a3461875dce89d87ab80e3143d79fe\"\u003e\u003ccode\u003ee390685\u003c/code\u003e\u003c/a\u003e Version Packages\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/3c9e4b8309667d0cb4102cda770f92075fc781dd\"\u003e\u003ccode\u003e3c9e4b8\u003c/code\u003e\u003c/a\u003e Pin version of \u003ccode\u003e@​simple-git/args-pathspec\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/94ee21fd5a2a6182fbf0f218a5efca2057b567cd\"\u003e\u003ccode\u003e94ee21f\u003c/code\u003e\u003c/a\u003e Export \u003ccode\u003epathspec\u003c/code\u003e types through \u003ccode\u003esimple-git\u003c/code\u003e for backward compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/6d7cb5174273aa33d131172d3770cb386e795171\"\u003e\u003ccode\u003e6d7cb51\u003c/code\u003e\u003c/a\u003e Version Packages\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/0de400e7b014a48113acf673b3409a95b9c87a15\"\u003e\u003ccode\u003e0de400e\u003c/code\u003e\u003c/a\u003e Switch to semver from workspace revisions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/2264722abcb637042dd4cc50d903d69e4ee14b38\"\u003e\u003ccode\u003e2264722\u003c/code\u003e\u003c/a\u003e Version Packages\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/steveukx/git-js/commits/simple-git@3.36.0/simple-git\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for simple-git since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `glob` from 10.4.5 to 10.5.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-glob/commit/56774ef73b495eb0b17cdd0f42921f5ef62297c1\"\u003e\u003ccode\u003e56774ef\u003c/code\u003e\u003c/a\u003e 10.5.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-glob/commit/1e4e297342a09f2aa0ced87fcd4a70ddc325d75f\"\u003e\u003ccode\u003e1e4e297\u003c/code\u003e\u003c/a\u003e bin: Do not expose filenames to shell expansion\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/isaacs/node-glob/compare/v10.4.5...v10.5.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lodash` from 4.17.21 to 4.18.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lodash/lodash/releases\"\u003elodash's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.18.1\u003c/h2\u003e\n\u003ch2\u003eBugs\u003c/h2\u003e\n\u003cp\u003eFixes a \u003ccode\u003eReferenceError\u003c/code\u003e issue in \u003ccode\u003elodash\u003c/code\u003e \u003ccode\u003elodash-es\u003c/code\u003e \u003ccode\u003elodash-amd\u003c/code\u003e and \u003ccode\u003elodash.template\u003c/code\u003e when using the \u003ccode\u003etemplate\u003c/code\u003e and \u003ccode\u003efromPairs\u003c/code\u003e functions from the modular builds. See \u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6167#issuecomment-4165269769\"\u003elodash/lodash#6167\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThese defects were related to how lodash distributions are built from the main branch using \u003ca href=\"https://github.com/lodash-archive/lodash-cli\"\u003ehttps://github.com/lodash-archive/lodash-cli\u003c/a\u003e. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.\u003c/p\u003e\n\u003cp\u003eThere is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003elodash\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-es\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-amd\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash.template\u003c/code\u003e\u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.18.0\u003c/h2\u003e\n\u003ch2\u003ev4.18.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.23...4.18.0\"\u003ehttps://github.com/lodash/lodash/compare/4.17.23...4.18.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.unset\u003c/code\u003e / \u003ccode\u003e_.omit\u003c/code\u003e\u003c/strong\u003e: Fixed prototype pollution via \u003ccode\u003econstructor\u003c/code\u003e/\u003ccode\u003eprototype\u003c/code\u003e path traversal (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-f23m-r3pf-42rh\"\u003eGHSA-f23m-r3pf-42rh\u003c/a\u003e, \u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003efe8d32e\u003c/a\u003e). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now \u003ccode\u003econstructor\u003c/code\u003e and \u003ccode\u003eprototype\u003c/code\u003e are blocked unconditionally as non-terminal path keys, matching \u003ccode\u003ebaseSet\u003c/code\u003e. Calls that previously returned \u003ccode\u003etrue\u003c/code\u003e and deleted the property now return \u003ccode\u003efalse\u003c/code\u003e and leave the target untouched.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.template\u003c/code\u003e\u003c/strong\u003e: Fixed code injection via \u003ccode\u003eimports\u003c/code\u003e keys (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-r5fr-rjxr-66jc\"\u003eGHSA-r5fr-rjxr-66jc\u003c/a\u003e, CVE-2026-4800, \u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e879aaa9\u003c/a\u003e). Fixes an incomplete patch for CVE-2021-23337. The \u003ccode\u003evariable\u003c/code\u003e option was validated against \u003ccode\u003ereForbiddenIdentifierChars\u003c/code\u003e but \u003ccode\u003eimportsKeys\u003c/code\u003e was left unguarded, allowing code injection via the same \u003ccode\u003eFunction()\u003c/code\u003e constructor sink. \u003ccode\u003eimports\u003c/code\u003e keys containing forbidden identifier characters now throw \u003ccode\u003e\u0026quot;Invalid imports option passed into _.template\u0026quot;\u003c/code\u003e.\u003c/p\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd security notice for \u003ccode\u003e_.template\u003c/code\u003e in threat model and API docs (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6099\"\u003e#6099\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDocument \u003ccode\u003elower \u0026gt; upper\u003c/code\u003e behavior in \u003ccode\u003e_.random\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6115\"\u003e#6115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix quotes in \u003ccode\u003e_.compact\u003c/code\u003e jsdoc (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6090\"\u003e#6090\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ccode\u003elodash.*\u003c/code\u003e modular packages\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6157\"\u003eDiff\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eWe have also regenerated and published a select number of the \u003ccode\u003elodash.*\u003c/code\u003e modular packages.\u003c/p\u003e\n\u003cp\u003eThese modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.orderby\"\u003elodash.orderby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.tonumber\"\u003elodash.tonumber\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trim\"\u003elodash.trim\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trimend\"\u003elodash.trimend\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.sortedindexby\"\u003elodash.sortedindexby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.zipobjectdeep\"\u003elodash.zipobjectdeep\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.unset\"\u003elodash.unset\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.omit\"\u003elodash.omit\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.template\"\u003elodash.template\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/cb0b9b9212521c08e3eafe7c8cb0af1b42b6649e\"\u003e\u003ccode\u003ecb0b9b9\u003c/code\u003e\u003c/a\u003e release(patch): bump main to 4.18.1 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6177\"\u003e#6177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/75535f57883b7225adb96de1cfc1cd4169cfcb51\"\u003e\u003ccode\u003e75535f5\u003c/code\u003e\u003c/a\u003e chore: prune stale advisory refs (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6170\"\u003e#6170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/62e91bc6a39c98d85b9ada8c44d40593deaf82a4\"\u003e\u003ccode\u003e62e91bc\u003c/code\u003e\u003c/a\u003e docs: remove n_ Node.js \u0026lt; 6 REPL note from README (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6165\"\u003e#6165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/59be2de61f8aa9461c7856533b51d31b7d8babc4\"\u003e\u003ccode\u003e59be2de\u003c/code\u003e\u003c/a\u003e release(minor): bump to 4.18.0 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6161\"\u003e#6161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/af634573030f979194871da7c68f79420992f53d\"\u003e\u003ccode\u003eaf63457\u003c/code\u003e\u003c/a\u003e fix: broken tests for _.template 879aaa9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/1073a7693e1727e0cf3641e5f71f75ddcf8de7c0\"\u003e\u003ccode\u003e1073a76\u003c/code\u003e\u003c/a\u003e fix: linting issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e\u003ccode\u003e879aaa9\u003c/code\u003e\u003c/a\u003e fix: validate imports keys in _.template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003e\u003ccode\u003efe8d32e\u003c/code\u003e\u003c/a\u003e fix: block prototype pollution in baseUnset via constructor/prototype traversal\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/18ba0a32f42fd02117f096b032f89c984173462d\"\u003e\u003ccode\u003e18ba0a3\u003c/code\u003e\u003c/a\u003e refactor(fromPairs): use baseAssignValue for consistent assignment (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6153\"\u003e#6153\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/b8190803d48d60b8c80ad45d39125f32fa618cb2\"\u003e\u003ccode\u003eb819080\u003c/code\u003e\u003c/a\u003e ci: add dist sync validation workflow (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6137\"\u003e#6137\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.21...4.18.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `tar` from 7.4.3 to 7.5.11\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md\"\u003etar's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003e7.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003ezstd\u003c/code\u003e compression support.\u003c/li\u003e\n\u003cli\u003eConsistent TOCTOU behavior in sync t.list\u003c/li\u003e\n\u003cli\u003eOnly read from ustar block if not specified in Pax\u003c/li\u003e\n\u003cli\u003eFix sync tar.list when file size reduces while reading\u003c/li\u003e\n\u003cli\u003eSanitize absolute linkpaths properly\u003c/li\u003e\n\u003cli\u003ePrevent writing hardlink entries to the archive ahead of their\nfile target\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate \u003ccode\u003eonentry\u003c/code\u003e in favor of \u003ccode\u003eonReadEntry\u003c/code\u003e for clarity.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eonWriteEntry\u003c/code\u003e option\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDRY the command definitions into a single \u003ccode\u003emakeCommand\u003c/code\u003e method,\nand update the type signatures to more appropriately infer the\nreturn type from the options and arguments provided.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate minipass to v7.1.0\u003c/li\u003e\n\u003cli\u003eUpdate the type definitions of \u003ccode\u003ewrite()\u003c/code\u003e and \u003ccode\u003eend()\u003c/code\u003e methods on\n\u003ccode\u003eUnpack\u003c/code\u003e and \u003ccode\u003eParser\u003c/code\u003e classes to be compatible with the\nNodeJS.WritableStream type in the latest versions of\n\u003ccode\u003e@types/node\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for node \u0026lt;18\u003c/li\u003e\n\u003cli\u003eRewrite in TypeScript, provide ESM and CommonJS hybrid\ninterface\u003c/li\u003e\n\u003cli\u003eAdd tree-shake friendly exports, like \u003ccode\u003eimport('tar/create')\u003c/code\u003e\nand \u003ccode\u003eimport('tar/read-entry')\u003c/code\u003e to get individual functions or\nclasses.\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003echmod\u003c/code\u003e option that defaults to false, and deprecate\n\u003ccode\u003enoChmod\u003c/code\u003e. That is, reverse the default option regarding\nexplicitly setting file system modes to match tar entry\nsettings.\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eprocessUmask\u003c/code\u003e option to avoid having to call\n\u003ccode\u003eprocess.umask()\u003c/code\u003e when \u003ccode\u003echmod: true\u003c/code\u003e (or \u003ccode\u003enoChmod: false\u003c/code\u003e) is\nset.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/bf776f673164215074b62749e0fe80e5834588f4\"\u003e\u003ccode\u003ebf776f6\u003c/code\u003e\u003c/a\u003e 7.5.11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/f48b5fa3b7985ddab96dc0f2125a4ffc9911b6ad\"\u003e\u003ccode\u003ef48b5fa\u003c/code\u003e\u003c/a\u003e prevent escaping symlinks with drive-relative paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/97cff15d3539a37a4095eb3d287147d9d77c2dc3\"\u003e\u003ccode\u003e97cff15\u003c/code\u003e\u003c/a\u003e docs: more security info\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/2b72abc1d47c3570e1ad95c9ab557fc4c2e6e4b1\"\u003e\u003ccode\u003e2b72abc\u003c/code\u003e\u003c/a\u003e 7.5.10\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/7bc755dd85e623c0279e08eb3784909e6d7e4b9f\"\u003e\u003ccode\u003e7bc755d\u003c/code\u003e\u003c/a\u003e parse root off paths before sanitizing .. parts\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/c8cb84629dee649feedde03f2f4ea48f2e44e778\"\u003e\u003ccode\u003ec8cb846\u003c/code\u003e\u003c/a\u003e update deps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/1f0c2c9006b10199cf2686f8ef43e79a1773e1aa\"\u003e\u003ccode\u003e1f0c2c9\u003c/code\u003e\u003c/a\u003e 7.5.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/fbb08518bf290733b68ca4d4135f75becf73fd75\"\u003e\u003ccode\u003efbb0851\u003c/code\u003e\u003c/a\u003e build minified version as default export\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/6b8eba0ef367ac937e703238daa6df94ae6f823f\"\u003e\u003ccode\u003e6b8eba0\u003c/code\u003e\u003c/a\u003e 7.5.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/2cb1120bcefe28d7ecc719b41441ade59c52e384\"\u003e\u003ccode\u003e2cb1120\u003c/code\u003e\u003c/a\u003e fix(unpack): improve UnpackSync symlink error \u0026quot;into\u0026quot; path accuracy\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/node-tar/compare/v7.4.3...v7.5.11\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~isaacs\"\u003eisaacs\u003c/a\u003e, a new releaser for tar since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@modelcontextprotocol/sdk` from 1.15.1 to 1.29.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/releases\"\u003e@​modelcontextprotocol/sdk's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.29.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: treat v1.x as primary branch for npm latest tag (backport \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1577\"\u003e#1577\u003c/a\u003e) by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1749\"\u003emodelcontextprotocol/typescript-sdk#1749\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[v1.x] fix: disallow null (infinite) requested TTL by \u003ca href=\"https://github.com/LucaButBoring\"\u003e\u003ccode\u003e@​LucaButBoring\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1339\"\u003emodelcontextprotocol/typescript-sdk#1339\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[v1.x] fix: add missing size field to ResourceSchema by \u003ca href=\"https://github.com/olaservo\"\u003e\u003ccode\u003e@​olaservo\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1575\"\u003emodelcontextprotocol/typescript-sdk#1575\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd typings exports by \u003ca href=\"https://github.com/tdraier\"\u003e\u003ccode\u003e@​tdraier\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1623\"\u003emodelcontextprotocol/typescript-sdk#1623\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev1.x npm audit fix by \u003ca href=\"https://github.com/KKonstantinov\"\u003e\u003ccode\u003e@​KKonstantinov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1780\"\u003emodelcontextprotocol/typescript-sdk#1780\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev1.x \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1623\"\u003e#1623\u003c/a\u003e follow up -add missing types to package.json by \u003ca href=\"https://github.com/KKonstantinov\"\u003e\u003ccode\u003e@​KKonstantinov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1773\"\u003emodelcontextprotocol/typescript-sdk#1773\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[v1.x backport] Allow servers / clients to advertise extensions in the capability object by \u003ca href=\"https://github.com/localden\"\u003e\u003ccode\u003e@​localden\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1811\"\u003emodelcontextprotocol/typescript-sdk#1811\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(stdio): always set windowsHide on Windows, not just in Electron by \u003ca href=\"https://github.com/jnMetaCode\"\u003e\u003ccode\u003e@​jnMetaCode\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1640\"\u003emodelcontextprotocol/typescript-sdk#1640\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: bump version to 1.29.0 by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1820\"\u003emodelcontextprotocol/typescript-sdk#1820\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tdraier\"\u003e\u003ccode\u003e@​tdraier\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1623\"\u003emodelcontextprotocol/typescript-sdk#1623\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jnMetaCode\"\u003e\u003ccode\u003e@​jnMetaCode\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1640\"\u003emodelcontextprotocol/typescript-sdk#1640\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/v1.28.0...v1.29.0\"\u003ehttps://github.com/modelcontextprotocol/typescript-sdk/compare/v1.28.0...v1.29.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.28.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: use scopes_supported from resource metadata by default (fixes \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/580\"\u003e#580\u003c/a\u003e) by \u003ca href=\"https://github.com/antogyn\"\u003e\u003ccode\u003e@​antogyn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/757\"\u003emodelcontextprotocol/typescript-sdk#757\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[v1.x backport] Default to client_secret_basic when server omits token_endpoint_auth_methods_supported by \u003ca href=\"https://github.com/pcarleton\"\u003e\u003ccode\u003e@​pcarleton\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1611\"\u003emodelcontextprotocol/typescript-sdk#1611\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: reject plain JSON Schema objects passed as inputSchema by \u003ca href=\"https://github.com/tiluckdave\"\u003e\u003ccode\u003e@​tiluckdave\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1596\"\u003emodelcontextprotocol/typescript-sdk#1596\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: clear _timeoutInfo in _onclose() and scope .finally() abort controller cleanup by \u003ca href=\"https://github.com/pcarleton\"\u003e\u003ccode\u003e@​pcarleton\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1462\"\u003emodelcontextprotocol/typescript-sdk#1462\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(server/auth): RFC 8252 loopback port relaxation by \u003ca href=\"https://github.com/poteat\"\u003e\u003ccode\u003e@​poteat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1738\"\u003emodelcontextprotocol/typescript-sdk#1738\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: bump version to 1.28.0 by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1746\"\u003emodelcontextprotocol/typescript-sdk#1746\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/antogyn\"\u003e\u003ccode\u003e@​antogyn\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/757\"\u003emodelcontextprotocol/typescript-sdk#757\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tiluckdave\"\u003e\u003ccode\u003e@​tiluckdave\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1596\"\u003emodelcontextprotocol/typescript-sdk#1596\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/poteat\"\u003e\u003ccode\u003e@​poteat\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1738\"\u003emodelcontextprotocol/typescript-sdk#1738\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/v1.27.1...v1.28.0\"\u003ehttps://github.com/modelcontextprotocol/typescript-sdk/compare/v1.27.1...v1.28.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.27.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: implement auth/pre-registration conformance scenario by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1545\"\u003emodelcontextprotocol/typescript-sdk#1545\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: add governance documentation for SEP-1730 by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1547\"\u003emodelcontextprotocol/typescript-sdk#1547\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: comprehensive feature documentation for SEP-1730 Tier 1 by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1548\"\u003emodelcontextprotocol/typescript-sdk#1548\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: prevent command injection in example URL opening (v1.x backport) by \u003ca href=\"https://github.com/maxisbey\"\u003e\u003ccode\u003e@​maxisbey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1579\"\u003emodelcontextprotocol/typescript-sdk#1579\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: call onerror for silently swallowed transport errors by \u003ca href=\"https://github.com/qing-ant\"\u003e\u003ccode\u003e@​qing-ant\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1580\"\u003emodelcontextprotocol/typescript-sdk#1580\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: bump version to 1.27.1 by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1581\"\u003emodelcontextprotocol/typescript-sdk#1581\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qing-ant\"\u003e\u003ccode\u003e@​qing-ant\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1580\"\u003emodelcontextprotocol/typescript-sdk#1580\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/v1.27.0...v1.27.1\"\u003ehttps://github.com/modelcontextprotocol/typescript-sdk/compare/v1.27.0...v1.27.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.27.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/e12cbd7078db388152f6e839abdbe09ba01f3f32\"\u003e\u003ccode\u003ee12cbd7\u003c/code\u003e\u003c/a\u003e chore: bump version to 1.29.0 (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1820\"\u003e#1820\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/3913fd4443a86536155e3ebef9edd2045c372c1e\"\u003e\u003ccode\u003e3913fd4\u003c/code\u003e\u003c/a\u003e fix(stdio): always set windowsHide on Windows, not just in Electron (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1640\"\u003e#1640\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/5608e78dd0d4ca6cd7dd03278419578f1780365a\"\u003e\u003ccode\u003e5608e78\u003c/code\u003e\u003c/a\u003e [v1.x backport] Allow servers / clients to advertise extensions in the capabi...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/7213816788e634ffb9d09affe50f0295093bfb73\"\u003e\u003ccode\u003e7213816\u003c/code\u003e\u003c/a\u003e v1.x \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1623\"\u003e#1623\u003c/a\u003e follow up -add missing types to package.json (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1773\"\u003e#1773\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/364f38ca2d8895aed7c37b7a0a1031bb7ae4841c\"\u003e\u003ccode\u003e364f38c\u003c/code\u003e\u003c/a\u003e v1.x npm audit fix (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1780\"\u003e#1780\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/c95cc0943b045517e4cc414baf1f168b216c3142\"\u003e\u003ccode\u003ec95cc09\u003c/code\u003e\u003c/a\u003e Add typings exports (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1623\"\u003e#1623\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/ddadaa6cc633fb5db0c094bf031b15b68a357820\"\u003e\u003ccode\u003eddadaa6\u003c/code\u003e\u003c/a\u003e [v1.x] fix: add missing size field to ResourceSchema (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1575\"\u003e#1575\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/2a158513028d9f862c4188b6957e78cd5663f26b\"\u003e\u003ccode\u003e2a15851\u003c/code\u003e\u003c/a\u003e [v1.x] fix: disallow null (infinite) requested TTL (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1339\"\u003e#1339\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/13e30f1d36de8442417fec695983bdb155c00768\"\u003e\u003ccode\u003e13e30f1\u003c/code\u003e\u003c/a\u003e fix: treat v1.x as primary branch for npm latest tag (backport \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1577\"\u003e#1577\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1749\"\u003e#1749\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/a0565695218544fc53e99bf5b544a887d373cefa\"\u003e\u003ccode\u003ea056569\u003c/code\u003e\u003c/a\u003e chore: bump version to 1.28.0 (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1746\"\u003e#1746\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/1.15.1...v1.29.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~pcarleton\"\u003epcarleton\u003c/a\u003e, a new releaser for \u003ccode\u003e@​modelcontextprotocol/sdk\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `diff` from 7.0.0 to 9.0.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kpdecker/jsdiff/blob/master/release-notes.md\"\u003ediff's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e9.0.0\u003c/h2\u003e\n\u003cp\u003e(All changes part of PR \u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/672\"\u003e#672\u003c/a\u003e.)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eES5 support is dropped\u003c/strong\u003e. \u003ccode\u003eparsePatch\u003c/code\u003e now uses \u003ccode\u003eTextDecoder\u003c/code\u003e and \u003ccode\u003eUint8Array\u003c/code\u003e, which are not available in ES5, and TypeScript is now compiled with the \u0026quot;es6\u0026quot; \u003ccode\u003etarget\u003c/code\u003e. From now on, I intend to freely use any features that are deemed \u0026quot;Widely available\u0026quot; by \u003ca href=\"https://web.dev/baseline\"\u003eBaseline\u003c/a\u003e. Users who need ES5 support should stick to version 8.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eC-style quoted strings in filename headers are now properly supported\u003c/strong\u003e.\u003c/p\u003e\n\u003cp\u003eWhen the name of either the old or new file in a patch contains \u0026quot;special characters\u0026quot;, both GNU \u003ccode\u003ediff\u003c/code\u003e and Git quote the filename in the patch's headers and escape special characters using the same escape sequences that are used in string literals in C, including octal escapes for all non-ASCII characters. Previously, jsdiff had very little support for this; \u003ccode\u003eparsePatch\u003c/code\u003e would remove the quotes, and unescape any escaped backslashes, but would not unescape other escape sequences. \u003ccode\u003eformatPatch\u003c/code\u003e, meanwhile, did not quote or escape special characters at all.\u003c/p\u003e\n\u003cp\u003eNow, \u003ccode\u003eparsePatch\u003c/code\u003e parses all the possible escape sequences that GNU diff (or Git) ever output, and \u003ccode\u003eformatPatch\u003c/code\u003e quotes and escapes filenames containing special characters in the same way GNU diff does.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003eformatPatch\u003c/code\u003e now omits file headers when \u003ccode\u003eoldFileName\u003c/code\u003e or \u003ccode\u003enewFileName\u003c/code\u003e in the provided patch object are \u003ccode\u003eundefined\u003c/code\u003e\u003c/strong\u003e, regardless of the \u003ccode\u003eheaderOptions\u003c/code\u003e parameter. (Previously, it would treat the absence of \u003ccode\u003eoldFileName\u003c/code\u003e or \u003ccode\u003enewFileName\u003c/code\u003e as indicating the filename was the word \u0026quot;undefined\u0026quot; and emit headers \u003ccode\u003e--- undefined\u003c/code\u003e / \u003ccode\u003e+++ undefined\u003c/code\u003e.)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003eformatPatch\u003c/code\u003e no longer outputs trailing tab characters at the end of \u003ccode\u003e---\u003c/code\u003e/\u003ccode\u003e+++\u003c/code\u003e headers.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003ePreviously, if \u003ccode\u003eformatPatch\u003c/code\u003e was passed a patch object to serialize that had empty strings for the \u003ccode\u003eoldHeader\u003c/code\u003e or \u003ccode\u003enewHeader\u003c/code\u003e property, it would include a trailing tab character after the filename in the \u003ccode\u003e---\u003c/code\u003e and/or \u003ccode\u003e+++\u003c/code\u003e file header. Now, this scenario is treated the same as when \u003ccode\u003eoldHeader\u003c/code\u003e/\u003ccode\u003enewHeader\u003c/code\u003e is \u003ccode\u003eundefined\u003c/code\u003e - i.e. the trailing tab is omitted.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003eformatPatch\u003c/code\u003e no longer mutates its input\u003c/strong\u003e when serializing a patch containing a hunk where either the old or new content contained zero lines. (Such a hunk occurs only when the hunk has no context lines and represents a pure insertion or pure deletion, which for instance will occur whenever one of the two files being diffed is completely empty.) Previously \u003ccode\u003eformatPatch\u003c/code\u003e would provide the correct output but also mutate the \u003ccode\u003eoldLines\u003c/code\u003e or \u003ccode\u003enewLines\u003c/code\u003e property on the hunk, changing the meaning of the underlying patch.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eGit-style patches are now supported by \u003ccode\u003eparsePatch\u003c/code\u003e, \u003ccode\u003eformatPatch\u003c/code\u003e, and \u003ccode\u003ereversePatch\u003c/code\u003e\u003c/strong\u003e.\u003c/p\u003e\n\u003cp\u003ePatches output by \u003ccode\u003egit diff\u003c/code\u003e can include some features that are unlike those output by GNU \u003ccode\u003ediff\u003c/code\u003e, and therefore not handled by an ordinary unified diff format parser. An ordinary diff simply describes the differences between the \u003cem\u003econtent\u003c/em\u003e of two files, but Git diffs can also indicate, via \u0026quot;extended headers\u0026quot;, the creation or deletion of (potentially empty) files, indicate that a file was renamed, and contain information about file mode changes. Furthermore, when these changes appear in a diff in the absence of a content change (e.g. when an empty file is created, or a file is renamed without content changes), the patch will contain no associated \u003ccode\u003e---\u003c/code\u003e/\u003ccode\u003e+++\u003c/code\u003e file headers nor any hunks.\u003c/p\u003e\n\u003cp\u003ejsdiff previously did not support parsing Git's extended headers, nor hunkless patches. Now \u003ccode\u003eparsePatch\u003c/code\u003e parses some of the extended headers, parses hunkless Git patches, and can determine filenames (e.g. from the extended headers) when parsing a patch that includes no \u003ccode\u003e---\u003c/code\u003e or \u003ccode\u003e+++\u003c/code\u003e file headers. The additional information conveyed by the extended headers we support is recorded on new fields on the result object returned by \u003ccode\u003eparsePatch\u003c/code\u003e. See \u003ccode\u003eisGit\u003c/code\u003e and subsequent properties in the docs in the README.md file.\u003c/p\u003e\n\u003cp\u003e\u003ccode\u003eformatPatch\u003c/code\u003e now outputs extended headers based on these new Git-specific properties, and \u003ccode\u003ereversePatch\u003c/code\u003e respects them as far as possible (with one unavoidable caveat noted in the README.md file).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eUnpaired file headers now cause \u003ccode\u003eparsePatch\u003c/code\u003e to throw\u003c/strong\u003e.\u003c/p\u003e\n\u003cp\u003eIt remains acceptable to have a patch with no file headers whatsoever (e.g. one that begins with a \u003ccode\u003e@@\u003c/code\u003e hunk header on the very first line), but a patch with \u003cem\u003eonly\u003c/em\u003e a \u003ccode\u003e---\u003c/code\u003e header or only a \u003ccode\u003e+++\u003c/code\u003e header is now considered an error.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003eparsePatch\u003c/code\u003e is now more tolerant of \u0026quot;trailing garbage\u0026quot;\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eThat is: after a patch, or between files/indexes in a patch, it is now acceptable to have arbitrary lines of \u0026quot;garbage\u0026quot; (so long as they unambiguously have no syntactic meaning - e.g. trailing garbage that leads with a \u003ccode\u003e+\u003c/code\u003e, \u003ccode\u003e-\u003c/code\u003e, or \u003ccode\u003e \u003c/code\u003e and thus is interpretable as part of a hunk still triggers a throw).\u003c/p\u003e\n\u003cp\u003eThis means we no longer reject patches output by tools that include extra data in \u0026quot;garbage\u0026quot; lines not understood by generic unified diff parsers. (For example, SVN patches can include \u0026quot;Property changes on:\u0026quot; lines that generic unified diff parsers should discard as garbage; jsdiff previously threw errors when encountering them.)\u003c/p\u003e\n\u003cp\u003eThis change brings jsdiff's behaviour more in line with GNU \u003ccode\u003epatch\u003c/code\u003e, which is highly permissive of \u0026quot;garbage\u0026quot;.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eThe \u003ccode\u003eoldFileName\u003c/code\u003e and \u003ccode\u003enewFileName\u003c/code\u003e fields of \u003ccode\u003eStructuredPatch\u003c/code\u003e are now typed as \u003ccode\u003estring | undefined\u003c/code\u003e instead of \u003ccode\u003estring\u003c/code\u003e\u003c/strong\u003e. This type change reflects the (pre-existing) reality that \u003ccode\u003eparsePatch\u003c/code\u003e can produce patches without filenames (e.g. when parsing a patch that simply contains hunks with no file headers).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.0.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/667\"\u003e#667\u003c/a\u003e - \u003cstrong\u003efix another bug in \u003ccode\u003ediffWords\u003c/code\u003e when used with an \u003ccode\u003eIntl.Segmenter\u003c/code\u003e\u003c/strong\u003e. If the text to be diffed included a combining mark after a whitespace character (i.e. roughly speaking, an accented space), \u003ccode\u003ediffWords\u003c/code\u003e would previously crash. Now this case is handled correctly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.0.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/631\"\u003e#631\u003c/a\u003e - \u003cstrong\u003efix support for using an \u003ccode\u003eIntl.Segmenter\u003c/code\u003e with \u003ccode\u003ediffWords\u003c/code\u003e\u003c/strong\u003e. This has been almost completely broken since the feature was added in v6.0.0, since it would outright crash on any text that featured two consecutive newlines between a pair of words (a very common case).\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/635\"\u003e#635\u003c/a\u003e - \u003cstrong\u003esmall tweaks to tokenization behaviour of \u003ccode\u003ediffWords\u003c/code\u003e\u003c/strong\u003e when used \u003cem\u003ewithout\u003c/em\u003e an \u003ccode\u003eIntl.Segmenter\u003c/code\u003e. Specifically, the soft hyphen (U+00AD) is no longer considered to be a word break, and the multiplication and division signs (\u003ccode\u003e×\u003c/code\u003e and \u003ccode\u003e÷\u003c/code\u003e) are now treated as punctuation instead of as letters / word characters.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/ed13aca03aa25735fafc0645d1185e7a1c68fd8c\"\u003e\u003ccode\u003eed13aca\u003c/code\u003e\u003c/a\u003e Update version in package.json and in release notes (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/683\"\u003e#683\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/7a49317b503a932b88fc72ad9c57a481df038e24\"\u003e\u003ccode\u003e7a49317\u003c/code\u003e\u003c/a\u003e Bump dependencies again (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/682\"\u003e#682\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/afe5aecad189c9f5941ad3feb3c94c46b32ecb0a\"\u003e\u003ccode\u003eafe5aec\u003c/code\u003e\u003c/a\u003e Add Git support, and otherwise variously improve \u0026amp; fix parsePatch (and other ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/2e46779d8866ce7da1303a03db33ed038590c6f6\"\u003e\u003ccode\u003e2e46779\u003c/code\u003e\u003c/a\u003e Fix a typo (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/679\"\u003e#679\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/dd2f99497703a1540b2ae406b51c49b74b5fc1a1\"\u003e\u003ccode\u003edd2f994\u003c/code\u003e\u003c/a\u003e 8.0.4 release (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/678\"\u003e#678\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/3cc438434db53c5d1c40412b727ea7650f6f145a\"\u003e\u003ccode\u003e3cc4384\u003c/code\u003e\u003c/a\u003e Update docs on releasing to reflect migration to yarn berry (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/677\"\u003e#677\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/6fc2aa6b7672af08774b50aae00d97b99c5b5715\"\u003e\u003ccode\u003e6fc2aa6\u003c/code\u003e\u003c/a\u003e yarn up '*' \u0026amp;\u0026amp; yarn up -R '**' (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/676\"\u003e#676\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/af7393ac3404565dc8da655c2e7aeeed28c01ff7\"\u003e\u003ccode\u003eaf7393a\u003c/code\u003e\u003c/a\u003e yarn up '*' \u0026amp;\u0026amp; yarn up -R '**' (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/670\"\u003e#670\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/4b5d1800370bf29b61a3378fb8086aeb231d3ef7\"\u003e\u003ccode\u003e4b5d180\u003c/code\u003e\u003c/a\u003e Fix another bug in diffWords's \u0026quot;intlSegmenter\u0026quot; mode (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/667\"\u003e#667\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/10da50c466709e7bd4b192dac96af0af46f8b7bd\"\u003e\u003ccode\u003e10da50c\u003c/code\u003e\u003c/a\u003e yarn up '*' \u0026amp;\u0026amp; yarn up -R '**' (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/666\"\u003e#666\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kpdecker/jsdiff/compare/7.0.0...v9.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `undici` from 7.10.0 to 7.25.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodejs/undici/releases\"\u003eundici's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.25.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.24.8...v7.25.0\"\u003ehttps://github.com/nodejs/undici/compare/v7.24.8...v7.25.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.24.8\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: backport 401 stream-backed body fix to v7.x by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/5006\"\u003enodejs/undici#5006\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.24.7...v7.24.8\"\u003ehttps://github.com/nodejs/undici/compare/v7.24.7...v7.24.8\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.24.7\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: update broken links in file \u0026quot;Dispatcher.md\u0026quot; by \u003ca href=\"https://github.com/samuel871211\"\u003e\u003ccode\u003e@​samuel871211\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4924\"\u003enodejs/undici#4924\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edoc: remove unused parameter \u003ccode\u003eredirectionLimitReached\u003c/code\u003e by \u003ca href=\"https://github.com/samuel871211\"\u003e\u003ccode\u003e@​samuel871211\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4933\"\u003enodejs/undici#4933\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: skip flaky macOS Node 20 cookie fetch cases by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4932\"\u003enodejs/undici#4932\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(types): align Response with DOM fetch types by \u003ca href=\"https://github.com/theamodhshetty\"\u003e\u003ccode\u003e@​theamodhshetty\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4867\"\u003enodejs/undici#4867\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(types): Fix clone method type declaration to be an instance method rather than instance property by \u003ca href=\"https://github.com/mistval\"\u003e\u003ccode\u003e@​mistval\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4925\"\u003enodejs/undici#4925\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: skip IPv6 tests when IPv6 is not available by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4939\"\u003enodejs/undici#4939\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: correctly handle multi-value rawHeaders in fetch by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4938\"\u003enodejs/undici#4938\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eignore AGENTS.md by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4942\"\u003enodejs/undici#4942\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/samuel871211\"\u003e\u003ccode\u003e@​samuel871211\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4924\"\u003enodejs/undici#4924\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mistval\"\u003e\u003ccode\u003e@​mistval\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4925\"\u003enodejs/undici#4925\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.24.6...v7.24.7\"\u003ehttps://github.com/nodejs/undici/compare/v7.24.6...v7.24.7\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.24.6\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(test): client wasm compatible with clang 22 by \u003ca href=\"https://github.com/rozzilla\"\u003e\u003ccode\u003e@​rozzilla\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4909\"\u003enodejs/undici#4909\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(mock): improve error message when intercepts are exhausted by \u003ca href=\"https://github.com/travisbreaks\"\u003e\u003ccode\u003e@​travisbreaks\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4912\"\u003enodejs/undici#4912\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(websocket): support open diagnostics over h2 by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4921\"\u003enodejs/undici#4921\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: assume http/https scheme for scheme-less proxy env vars by \u003ca href=\"https://github.com/travisbreaks\"\u003e\u003ccode\u003e@​travisbreaks\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4914\"\u003enodejs/undici#4914\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(cache): check Authorization on request headers per RFC 9111 §3.5 by \u003ca href=\"https://github.com/metalix2\"\u003e\u003ccode\u003e@​metalix2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4911\"\u003enodejs/undici#4911\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: wrap kConnector call in try/catch to prevent client hang by \u003ca href=\"https://github.com/veeceey\"\u003e\u003ccode\u003e@​veeceey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4834\"\u003enodejs/undici#4834\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: clarify fetch and FormData pairing by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4922\"\u003enodejs/undici#4922\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: support Connection header with connection-specific header names per RFC 7230 by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4775\"\u003enodejs/undici#4775\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: avoid prototype collisions in parseHeaders by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4923\"\u003enodejs/undici#4923\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump typescript from 5.9.3 to 6.0.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4926\"\u003enodejs/undici#4926\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: auto-init WPT submodule by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4930\"\u003enodejs/undici#4930\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rozzilla\"\u003e\u003ccode\u003e@​rozzilla\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4909\"\u003enodejs/undici#4909\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/veeceey\"\u003e\u003ccode\u003e@​veeceey\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4834\"\u003enodejs/undici#4834\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.24.5...v7.24.6\"\u003ehttps://github.com/nodejs/undici/compare/v7.24.5...v7.24.6\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/12d9045923b7caebb1ae6975ef34c29dbcfd95d0\"\u003e\u003ccode\u003e12d9045\u003c/code\u003e\u003c/a\u003e Bumped v7.25.0 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/5025\"\u003e#5025\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/7a6f7febb30a30748a04f38c21e3641c77d21b0e\"\u003e\u003ccode\u003e7a6f7fe\u003c/code\u003e\u003c/a\u003e Bumped v7.24.8 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/5020\"\u003e#5020\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/1f85ae4b27ed6401e7ccc35eb546ad2e5976121f\"\u003e\u003ccode\u003e1f85ae4\u003c/code\u003e\u003c/a\u003e fix: avoid 401 failures for stream-backed request bodies (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4941\"\u003e#4941\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/5006\"\u003e#5006\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/c6610674dfad7c205ddf0f27831133973ad7894e\"\u003e\u003ccode\u003ec661067\u003c/code\u003e\u003c/a\u003e chore: update v7.x maintenance release flow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/84f23e2a19cd0f585579c4257d801e4ec2d65dbd\"\u003e\u003ccode\u003e84f23e2\u003c/code\u003e\u003c/a\u003e Bumped v7.24.7 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4947\"\u003e#4947\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/a770b1033201984b9e8082a9bf955414bff5dc2e\"\u003e\u003ccode\u003ea770b10\u003c/code\u003e\u003c/a\u003e ignore AGENTS.md (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4942\"\u003e#4942\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/6acd19beaf67c1a2d07bcd38f40d0b751a81e7cc\"\u003e\u003ccode\u003e6acd19b\u003c/code\u003e\u003c/a\u003e fix: correctly handle multi-value rawHeaders in fetch (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4938\"\u003e#4938\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/1da1c747c7d6e01b93ab295e0efb86623f3c8e06\"\u003e\u003ccode\u003e1da1c74\u003c/code\u003e\u003c/a\u003e test: skip IPv6 tests when IPv6 is not available (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4939\"\u003e#4939\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/04cb77327f7ada95c2e5b67424cddcb22d7bf882\"\u003e\u003ccode\u003e04cb773\u003c/code\u003e\u003c/a\u003e fix(types): Fix clone method type declaration to be an instance method rather...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/5145a7c47080d1715b2723591def3a75b0c3ba63\"\u003e\u003ccode\u003e5145a7c\u003c/code\u003e\u003c/a\u003e fix(types): align Response with DOM fetch types (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4867\"\u003e#4867\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nodejs/undici/compare/v7.10.0...v7.25.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for undici since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ajv` from 8.17.1 to 8.18.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ajv-validator/ajv/releases\"\u003eajv's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.18.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: allow tree-shaking by adding \u003ccode\u003e\u0026quot;sideEffects\u0026quot;: false\u003c/code\u003e to \u003ccode\u003epackage.json\u003c/code\u003e by \u003ca href=\"https://github.com/josdejong\"\u003e\u003ccode\u003e@​josdejong\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2480\"\u003eajv-validator/ajv#2480\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2482\"\u003e#2482\u003c/a\u003e Infinity and NaN serialise to null by \u003ca href=\"https://github.com/jasoniangreen\"\u003e\u003ccode\u003e@​jasoniangreen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2487\"\u003eajv-validator/ajv#2487\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: small grammatical error in managing-schemas.md by \u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2508\"\u003eajv-validator/ajv#2508\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: typos in schema-language.md by \u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2507\"\u003eajv-validator/ajv#2507\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(pattern): use configured RegExp engine with $data keyword to mitigate ReDoS attacks (CVE-2025-69873) by \u003ca href=\"https://github.com/epoberezkin\"\u003e\u003ccode\u003e@​epoberezkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2586\"\u003eajv-validator/ajv#2586\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/josdejong\"\u003e\u003ccode\u003e@​josdejong\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2480\"\u003eajv-validator/ajv#2480\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2508\"\u003eajv-validator/ajv#2508\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0\"\u003ehttps://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/142ce84b807c4fe66e619c22480a28d0e4bd50fa\"\u003e\u003ccode\u003e142ce84\u003c/code\u003e\u003c/a\u003e 8.18.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/720a23fa453ffae8340e92c9b0fe886c54cfe0d5\"\u003e\u003ccode\u003e720a23f\u003c/code\u003e\u003c/a\u003e fix(pattern): use configured RegExp engine with $data keyword to mitigate ReD...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/82735a15826a30cc51e97a1bbfb59b3d388e4b98\"\u003e\u003ccode\u003e82735a1\u003c/code\u003e\u003c/a\u003e fix: typos in schema-language.md (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2507\"\u003e#2507\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/b17ec32cd97542e90ae27231d8a8bce88b9e53b6\"\u003e\u003ccode\u003eb17ec32\u003c/code\u003e\u003c/a\u003e fix: small grammatical error in managing-schemas.md (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2508\"\u003e#2508\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/69568d08564303e2c32a2de61feb833b41075f96\"\u003e\u003ccode\u003e69568d0\u003c/code\u003e\u003c/a\u003e fix: \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2482\"\u003e#2482\u003c/a\u003e Infinity and NaN serialise to null (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2487\"\u003e#2487\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/f06766f33ed7291f84c19f22a1286a34475fbdaf\"\u003e\u003ccode\u003ef06766f\u003c/code\u003e\u003c/a\u003e feat: allow tree-shaking by adding ``\u0026quot;sideEffects\u0026quot;: false\u003ccode\u003eto\u003c/code\u003epackage.json` ...\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fast-uri` from 3.0.6 to 3.1.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastify/fast-uri/releases\"\u003efast-uri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.1.2\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc\"\u003ehttps://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHandle malformed fragment decoding as a parse error by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/171\"\u003efastify/fast-uri#171\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.1.1...v3.1.2\"\u003ehttps://github.com/fastify/fast-uri/compare/v3.1.1...v3.1.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.1\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6\"\u003ehttps://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps-dev): bump tsd from 0.32.0 to 0.33.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/148\"\u003efastify/fast-uri#148\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/149\"\u003efastify/fast-uri#149\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(.npmrc): ignore scripts by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/150\"\u003efastify/fast-uri#150\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): remove \u003ccode\u003e@​fastify/pre-commit\u003c/code\u003e by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/151\"\u003efastify/fast-uri#151\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-node from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/152\"\u003efastify/fast-uri#152\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(ci): add concurrency config by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/153\"\u003efastify/fast-uri#153\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-node from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/154\"\u003efastify/fast-uri#154\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/156\"\u003efastify/fast-uri#156\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(license): standardise license notice by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/159\"\u003efastify/fast-uri#159\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003estyle: remove trailing whitespace by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/161\"\u003efastify/fast-uri#161\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: remove unused github files by \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/162\"\u003efastify/fast-uri#162\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: update readme by \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/164\"\u003efastify/fast-uri#164\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump fastify/workflows/.github/workflows/plugins-ci-package-manager.yml from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/165\"\u003efastify/fast-uri#165\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/166\"\u003efastify/fast-uri#166\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump neostandard from 0.12.2 to 0.13.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/167\"\u003efastify/fast-uri#167\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add lock-threads workflow by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/169\"\u003efastify/fast-uri#169\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/162\"\u003efastify/fast-uri#162\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.1\"\u003ehttps://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eci: remove master branch support by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/126\"\u003efastify/fast-uri#126\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(test) remove .gitkeep by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/128\"\u003efastify/fast-uri#128\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(ci): set job permissions by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/129\"\u003efastify/fast-uri#129\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: set permissions at workflow level by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/131\"\u003efastify/fast-uri#131\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: set workflow permissions to read-only by default by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/132\"\u003efastify/fast-uri#132\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(ci): restore job level permissions by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/133\"\u003efastify/fast-uri#133\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump tsd from 0.31.2 to 0.32.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/134\"\u003efastify/fast-uri#134\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(ci): pin actions to commit-hash by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/135\"\u003efastify/fast-uri#135\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add node 24 to test matrix by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/136\"\u003efastify/fast-uri#136\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/919dd8ea7689fcc220d0d9b71307f5095e723ef9\"\u003e\u003ccode\u003e919dd8e\u003c/code\u003e\u003c/a\u003e Bumped v3.1.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/c65ba573714af6b8e19e481d9444c27bc4355d07\"\u003e\u003ccode\u003ec65ba57\u003c/code\u003e\u003c/a\u003e fixup: linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/com...\n\n_Description has been truncated_","html_url":"https://github.com/balajirajput96/gemini-cli/pull/26","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/balajirajput96%2Fgemini-cli/issues/26","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/26/packages"}}]}